This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Dashboard for time between logging and detections firing

Posted on 03-01-2023 12:41 PM
Andrew_Malone
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Does anyone have any advice on how you could create a dashboard to see the average amount of time between the initial log time and a detection firing based off of that log? If possible I would like to see the distributions of time based on log source as well.

0 3 354
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
shakedtal
Staff
Reply posted on --/--/---- --:-- AM

Hi @Andrew_Malone I think that you will find the post written by the amazing @cmmartin_google very helpful - https://medium.com/@thatsiemguy/monitoring-detection-rule-latency-in-chronicle-siem-43adbb7f08dd

Please let me know if you have any additional questions.

Posted on --/--/---- --:-- AM
Andrew_Malone
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thank you for passing along, that was a great read.


Posted on --/--/---- --:-- AM
shakedtal
Staff
Reply posted on --/--/---- --:-- AM

Happy to hear ๐Ÿ˜Š

0 Likes
Top Solution Authors
View all