Extending dashboard use cases
With our metrics selected, we can continue implementing new features using data from our detection health dashboards. For enterprises that have a SOAR solution, we can leverage the integration functionalities to extend into response actions. Some examples include disabling correlation searches that are impacting the health of other running SIEM rules or even automatically adjusting rules to acceptable criteria under heavy platform load. Even if your team does not have access to a SOAR, there are still opportunities for automating responses dependent on your detection health or performance with our existing resources:
|
Example Automation |
SOAR Alternative Instrumentation |
|
Disabling excessively alerting rules |
Use a CI/CD pipeline to read the CSV of dashboard metrics and leverage an API with GitHub Actions to disable correlation rules... |
