Does anyone have any advice on how you could create a dashboard to see the average amount of time between the initial log time and a detection firing based off of that log? If possible I would like to see the distributions of time based on log source as well.
Dashboard for time between logging and detections firing
+2
Hi @Andrew_Malone I think that you will find the post written by the amazing @cmmartin_google very helpful - https://medium.com/@thatsiemguy/monitoring-detection-rule-latency-in-chronicle-siem-43adbb7f08dd
Please let me know if you have any additional questions.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.