Does anyone have any advice on how you could create a dashboard to see the average amount of time between the initial log time and a detection firing based off of that log? If possible I would like to see the distributions of time based on log source as well.
Page 1 / 1
Hi @Andrew_Malone I think that you will find the post written by the amazing @cmmartin_google very helpful - https://medium.com/@thatsiemguy/monitoring-detection-rule-latency-in-chronicle-siem-43adbb7f08dd
Please let me know if you have any additional questions.
Thank you for passing along, that was a great read.
Happy to hear 
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.