Hello,
Iβm implementing SLA tracking for Cases in Google SecOps and would like to understand the best practice for building dashboards.
My SLA logic includes:
-
Time to analyst assignment (unassigned β assigned)
-
Identification of SLA-breached cases
-
Visibility at both case level and analyst level
Currently, I donβt see native SLA fields for Cases, so SLA is derived from case metadata (Created Time, Owner, Status).
Questions:
-
What is the recommended way to build dashboards showing:
-
Cases that breached SLA
-
SLA compliance per analyst
-
-
Are SecOps dashboards expected to rely only on:
-
Case filters and saved views?
-
Case-based rules and tags?
-
-
For analyst-level SLA metrics, is exporting to BigQuery the recommended approach?
Thanks for any guidance or examples.