I'm currently setting up Elastic Security as a single pane of glass for security information and event management. As part of this we have all our alerts being created in the detections pane with the SOC opening/closing cases for their investigations.
We want to start looking at KPIs and metrics around mean time to respond and mean time to resolve, however we are a little stuck on how to do this. Is it possible to create dashboards based on case data?
Ideally i'd like to be able to visualise cases open and closed within a month along with using Vega to make some interesting graphics showing mean time to respond and resolve (timestamp of alert created to timestamp of closure), hopefully being able to colour code these based on their severity and our SLA's (RAG).
Is this something that is possible, or something that's being considered for future release as I feel it would useful to be able to get these metric from within elastic for a total SIEM solution?