The original post: /r/cybersecurity by /u/Traut on 2024-11-14 15:31:24.
While building a SOC metrics template (a blog post here), I made some JQ functions to handle all the calculations directly on Elastic Security data. These cover
- calculating MTTR based on
workflow\_status\_updated\_atandstatusfields of the alert obj - computing SLA % based on the pre-set hour limits per severity
- computing alert load per analyst based on pre-set shifts
The funcs do not require you to use BlackStork Fabric, they are standalone JQ funcs.
Code on GitHub — https://github.com/blackstork-io/fabric-templates/blob/main/cybersec/secops/soc-weekly-activity-overview-elastic-security.utils.jq
You must log in or register to comment.