Many have already been taking advantage of the SOC operation metrics in the SecurityIncident table for Azure Sentinel. This table provides overall efficiency metrics and measures to gauge the performance of your team.
Every time you create or update an incident, a new log entry will be added to the table. This allows you to track the changes made to incidents, and allows for even more powerful SOC metrics, but you need to be mindful of this when constructing queries for this table as you may need to remove duplicate entries for an incident (dependent on the exact query you are running).
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]