Many have already been taking advantage of the SOC operation metrics in the SecurityIncident table for Azure Sentinel. This table provides overall efficiency metrics and measures to gauge the performance of your team.
Every time you create or update an incident, a new log entry will be added to the table. This allows you to track the changes made to incidents, and allows for even more powerful SOC metrics, but you need to be mindful of this when constructing queries for this table as you may need to remove duplicate entries for an incident (dependent on the exact query you are running).
Announced in public preview in August of last year, this table is now released to GA, so very shortly the following statement will be updated on the DOCS page:
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]
You must log in to post a comment.