icon-zws.svg
Workflow Automation

About the Incident Analytics Dashboard

The Incident Analytics dashboard gives high-level visibility and insight into your organization's Data Loss Prevention (DLP) incidents. It allows you to monitor and analyze the incident data from a single location at an organizational level. This dashboard provides a variety of information about the incidents over a specified time frame, such as the time taken to triage and resolve incidents, previous and current incident counts, and the cumulative number of new and resolved incidents, etc.

Through this dashboard, admins with full workflow access can monitor all the incidents that occurred in the organization and view the list of admins responsible for those incidents. Admins with restricted workflow access can only monitor the incidents assigned to them. They can't view the incidents assigned to other admins.

The Incident Analytics dashboard provides the following benefits and enables you to:

  • View a summary of DLP incidents that have occurred in your organization.
  • View, monitor, and analyze incidents from a single location.
  • Take appropriate actions based on the data displayed on the dashboard about the incidents.
  • Discover insights about the processing and remediation of the incidents.

About the Incident Analytics Dashboard

On the Incident Analytics dashboard (Dashboard), you can do the following:

  1. Select a time range for what to display on the Incident Analytics dashboard. By default, this page displays incident analytics for the current week. The time range filter applies to all widgets. Time ranges are:
    • Last Day
    • Current Week
    • Last Week
    • Current Month
    • Last Month
    • Custom Date Range
  2. Filter the incident data to show on the dashboard. If you choose the User Name attribute or Client IP attribute for obfuscation, you cannot filter the incident data on the dashboard using these obfuscated attributes. To learn more about obfuscation settings, see Managing Account Settings and Managing Admin Assignments.
  3. Reset all the applied filters.
  4. Export the incident analytics to a PDF file. You can export all incident analytics available on the page, or use the filter criteria to modify the incident analytics displayed on the page and then export that information.
  5. View the following information about your incidents:
    • Open: The number of open incidents for the selected time range.
    • Resolved: The number of resolved incidents for the selected time range.
    • New Incident Rate (Per Day): The rate of new incidents per day for the selected time range.
    • Resolved Incident Rate (Per Day): The rate of resolved incidents per day for the selected time range.
  6. View analytics information about your incidents in the following widgets:

    • Displays a bar chart of the time taken to triage and resolve incidents for the selected time range. The chart shows the following data:

      • Time to Triage: The time taken in hours from the occurrence of an incident to its assignment to an admin.
      • Time to Resolve: The time taken in hours for the admin to mark an incident as resolved.

      On the chart, the darker blue bars signify the current incident time, and the lighter blue bars signify the previous incident time. The actual time is displayed at the top of each bar in hours. You can also hover over the bars to view the current and previous incidents.

      Close

    • Displays a bar chart of the incidents by their status for the selected time range. The chart shows the following statuses:

      • New
      • Open
      • Escalated
      • Resolved

      On the chart, the darker blue bars signify the current incident count, and the lighter blue bars signify the previous incident count. The actual number of incidents is displayed at the top of each bar. You can also hover over the bars to view the current and previous incident counts.

      Close

    • Displays a list of the DLP policy rules with the number of resolved incidents that are marked as false positives for a specific rule. You can also hover over a DLP rule to see the number of incidents associated with that rule.

      Close

    • Displays a list of the DLP dictionaries with the number of resolved incidents that are marked as false positives for a specific dictionary. You can also hover over a DLP dictionary to see the number of incidents associated with that dictionary.

      Close

    • Displays a Pareto chart with the number of new and resolved incidents for the selected time range. The chart shows the following data:

      • New Incident Count
      • Cumulative New Incident Count
      • Cumulative Resolved Incident Count

      On the chart, the light blue bar shows the count of new incidents, the blue line shows the cumulative new incident count, and the green line shows the cumulative resolved incident count for each day during the selected time range.

      You can also hover over the chart to view the number of new incidents, the cumulative number of new incidents, and the cumulative number of resolved incidents for a specific date.

      Close

    • This table is only available to admins with full workflow access permission.

      Displays a table listing the top DLP admins with the most incidents assigned to them. For each admin, you can view the following information:

      • Assigned Admin: The login ID for the admin.
      • New Incidents: The number of incidents with New status assigned to the admin.
      • Resolved Incidents: The number of incidents that the admin has resolved.
      • Average Resolution Time (Hours): The average time in hours that the admin took to resolve an incident.

      Close

Incident Analytics Dashboard - Viewing Information

Related Article
About the Incident Analytics Dashboard