This report provides a look into the most commonly impacted entities such as
address, destination URLs, and hostnames. It also offers a snapshot of the most
impactful incidents and affected entities.
Prerequisite:
Use the Incident flag for identifying incidents in cases.
Analysts Case Load Tracker
This report provides clarity on the workload that each analyst handles across
your Security Operations at any particular time.
Customer Report
Customer Report is a summary dashboard that provides an overall visibility
across main aspects of your Security Operations Center coverage.
Prerequisites:
Should use Mark as Important flag for identifying important cases.
Should use Incident flag for identifying incidents.
SLA should have been defined for Closure of Cases.
All non-malicious cases are considered false positives in this dashboard.
Executive Dashboard
This dashboard is designed to monitor key performance indicators (KPIs) and
provides a clear summary of all incidents, resolution times, SLA targets, and
additional relevant metrics.
Prerequisites:
Should use Incident flag for identifying Incidents.
SLA should have been defined for Closure of Cases.
Escalated cases should be identified by a Stage Escalated.
Managed Detection and Response Dashboard
This report is designed to track alerts, cases and important SLA information.
This is a compact dashboard, perfect for daily, weekly or monthly report needs.
Prerequisites:
Escalated Cases should be marked by Stage Escalated.
We consider Triage as the time a case was acknowledged.
Monthly Threat Monitoring Report
A monthly report that provides a summary of alerts, products, severities and
more.
MTTX
MTTX is a clean dashboard created for customers who like to track time taken
for specific actions. This report helps you track time from "Case Creation Time"
to "Start/End" of specific incident handling stages. Stages and end/start times
of the report as well as other parameters can be further edited.
Performance Analysis - Analysts Workload
This report provides a clear view of your SOC's workload using alerts and
events distributions, open versus closed cases trends, alert grouping
performance over time, and false positive trends. For detailed information on
this report click
here.
Performance Analysis - Handling times
This report presents the mean time to detect and resolve metrics for alerts
and cases, on multiple cohorts such as teams, alert types and stages, and
provides visibility to your SOC performance. For detailed information on this
report, click
here.
Playbook Analysis
This report provides metrics for automation performance and helps you
understand how automation improves your SOC performance and reduces handling
times. For detailed information on this report,
click here.
ROI Report
This Report is a one-page dashboard created to show how automation is saving
time and effort across your organization. Summary of all automated and manual
actions as well as its distribution across different products is reflected for
more granular visibility.
Security Operations Center Report
This report is mainly designed for clients with multiple tenants (i.e. MSSP).
Switching between different environment metrics as well as specific timestamps
is supported for a more detailed flexibility. Short summary for certain charts
makes it perfect for a weekly or monthly report schedule.
Security Posture and Sensors Performance
This report provides clear visibility to threat status and trends over
time. It also provides insight to sensors' performance trends and false
positive metrics, thereby providing actionable insights for sensors' tuning and
improvement. For detailed information on this report, click
here.
TIER Performance
Overall Clearance Tracker is a dashboard to track case load of your Security
Operations Center across different TIERs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis page details the various advanced SOAR reports available within Google SecOps, offering a range of reporting functionalities for security operations.\u003c/p\u003e\n"],["\u003cp\u003eThe reports cover a wide spectrum of security operations aspects, including alert and entity impact, analyst workload, executive summaries, threat monitoring, and SLA performance.\u003c/p\u003e\n"],["\u003cp\u003eSeveral reports, such as Executive Dashboard and Customer Report, require specific case flagging or SLA configurations to ensure data accuracy and relevance.\u003c/p\u003e\n"],["\u003cp\u003ePerformance Analysis reports delve into analysts' workloads, handling times, and automation performance, providing in-depth metrics on SOC effectiveness.\u003c/p\u003e\n"],["\u003cp\u003eThe Security Operations Center Report and TIER Performance reports are tailored for organizations with multiple tenants or tiered security structures, enabling them to monitor performance across different environments and levels.\u003c/p\u003e\n"]]],[],null,["# Default advanced SOAR reports in depth\n======================================\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \n\n### **Alerts and Entities Report**\n\nThis report provides a look into the most commonly impacted entities such as\naddress, destination URLs, and hostnames. It also offers a snapshot of the most\nimpactful incidents and affected entities.\n\n**Prerequisite:**\n\n- Use the **Incident** flag for identifying incidents in cases.\n\n### **Analysts Case Load Tracker**\n\nThis report provides clarity on the workload that each analyst handles across\nyour Security Operations at any particular time.\n\n### **Customer Report**\n\nCustomer Report is a summary dashboard that provides an overall visibility\nacross main aspects of your Security Operations Center coverage.\n\n**Prerequisites:**\n\n- Should use **Mark as Important** flag for identifying important cases.\n- Should use **Incident** flag for identifying incidents.\n- SLA should have been defined for Closure of Cases.\n- All non-malicious cases are considered false positives in this dashboard.\n\n### **Executive Dashboard**\n\nThis dashboard is designed to monitor key performance indicators (KPIs) and\nprovides a clear summary of all incidents, resolution times, SLA targets, and\nadditional relevant metrics.\n\n**Prerequisites:**\n\n- Should use Incident flag for identifying Incidents.\n- SLA should have been defined for Closure of Cases.\n- Escalated cases should be identified by a **Stage Escalated**.\n\n### **Managed Detection and Response Dashboard**\n\nThis report is designed to track alerts, cases and important SLA information. This is a compact dashboard, perfect for daily, weekly or monthly report needs.\n\n**Prerequisites:**\n\n- Escalated Cases should be marked by **Stage Escalated.**\n- We consider Triage as the time a case was acknowledged.\n\n### **Monthly Threat Monitoring Report**\n\nA monthly report that provides a summary of alerts, products, severities and\nmore.\n\n### **MTTX**\n\nMTTX is a clean dashboard created for customers who like to track time taken\nfor specific actions. This report helps you track time from \"Case Creation Time\"\nto \"Start/End\" of specific incident handling stages. Stages and end/start times\nof the report as well as other parameters can be further edited.\n\n### **Performance Analysis - Analysts Workload**\n\nThis report provides a clear view of your SOC's workload using alerts and\nevents distributions, open versus closed cases trends, alert grouping\nperformance over time, and false positive trends. For detailed information on\nthis report click\n[here.](/chronicle/docs/soar/monitor-and-report/soar-reports/deep-dive-into-four-advanced-reports)\n\n### **Performance Analysis - Handling times**\n\nThis report presents the mean time to detect and resolve metrics for alerts\nand cases, on multiple cohorts such as teams, alert types and stages, and\nprovides visibility to your SOC performance. For detailed information on this\nreport, click\n[here.](/chronicle/docs/soar/monitor-and-report/soar-reports/deep-dive-into-four-advanced-reports)\n\n### **Playbook Analysis**\n\nThis report provides metrics for automation performance and helps you\nunderstand how automation improves your SOC performance and reduces handling\ntimes. For detailed information on this report,\nclick [here.](/chronicle/docs/soar/monitor-and-report/soar-reports/deep-dive-into-four-advanced-reports)\n\n### **ROI Report**\n\nThis Report is a one-page dashboard created to show how automation is saving\ntime and effort across your organization. Summary of all automated and manual\nactions as well as its distribution across different products is reflected for\nmore granular visibility.\n\n### **Security Operations Center Report**\n\nThis report is mainly designed for clients with multiple tenants (i.e. MSSP).\nSwitching between different environment metrics as well as specific timestamps\nis supported for a more detailed flexibility. Short summary for certain charts\nmakes it perfect for a weekly or monthly report schedule.\n\n### **Security Posture and Sensors Performance**\n\nThis report provides clear visibility to threat status and trends over\ntime. It also provides insight to sensors' performance trends and false\npositive metrics, thereby providing actionable insights for sensors' tuning and\nimprovement. For detailed information on this report, click\n[here.](/chronicle/docs/soar/monitor-and-report/soar-reports/deep-dive-into-four-advanced-reports)\n\n### **TIER Performance**\n\nOverall Clearance Tracker is a dashboard to track case load of your Security\nOperations Center across different TIERs.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
