Operations Funnel

Last 24h

Events of Interest

Correlation Instances

Alerts Generated

Signal / Noise

MTTD

Analyst Queue

Efficiency Report

How well raw signal converts to actionable alerts

Last 24h

Correlation efficiency

Alert yield

MITRE coverage

Pipeline Health

Ingest → normalize → fuse → correlate → alert

Live

Ingest

Connector → raw events

Normalize

OCSF mapping

Fuse

Alert fusion

Correlate

Cross-source correlation

Alert

Final alert emission

Security Operations Center

Entity-risk alerting, confidence-scored triage, and 6 connected sources

Active Alerts

1247

89 new today

+12%vs yesterday

Critical

Require immediate action

-3%vs yesterday

Open Cases

15 in progress

MTTR

42m

Mean time to resolve

-8%vs last week

Connected Sources

EDR, SIEM, Cloud, IAM, SaaS

Alert Volume (24h)

Last 24 hours

Severity Breakdown

Critical

High

Medium

156

Low

289

Info

Top MITRE ATT&CK Tactics

Connected Sources

CrowdStrike EDR

412

Microsoft Sentinel

287

AWS CloudTrail

198

Okta Identity

163

Google Workspace

107

GitHub Audit

Live Feed

Connecting…

CRIT

Ransomware indicators detected on DESKTOP-7892

CrowdStrike · 8s ago

HIGH

Impossible travel: admin login from US then RU within 4 min

Okta · 16s ago

HIGH

IAM role assumed from untrusted account 319…847

AWS CloudTrail · 24s ago

MEDI

OAuth app granted Mail.ReadWrite across 37 mailboxes

Microsoft 365 · 32s ago

MEDI

Anomalous GCS bucket policy change in prod project

GCP SCC · 40s ago

LOW

New deploy key added to private repo infra-terraform

GitHub Audit · 48s ago

LOW

SPL federated search matched 12 indicators across Splunk

Sentinel · 56s ago

SOC Performance

Outcome metrics, agent calibration, and technique coverage. Auto-computed every 30s.

SOC Performance Metrics

MTTD1.4hrs

MTTR6.2hrs

MTTC14.8hrs

Escalation Rate18.0%

False Positive Rate12.0%

Alert Volume (7d)1247

Cases Opened (7d)23

Cases Closed (7d)34

Analyst Overrides (7d)8

Agent Confidence Calibration (7d)

Predicted confidence vs. actual true-positive rate. Diagonal alignment indicates well-calibrated confidence.

Confidence Bin

Predicted vs Actual TP Rate

Actual

0-20%

8.0%

20-40%

31.0%

40-60%

52.0%

60-80%

71.0%

80-100%

88.0%

ATT&CK Technique Heatmap

Execution

T1059 Command & Scripting(42)

T1204 User Execution(18)

Defense Evasion

T1027 Obfuscated Files(31)

T1070 Indicator Removal(14)

Credential Access

T1003 OS Credential Dumping(22)

T1110 Brute Force(9)

Lateral Movement

T1021 Remote Services(17)

Command and Control

T1071 Application Layer(26)

T1105 Ingress Tool Transfer(11)

Exfiltration

T1048 Exfiltration Over Alt Protocol(7)

Initial Access

T1566 Phishing(35)

Persistence

T1053 Scheduled Task/Job(19)

Investigation Cost Telemetry (30d)

Tokens · Latency · Spend per model, aggregated across runs

Source of truth for TCO transparency. Per-run breakdowns are available on each investigation detail view.

Total Spend$76.65

Runs1037

LLM Calls5910

Avg $/Run$0.0739

Avg Latency/Call2.52s

Model	Runs	Calls	Prompt Tokens	Completion Tokens	Spend
gpt-4o	312	1840	4.6M	890.0K	$42.18
gpt-4o-mini	580	3200	2.1M	620.0K	$4.86
claude-3.5-sonnet	145	870	3.5M	710.0K	$29.61