This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Creating Metrics Dashboards based on Tags

Posted 3 weeks ago
_K_O
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi all!

Has anyone created dashboards based on SecOps tags? I have to create some reports every quarter based on certain tags which are set for each case using predetermined categories.

The issues that I am facing are:

  • There is no way using SOAR dashboards to specify a "bar/category" being based on whether multiple tags exist, e.g "If Tag 1 & Tag 2 Then set Result as BarGraphTag"
  • The SOAR dashboard only half works for this use case since you can't combine tags and it's limited to 10 results:

_K_O_0-1745326233353.png

If you have any advice on modifying the SOAR dashboards for this use case (More than 10 results and the ability to combine tags to create a category) or using Native dashboards for this use case would be greatly appreciated. 

TIA

---

Edit: Attempts to use SOAR Advanced Reports results in a NULL element for Case Tags - this has been submitted to Google support for further investigation:

_K_O_0-1745344348734.png

Solved Solved
0 5 1,680
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
SoarAndy
Staff
In response to _K_O
Reply posted on --/--/---- --:-- AM

I believe it's in private preview, with a hope for a wider release in the coming weeks, is there a chance you can wait for those?

Depending on your SOAR deployment you might also have 'Advanced Reports' (Looker based), but it seems high effort low return to start that learning curve at this point in time.

I don't think you will achieve this with the 'original' SOAR dashboards, sorry

Andy

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
SoarAndy
Staff
Reply posted on --/--/---- --:-- AM

Native dashboards will replace this in the near future, if you can wait for those to come out you will have a much better experience.

Talk to your support team to get more info on the feature and it's timelines.

HTH

Andy

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
_K_O
Silver 1
Silver 1
In response to SoarAndy
Reply posted on --/--/---- --:-- AM

@SoarAndy we have the Native dashboards enabled, do you know what type of a query would be able to extract tag information? I haven't been able to find the tag "variables / information" within the query suggestions. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
SoarAndy
Staff
In response to _K_O
Reply posted on --/--/---- --:-- AM

Native dashboard today are only for SIEM data, though at some point, they will include SOAR data (you would need to talk to your support team to enquire about the possibility of previews)

Jump to Solution

Posted on --/--/---- --:-- AM
_K_O
Silver 1
Silver 1
In response to SoarAndy
Reply posted on --/--/---- --:-- AM

Hi @SoarAndy, I spoke with our account team and the SOAR component isn't available at this time. Just to confirm, there are no other methods currently available to solve for this use case?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
SoarAndy
Staff
In response to _K_O
Reply posted on --/--/---- --:-- AM

I believe it's in private preview, with a hope for a wider release in the coming weeks, is there a chance you can wait for those?

Depending on your SOAR deployment you might also have 'Advanced Reports' (Looker based), but it seems high effort low return to start that learning curve at this point in time.

I don't think you will achieve this with the 'original' SOAR dashboards, sorry

Andy

Jump to Solution
Top Solution Authors
View all