Connecting to ConnectWise MDR

Overview

With the BrightGauge integration to ConnectWise MDR™, you can view the MDR Executive Report.

This allows you to:

  • Make informed decisions. The report’s insights guide SOC teams in choosing the right mix of security solutions and strategies tailored to their specific needs.
  • Optimize your resources. You can better allocate your resources by identifying the most effective tools and strategies across the security stack.
  • Manage threats proactively. Empower your teams to proactively manage threats by understanding the nuances of how each product detects, responds, and neutralizes threats.

Prerequisites

You must first meet the following requirements to connect BrightGauge to ConnectWise MDR:

  • You must have ConnectWise SSO enabled.
  • ConnectWise Asio™ must be provisioned to your account with all appropriate entitlements required for integrations with SOC service.
  • You must have ConnectWise MDR enabled on your account.
  • You must have ConnectWise Asio SOC service enabled on your account.

Note: Client mapping is not currently available for this integration. This will be enabled in a future release.

Connect to ConnectWise MDR

To connect to ConnectWise MDR:

  1. Log in to your BrightGauge account.
  2. Navigate to Data > Datasources.
  3. Select ConnectWise MDR.
  4. Enter the datasource Name.
  5. Click Test Connection.
  6. After a successful connection, click Save. Dashboards, reports, datasets, and gauges are added to your account after the datasource is saved. The sync usually takes 20 to 30 minutes to complete.

Default Resources

BrightGauge provides the following dashboards, gauges, reports, and datasets for the ConnectWise MDR integration.

Default Dashboards

To locate your dashboards, select DASHBOARDS from the top menu bar. Then, click the dashboard name to open the dashboard selection menu.

The MDR integration comes with the MDR Executive Report dashboard, below:

BG-MDR-dashboard.png


Default Gauges

To see your gauges, select GAUGES from the top menu bar in BrightGauge.

The MDR Executive Report comes with the following default gauges:

Gauge Description
Working On  Indicates that the ticket or task is currently being worked on by an agent or team.
Escalations  Refers to tickets or issues that have been escalated to a higher level of support or management due to their complexity or urgency.
Alerts  Represents notifications or warnings generated by a system or application to indicate a specific event or condition.
Alerts And Incidents  Combines both alerts and incidents, which are events or occurrences that require attention or action.
Average Response Time  Calculates the average time it takes for a support agent to respond to a ticket or request.
First Response To Partner Escalation  Measures the time it takes for the first response to be provided when a ticket is escalated to a partner or external entity.
Average Time To Resolve Indicates the average time it takes to resolve a ticket, measured in hours.
Average Partner To SOC Idle Time Indicates the average idle time between a partner and the Security Operations Center (SOC), measured in hours.
Avg Overall Ticket Lifespan  Indicates the average lifespan of tickets, from creation to closure.
Average Overall Ticket Lifespan  Indicates the average lifespan of tickets, from creation to closure.
Average Partner To SOC Idle Time  Indicates the average idle time between a partner and the Security Operations Center (SOC).
Closed  Indicates that the ticket has been closed or resolved.
Resolved  Indicates that the ticket has been resolved or addressed.
In Progress  Indicates that the ticket is currently being worked on or is in progress.
On Hold  Indicates that the ticket has been put on hold and is not actively being worked on.
Pending  Indicates that the ticket is pending or awaiting action.
Open  Indicates that the ticket is open or active and has not been resolved yet.

Field Descriptions

The following fields are available when you create a gauge using the default datasets.

Field Description

Tickets

Offers a detailed breakdown of the current status of all MDR tickets, categorizing them based on their progress within the resolution pipeline. It provides a snapshot of the workload distribution, highlighting active, pending, and resolved tickets. This information aids in tracking the overall ticket management process and identifying areas that may require optimization.

Average Overall Ticket Lifespan

Tracks the average duration from the creation to the resolution of tickets. It provides insights into the efficiency of the incident response process, helping gauge the team's ability to swiftly address security incidents and minimize potential impacts.

Average Partner to SOC Idle Time

Measures the duration it takes for a partner to respond to alerts or incidents initiated by the Security Operations Center (SOC). It reflects the collaborative responsiveness between partners and the SOC, indicating how quickly partners engage with SOC recommendations or requests for additional information. Reducing this idle time enhances the overall incident response capabilities and strengthens the partnership between the SOC and external stakeholders.

Average Time to Resolve

Represents the average time taken to resolve a ticket from the moment it is raised until its closure. It serves as a key performance indicator for assessing the efficiency of incident resolution processes. A lower MTTR indicates swift incident response and mitigation, minimizing potential security risks and enhancing organizational resilience against cyber threats.

Average Response Time

Displays how long it takes on average it takes to respond to tickets.

First Response to Partner Escalation

Displays how long on average it takes to respond to a partner escalation.

Alert and Incidents

Provides a comparative analysis of the number of alerts generated versus the number of confirmed security incidents. By distinguishing between alerts and actual incidents, organizations can gain insights into the accuracy of their detection mechanisms and the severity of identified threats. This data is instrumental in prioritizing response efforts and allocating resources effectively.

Alert Reduction Factor

Quantifies the percentage of alerts effectively handled by the MDR team without escalation to customers. It reflects the team's proficiency in filtering out false positives, investigating legitimate threats, and proactively mitigating risks. A higher Alert Reduction Factor signifies the MDR team's ability to streamline operations, minimize alert fatigue, and deliver actionable insights to clients promptly.

Ticket Company ID

Represents a unique identifier for the company associated with the ticket.

Ticket Created at

Indicates the date and time when the ticket was created.

Ticket Custom CF Automatedclose

Stores custom data related to the automated closure of the ticket.

Ticket Custom CF Ticket Resolution Type

Stores custom data related to the resolution type of the ticket.

Ticket Description

Provides a description or summary of the ticket, including the issue or problem reported.

Ticket Description Text

Stores the plain text version of the ticket description, without any formatting or HTML tags.

Ticket Due By

Indicates the date and time by which the ticket should be resolved or addressed.

Ticket Email Config ID

Represents a unique identifier for the email configuration associated with the ticket.

Ticket Fivetran Synced

Indicates whether the ticket data has been synchronized with the Fivetran platform.

Ticket FR Due By

Indicates the date and time by which the first response to the ticket should be provided.

Ticket FR Escalated

Indicates whether the ticket has been escalated for a faster or higher priority response.

Ticket Group ID

Represents a unique identifier for the group or team responsible for handling the ticket.

Ticket ID

Represents a unique identifier for the ticket.

Ticket Is Escalated

Indicates whether the ticket has been escalated for a faster or higher priority response.

Ticket Priority

Indicates the priority level assigned to the ticket (e.g., low, medium, high).

Ticket Requester ID

Represents a unique identifier for the person who submitted the ticket.

Ticket Responder ID

Represents a unique identifier for the agent or support representative that responded to the ticket

Ticket Source

Indicates the source or channel through which the ticket was created or received (e.g., email, chat, phone).

Ticket Spam

Indicates whether the ticket has been marked as spam or unsolicited.

Ticket Stats Agent Responded at

Indicates the date and time when an agent or support representative responded to the ticket.

Ticket Stats Closed at

Indicates the date and time when the ticket was closed or resolved.

Ticket Stats First Responded at

Indicates the date and time when the first response to the ticket was provided.

Ticket Stats Reopened at

Indicates the date and time when the ticket was reopened after being closed.

Ticket Stats Requester Responded at

Indicates the date and time when the requester or customer responded to the ticket.

Ticket Stats Resolved at

Indicates the date and time when the ticket was resolved or addressed.

Ticket Stats Status Updated at

Indicates the date and time when the status of the ticket was last updated.

Ticket Status

Indicates the current status of the ticket (e.g., open, closed, in progress).

Ticket Subject

Stores the subject or title of the ticket, which provides a brief summary of the issue or request.

Ticket Updated at

Indicates the date and time when the ticket information was last updated.


Default Reports

To locate your reports, select REPORTS from the top menu bar.

The MDR Executive Report template is included with this integration.
BG-MDR-report.png


Default Datasets

To locate your datasets, navigate to DATA > Datasets.

SOC Ticket Details This dataset provides data for calculating various metrics containing the ConnectWise MDR services with respect to the current week.
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments