Overview
With the BrightGauge integration to ConnectWise MDR™, you can view the MDR Executive Report.
This allows you to:
- Make informed decisions. The report’s insights guide SOC teams in choosing the right mix of security solutions and strategies tailored to their specific needs.
- Optimize your resources. You can better allocate your resources by identifying the most effective tools and strategies across the security stack.
- Manage threats proactively. Empower your teams to proactively manage threats by understanding the nuances of how each product detects, responds, and neutralizes threats.
Prerequisites
You must first meet the following requirements to connect BrightGauge to ConnectWise MDR:
- You must have ConnectWise SSO enabled.
- ConnectWise Asio™ must be provisioned to your account with all appropriate entitlements required for integrations with SOC service.
- You must have ConnectWise MDR enabled on your account.
- You must have ConnectWise Asio SOC service enabled on your account.
Note: Client mapping is not currently available for this integration. This will be enabled in a future release.
Connect to ConnectWise MDR
To connect to ConnectWise MDR:
- Log in to your BrightGauge account.
- Navigate to Data > Datasources.
- Select ConnectWise MDR.
- Enter the datasource Name.
- Click Test Connection.
- After a successful connection, click Save. Dashboards, reports, datasets, and gauges are added to your account after the datasource is saved. The sync usually takes 20 to 30 minutes to complete.
Default Resources
BrightGauge provides the following dashboards, gauges, reports, and datasets for the ConnectWise MDR integration.
Default Dashboards
To locate your dashboards, select DASHBOARDS from the top menu bar. Then, click the dashboard name to open the dashboard selection menu.
The MDR integration comes with the MDR Executive Report dashboard, below:
Default Gauges
To see your gauges, select GAUGES from the top menu bar in BrightGauge.
The MDR Executive Report comes with the following default gauges:
Gauge | Description |
Working On | Indicates that the ticket or task is currently being worked on by an agent or team. |
Escalations | Refers to tickets or issues that have been escalated to a higher level of support or management due to their complexity or urgency. |
Alerts | Represents notifications or warnings generated by a system or application to indicate a specific event or condition. |
Alerts And Incidents | Combines both alerts and incidents, which are events or occurrences that require attention or action. |
Average Response Time | Calculates the average time it takes for a support agent to respond to a ticket or request. |
First Response To Partner Escalation | Measures the time it takes for the first response to be provided when a ticket is escalated to a partner or external entity. |
Average Time To Resolve | Indicates the average time it takes to resolve a ticket, measured in hours. |
Average Partner To SOC Idle Time | Indicates the average idle time between a partner and the Security Operations Center (SOC), measured in hours. |
Avg Overall Ticket Lifespan | Indicates the average lifespan of tickets, from creation to closure. |
Average Overall Ticket Lifespan | Indicates the average lifespan of tickets, from creation to closure. |
Average Partner To SOC Idle Time | Indicates the average idle time between a partner and the Security Operations Center (SOC). |
Closed | Indicates that the ticket has been closed or resolved. |
Resolved | Indicates that the ticket has been resolved or addressed. |
In Progress | Indicates that the ticket is currently being worked on or is in progress. |
On Hold | Indicates that the ticket has been put on hold and is not actively being worked on. |
Pending | Indicates that the ticket is pending or awaiting action. |
Open | Indicates that the ticket is open or active and has not been resolved yet. |
Field Descriptions
The following fields are available when you create a gauge using the default datasets.
Field | Description |
Tickets |
Offers a detailed breakdown of the current status of all MDR tickets, categorizing them based on their progress within the resolution pipeline. It provides a snapshot of the workload distribution, highlighting active, pending, and resolved tickets. This information aids in tracking the overall ticket management process and identifying areas that may require optimization. |
Average Overall Ticket Lifespan |
Tracks the average duration from the creation to the resolution of tickets. It provides insights into the efficiency of the incident response process, helping gauge the team's ability to swiftly address security incidents and minimize potential impacts. |
Average Partner to SOC Idle Time |
Measures the duration it takes for a partner to respond to alerts or incidents initiated by the Security Operations Center (SOC). It reflects the collaborative responsiveness between partners and the SOC, indicating how quickly partners engage with SOC recommendations or requests for additional information. Reducing this idle time enhances the overall incident response capabilities and strengthens the partnership between the SOC and external stakeholders. |
Average Time to Resolve |
Represents the average time taken to resolve a ticket from the moment it is raised until its closure. It serves as a key performance indicator for assessing the efficiency of incident resolution processes. A lower MTTR indicates swift incident response and mitigation, minimizing potential security risks and enhancing organizational resilience against cyber threats. |
Average Response Time |
Displays how long it takes on average it takes to respond to tickets. |
First Response to Partner Escalation |
Displays how long on average it takes to respond to a partner escalation. |
Alert and Incidents |
Provides a comparative analysis of the number of alerts generated versus the number of confirmed security incidents. By distinguishing between alerts and actual incidents, organizations can gain insights into the accuracy of their detection mechanisms and the severity of identified threats. This data is instrumental in prioritizing response efforts and allocating resources effectively. |
Alert Reduction Factor |
Quantifies the percentage of alerts effectively handled by the MDR team without escalation to customers. It reflects the team's proficiency in filtering out false positives, investigating legitimate threats, and proactively mitigating risks. A higher Alert Reduction Factor signifies the MDR team's ability to streamline operations, minimize alert fatigue, and deliver actionable insights to clients promptly. |
Ticket Company ID |
Represents a unique identifier for the company associated with the ticket. |
Ticket Created at |
Indicates the date and time when the ticket was created. |
Ticket Custom CF Automatedclose |
Stores custom data related to the automated closure of the ticket. |
Ticket Custom CF Ticket Resolution Type |
Stores custom data related to the resolution type of the ticket. |
Ticket Description |
Provides a description or summary of the ticket, including the issue or problem reported. |
Ticket Description Text |
Stores the plain text version of the ticket description, without any formatting or HTML tags. |
Ticket Due By |
Indicates the date and time by which the ticket should be resolved or addressed. |
Ticket Email Config ID |
Represents a unique identifier for the email configuration associated with the ticket. |
Ticket Fivetran Synced |
Indicates whether the ticket data has been synchronized with the Fivetran platform. |
Ticket FR Due By |
Indicates the date and time by which the first response to the ticket should be provided. |
Ticket FR Escalated |
Indicates whether the ticket has been escalated for a faster or higher priority response. |
Ticket Group ID |
Represents a unique identifier for the group or team responsible for handling the ticket. |
Ticket ID |
Represents a unique identifier for the ticket. |
Ticket Is Escalated |
Indicates whether the ticket has been escalated for a faster or higher priority response. |
Ticket Priority |
Indicates the priority level assigned to the ticket (e.g., low, medium, high). |
Ticket Requester ID |
Represents a unique identifier for the person who submitted the ticket. |
Ticket Responder ID |
Represents a unique identifier for the agent or support representative that responded to the ticket |
Ticket Source |
Indicates the source or channel through which the ticket was created or received (e.g., email, chat, phone). |
Ticket Spam |
Indicates whether the ticket has been marked as spam or unsolicited. |
Ticket Stats Agent Responded at |
Indicates the date and time when an agent or support representative responded to the ticket. |
Ticket Stats Closed at |
Indicates the date and time when the ticket was closed or resolved. |
Ticket Stats First Responded at |
Indicates the date and time when the first response to the ticket was provided. |
Ticket Stats Reopened at |
Indicates the date and time when the ticket was reopened after being closed. |
Ticket Stats Requester Responded at |
Indicates the date and time when the requester or customer responded to the ticket. |
Ticket Stats Resolved at |
Indicates the date and time when the ticket was resolved or addressed. |
Ticket Stats Status Updated at |
Indicates the date and time when the status of the ticket was last updated. |
Ticket Status |
Indicates the current status of the ticket (e.g., open, closed, in progress). |
Ticket Subject |
Stores the subject or title of the ticket, which provides a brief summary of the issue or request. |
Ticket Updated at |
Indicates the date and time when the ticket information was last updated. |
Default Reports
To locate your reports, select REPORTS from the top menu bar.
The MDR Executive Report template is included with this integration.
Default Datasets
To locate your datasets, navigate to DATA > Datasets.
SOC Ticket Details | This dataset provides data for calculating various metrics containing the ConnectWise MDR services with respect to the current week. |
Comments
0 comments