Auditing & Reporting • Room 1

Security Posture Metrics

A security program must prove its value. Engineers build reports tracking MTTR (Mean Time To Respond), False Positive Rates, and Analyst workloads.

If the False Positive rate of a specific Correlation Search hits 95%, the Engineer uses this metric as justification to tune or disable the rule.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Write a search using the `audit` index to count the number of times users logged in. Group by `user`.

Splunk Search Bar