Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=MDR-dashboard

MDR dashboard

The Managed Detection and Response (MDR) dashboard offers visibility into the work our teams are doing behind the scenes to deliver the MDR service and protect your organization. It also shows a summary of threats we've recently detected, investigated, and mitigated for you, and your current account health summary.

To see the MDR dashboard, sign in to Sophos Central and go to My Products > MDR.

Account health summary

The account health summary shows your current overall account health score out of 100.

If your score is less than 100, click View All or click the Account Health Check icon Account Health Check icon. on the upper-right of the page to see your account health details and recommendations to improve your overall score.

Account health summary donut.

MDR analyst coverage

MDR is a 24/7/365 service. This chart shows the analysts' online status and availability in a 24-hour period, indicated with the green color.

To ensure that we always have someone available and actively looking after our MDR customers' incoming cases and detections, we check for a minimum of three active online analysts per eight-hour shift in a 24-hour period.

MDR Analyst Coverage chart.

Threat hunt and intel effort

This widget provides three important metrics that demonstrate the value of the MDR service.

Threat Hunt and Intel Effort figures.

Total effort by hours

Total Effort by Hours is the combined effort of our Sophos threat hunting and intelligence teams. These hours are a measure of effort spent on proactively tracking established and emerging adversary groups, and studying their tools, techniques, and tactics to better protect and detect against them.

It is also a measure of the hours spent querying your data to search for threats within your environment with the objective of potentially finding a zero-day threat or simply finding improvements within our protection and detection capability. These combined hours represent the proactive effort going on behind the scenes, apart from detections and cases being generated. It's a critical part of the MDR service to protect you in the ever-changing threat landscape.

Threat hunts conducted

Threat Hunts Conducted is the total number of threat hunts performed by the team. Using your data, both Sophos and third-party vendor telemetry, our proactive threat hunts identify attacker behaviors that only a human can detect, and rapidly eliminate threats that evade detection by standard toolsets or other security products. Each threat hunt delves into the MITRE ATT&CK framework to thoroughly examine adversarial behaviors.

New detections from hunt

New Detections from Hunt are all the detection rules written based on the threat hunts we conducted. These new detection rules provide visibility on activities in your environment that could potentially cause damage. The detections generated from these rules enable us to quickly detect potential threats or suspicious activities, so we can proactively defend and respond against active and future cyberattacks. The metrics here are for all MDR customers.

MDR case summary

The Analyst Effort shows the amount of time, measured in hours, the effort of our MDR analyst team as they conduct in-depth and methodical investigation on your detections and cases. This effort also includes the time spent on executing an extensive set of response actions on your behalf to remotely disrupt, contain, and fully eliminate the adversary identified from the case investigation.

The case break-down provides visibility on the number of cases that are "Escalated", which require advanced analysts' investigation and response actions. Escalated cases could also require collaboration from you to resolve. The metrics also show the count for your "Unescalated" cases, which our analysts fully investigated and resolved for you, without requiring any additional action or input from you.

We also added the number of cases created on the weekend. It's expected to be low due to low user activity over the weekend. However, attackers are still active on weekends, so our MDR analysts continue to monitor and respond to these cases 24/7.

MDR Case Summary figures.

Total cases and total case count

These widgets provide our standard case metrics with different grouping options. This gives you a better visibility on the different kinds of cases generated for your environment and helps you understand how they are broken-down by severity, case type, status, verdict, and more.

Note

The case count on case status of "Action Required" isn't affected by the date range filter. This reflects any cases you currently have that are waiting for your reply.

Total cases by status.

Total cases by severity.

Total cases count.

Recent cases

This shows a list of recently generated cases for your environment. It provides visibility on recent case activities that the MDR team has investigated and mitigated for you. It will also list any recent cases you've created manually.

Recent cases list.

Help with dashboard widgets

We've also added tooltip information to help you get familiar with all the dashboard widgets and their content. Hover your mouse over the information icon to view it.

MDR tooltips.

All the widgets in the new MDR Dashboard are also available in the Sophos widgets gallery to use for creating your custom dashboards. See Create or edit a dashboard.