A security team needs a dashboard to monitor incident resolution times across multiple regions.

A real-time incident dashboard helps SOC teams track resolution times by region, severity, and response efficiency.

✅1. Real-time Filtering by Region (A)

Allows dynamic updates on incident trends across different locations.

Helps SOC teams identify regional attack patterns.

Example:

A dashboard with dropdown filters to switch between:

North America → Incident MTTR (Mean Time to Respond): 2 hours.

Europe → Incident MTTR: 5 hours.

❌Incorrect Answers:

B. Including all raw data logs for transparency → Dashboards should show summarized insights, not raw logs.

C. Using static panels for historical trends → Static panels don’t allow real-time updates.

D. Disabling drill-down for simplicity → Drill-down allows deeper investigation into regional trends.

????Additional Resources:

Splunk Dashboard Design Best Practices