Metric catalog

  • Updated

The Panaseer Metric catalog contains a complete list of metrics available on your platform and is accessed via the left panel:

Metrics icon

A metric refers to a quantifiable measure used to monitor, evaluate, and report on the performance, status, or compliance of cybersecurity controls and processes.

Security areas

Metrics provide data for certain categories of risk areas. For example, one set of metrics may focus on you device inventory, whilst another set may focus on the status of software patches across your infrastructure. 

Panaseer's metrics are categorised by these security areas, which you will see in the filter options when you click Browse all metrics.

Metric filters

These security areas are also known as Control Domains, as they represent different domains in which your cybersecurity controls operate.

For a complete list of domains and their metrics, see Control Domains.

Metric types

Metric types

The Platform comes with several categories of metrics and measures to ensure you have a high quality, effective measurement program that follows data science best practice. Throughout this guide you’ll see examples of all of these, so here’s a quick introduction to what they are and the value they provide.

Informational measures

Informational measures are straightforward counts and sums. For example, total number of vulnerabilities, or total number of Windows 7 machines. They are the building blocks for many of our more complex measurements.

Coverage metrics

Coverage metrics provide essential context for any performance measures. It is measurement best practice to be aware of what information you cannot capture. For example, there is no information on the state of vulnerabilities on devices that have not been scanned. Therefore, we strongly recommend that for every security area you assess, you track the coverage and completeness of the data sources.

For example, the % of all eligible users who have received a phishing test (coverage metric) provides context for the % of users who failed a phishing test (policy metric). These metrics are also useful to help ensure your control tooling is deployed everywhere it should be.

Policy metrics

Policy metrics allow you to track adherence to standards across your organization. You can measure performance against your in-house standards by using Control Checks Builder, a capability of the Panaseer Platform, that enables you to tailor their value and scope as required.

You can also check your compliance against regulatory standards by configuring the scope of assets in your organization to which these apply. Policy metrics will automatically reflect these values. They are a great way to get started with CCM, by assessing how well you are currently enforcing the policies you have laid out

Diagnostic metrics

If you have identified areas of subpar performance using policy metrics, diagnostic metrics provide more in-depth insight that helps you to narrow down the root cause and quickly identify actions that help reduce risk.

Compound Risk metrics

Compound Risk metrics pull together data across multiple security domains to help identify toxic combinations of risks. Toxic combinations are when risks from different domains coexist on a particular resource.

For more information see Compound risk metrics.

Metric catalog and collections

Metric collections provide a mechanism to group multiple metrics together that users can browse on the collections page. The purpose of collections is to help users discover the breadth of our content.

There are many reasons why the number of ingested records you see differs from the number you expect to see based on your knowledge of the data source. Below are a few critical causes of discrepancies and how to identify them.

Metric catalog

 Browsing the metrics catalog

You can explore the catalog by searching or browsing.

Browsing the Metric catalog

  • Use the search bar in order to find metrics by name, tag, framework or keyword.
  • Click on Browse the catalog to open the Metric Search page.

Searching and browsing provide a set of filters to narrow down your search. Select values under the following categories:

  • Security area
  • Metric type
  • Metric status
  • Security framework

Metric Catalog search results

Here you can view the metrics that are viewable, based on the filters that you have selected.

Metric search results

You can click on the Show detailed results to see additional information like Security area(s), Security framework(s) and Has control checks? Yes or No.

Inspecting Metrics

Click on any metric to open the metric detail page, which contains an extensive list of metric attributes and a list of dashboards that use the metric.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.