Console
    Start free

    Monitor Triage and Investigation Agent (TIN) performance with dashboards

    Supported in:

    The Triage and Investigation Agent (TIN) autonomously investigates security alerts to determine if they are true or false positives. Google SecOps integrates TIN operational data into dashboards. This integration provides critical visibility into the agent's investigations, helping you evaluate its effectiveness and understand its impact on your security posture. Additionally, these dashboards provide a clear way to monitor security token consumption for billing purposes and evaluate the value provided by the agent.

    Key metrics

    By integrating TIN data into dashboards, you can monitor the following:

    • Operational efficacy: View the types of alerts the agent investigates and the final verdicts (true positive or false positive) it reaches.
    • Efficiency gains: Track metrics such as the time saved by using the agent for autonomous investigations.
    • Usage monitoring: Monitor your TIN usage to understand the value it provides to your security posture.

    For more information about YARA-L 2.0 query dashboard examples for these metrics, see Triage and Investigation Agent (TIN) .

    Need more help? Get answers from Community members and Google SecOps professionals.

    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: