KPI operativi
KPI qualitΓ
KPI economici
Domain health gauges
92%
NOC health
78%
SOC posture
85%
XDR coverage
88%
GRC compliance
71%
ICC risk index
94%
Help Desk CSAT
Ticket trend Β· 30g tk/giorno
Opened vs Resolved Β· backlog (asse dx) Β· annot: MI-2026-013
PrioritΓ live count
snapshot Β· click su slice per filtro
P1 Critico8
P2 Alta47
P3 Media312
P4 Bassa724
P5 Plan203
SLA breakdown %
First Response
96.2%
Resolution
94.0%
Escalation
91.4%
At Risk
18 tk
Mean margin
2h 14m
Aging buckets tk per bucket
EtΓ dei ticket aperti raggruppata in 5 bucket Β· accumulo backlog
Performance KPI tempo / %
MTTA
14m
MTTR
3h 42m
MTTC
5h 11m
Reopen rate
6.0%
Escalation
12.0%
Volume per dominio Β· 14g tk/g stacked
Click su barra β drill-down dominio
Forecast Β· prossimi 14g tk/g
regressione lineare + banda confidence 80%
Ticket per issuetype
Per dominio total ticket
aggregato sui domini canonici
Top issuetype Β· creati ultimi N giorni total / open / closed
click su barra β drill-down ticket browser
Issuetype Β· dettaglio top 30 by volume
β types| Issuetype | Domain | Total | Open | Closed | P1 | P2 | SLA breach | SLA % |
|---|---|---|---|---|---|---|---|---|
| Ⳡcaricamento⦠| ||||||||
Operational deep-dive
State distribution count per status
Distribuzione ticket per status workflow (donut)
Escalation funnel L1βL2βL3 + customer
Funnel escalation per tier + escalation verso customer
Top 10 event types issuetype
Top 10 segnalazioni per tipo di evento
SLA Met vs Breached split per severity
Ticket conformi vs in violazione SLA per livello severity
In SLA vs Fuori SLA Β· tempo chiusura timeline
Ticket chiusi IN SLA (verde) vs FUORI SLA (rosso)
MTTE per severity min in escalation
Tempo medio passato in escalation per severitΓ
True-Positive vs False-Positive (SOC) qualifier
Split TP/FP/Pending ticket SOC del periodo
SLA targets contrattuali min per severity
Tabella target SLA contrattuali per livello severity
| Severity | First Response | Resolution | Escalation |
|---|---|---|---|
| Ⳡcaricamento⦠| |||
SLA % per tenant MSSP comparison
Confronto SLA % per ciascun tenant cliente attivo
| Tenant | Total tk | SLA breach | SLA % |
|---|---|---|---|
| β³ caricamento (sadmin only)β¦ | |||
Active alerts count
237
βΌ 12vs ieri
Critical count
14
β² 34h
Device availability %
99.4%
β1,247 dev
Network avail %
99.91%
β² 0.02pp
Latency p95 ms
38ms
βΌ 4ms
Packet loss %
0.18%
βΌ 0.04pp
Predicted outages 48h
3
capacity model
Alert timeline Β· severitΓ Β· 30g alert/g
live Β· annot: window manutenzione 28-30 maggio
Capacity usage %
watchCPU avg cluster
64%
RAM avg
71%
Storage
82%
Bandwidth
45%
Connections
58%
Packet loss Β· 7g %
Andamento packet loss medio sulla rete (rolling 7g)
Latency Β· 7g ms (p50/p95/p99)
Latenza ms ai percentili p50/p95/p99 (7g)
Bandwidth Β· in/out Mb/s
Bandwidth in/out aggregata della rete (Mb/s, 7g)
Service availability SLA % rolling 30g
avg 99.84%| Servizio | SLA 30g | Downtime | MTBF | Stato | Owner |
|---|---|---|---|---|---|
| api-gateway | 99.97% | 13m | 72h | OK | NOC-IT |
| email-mx | 99.94% | 26m | 48h | OK | NOC-IT |
| edge-cdn | 99.88% | 52m | 14h | degraded | NOC-IT |
| auth-idp | 99.99% | 4m | 168h | OK | SEC-IT |
| db-cluster | 99.92% | 35m | 96h | OK | NOC-IT |
| backup-s3 | 99.45% | 3h 58m | 8h | incident | NOC-IT |
Security incidents count
42
β² 730g
Critical threats count
5
βΌ 1contained 3/5
MTTD min
12m
βΌ 4m
MTTC (contain) min
38m
βΌ 8m
MTTR security h:m
4h 12m
β
IOC detected count
1,287
β² 18%
MITRE ATT&CK coverage
14 tactics Β· 88% mapped Β· click cella per dettagli technique
Initial
12
12/14
Execution
9
9/11
Persistence
14
14/19
Priv Esc
11
11/12
Def Ev
18
18/24
Cred Acc
14
14/15
Discovery
22
22/24
Lateral
6
6/9
Collection
14
14/17
C2
12
12/16
Exfil
8
8/9
Impact
9
9/13
Recon
9
9/10
Res Dev
3
3/7
Top threats Β· 7g hits
| Threat | Hits | Sev |
|---|---|---|
| Phishing (M365) | 184 | crit |
| Ransomware probe | 67 | crit |
| Brute SSH | 1,243 | high |
| C2 callback | 38 | high |
| DGA domain | 22 | med |
| RDP scan | 478 | med |
Alert volume Β· severitΓ Β· 30g alert/g stacked
annot: SOC-INC-0142 escalation
Detection sources alert/30g
Distribuzione detection sources (SIEM/EDR/NDR/Email/Cloud/TI)
Correlated alerts count
3,124
β² 8%
Attack chains count
14
β² 28 stopped
Endpoint threats count
87
βΌ 11
Cloud threats count
32
β² 4
Identity threats count
18
β
Auto remediation %
76%
β² 6pp
Attack chain map Β· live days Γ severity score
bubble size = host coinvolti Β· click su bubble β chain detail
Threat surface count attivi
Threat surface Β· distribuzione minacce per superficie attacco
Active attack chains 14 active Β· 8 contained
| Chain | Sev | Stage | Hosts | Identity | First seen | Auto action |
|---|---|---|---|---|---|---|
| CHN-2941 | P1 | Exfiltration | 3 | m.rossi@β¦ | 2h fa | isolated |
| CHN-2937 | P1 | Lateral mov | 7 | svc-jenkins | 4h fa | manual |
| CHN-2934 | P2 | Cred dump | 2 | admin@β¦ | 6h fa | remediated |
| CHN-2929 | P2 | Initial access | 1 | user-guest | 1g fa | contained |
| CHN-2918 | P3 | Recon | 1 | β | 1g fa | contained |
Open risks count
87
βΌ 4
Critical risks count
11
β
Compliance score %
88%
β² 2pp
Open audits count
7
2 closing 30g
Non-conformities count
23
βΌ 5
Remediation % progress
64%
β² 7pp
Framework scorecard % controls passed
ISO 27001:2022
92%
NIST CSF 2.0
87%
SOC 2 Type II
91%
GDPR
84%
PCI-DSS 4.0
79%
NIS2
72%
Risk heatmap likelihood Γ impact
bubble size = rischi nella cella Β· color = sev
Top risks register 11 critical
| ID | Risk | Owner | Sev | Status | Treatment | Due |
|---|---|---|---|---|---|---|
| RSK-0142 | SaaS vendor concentration (M365) | A. Bianchi | crit | In treatment | Multi-cloud BCP | 2026-09-30 |
| RSK-0138 | Ransomware exposure (legacy AD) | L. Rossi | crit | Mitigation | Tier0 isolation | 2026-07-15 |
| RSK-0131 | GDPR DPIA Marketing platform | S. Verdi | high | Open | Vendor review | 2026-08-01 |
| RSK-0127 | Backup integrity untested | M. Neri | high | In progress | Restore drill Q3 | 2026-09-15 |
Cross-domain incidents count
18
β² 3
Services impacted count
7
3 customer-facing
Customers impacted count
142
βΌ 14
Crisis events count
2
war room open
Business impact β¬
β¬ 18.4K
est. losses
Recovery time min
42m
βΌ 8m
Cross-domain impact Β· 14g incident impact score
Impatto incident cross-domain (customer/internal/infra) 14g
Active war rooms count
2| WR | Topic | P |
|---|---|---|
| WR-08 | Payment gateway degradation | P1 |
| WR-07 | M365 mail delivery | P2 |
Avg participants
8.4
Avg duration
1h 42m
Auto-bridge calls
14/14
Major incidents register
| MI | Title | Status | MTTR | Impact | Customers | Started |
|---|---|---|---|---|---|---|
| MI-2026-014 | Payment gateway 5xx burst | active | β | crit | 87 | 32m fa |
| MI-2026-013 | M365 mail delivery slow | contained | 1h 12m | high | 55 | 2h fa |
| MI-2026-012 | VPN concentrator failure | resolved | 2h 38m | high | 240 | 2g fa |
CSAT /5
4.6/5
β² 0.1
NPS [-100..+100]
+47
β² 4
CES [1..7] lower=better
1.8
FCR %
72%
β² 3pp
Self-service %
28%
β² 5pp
Deflection tk evitati/7g
412
β¬ 4.1K saved
CSAT trend + Survey volume Β· 30g score (sx) Β· surveys (dx)
multi-axis Β· target line 4.5
Agents real-time count
Distribuzione stati operatori real-time (Available/Busy/Break/Offline)
Available14
Busy22
Break3
Offline8
tk/agent
18.3
Workload
72%
Productivity
84%
Channel mix Β· 30g tk/g per canale
Volume tk per canale di apertura 30g (Portal/Email/Chat/Phone/AI)
Knowledge top articoli views / deflection
| Articolo | Views | Helpful | tk evitati |
|---|---|---|---|
| Reset password M365 | 1,284 | 94% | 87 |
| Connessione VPN MacOS | 872 | 91% | 58 |
| Sblocco BitLocker | 541 | 88% | 42 |
| Printing Office Roma | 431 | 78% | 21 |
| Onboarding nuovo dipendente | 318 | 96% | 14 |
AI generated tk count/30g
1,847
β² 22%
AI resolved count/30g
709
β² 18%
Resolution rate %
38.4%
β² 5pp
Accuracy %
94.2%
Escal. to human %
11.6%
βΌ 1.4pp
Cost saving β¬
β¬ 24.8K
vs human baseline
Autonomous actions count/7g
3,124
β² 412
Agent activity Β· 7g Β· top 12 run/agente stacked
Run per agente AI 7g Β· successful / escalated / failed
Cost & tokens (7g)
Tokens spent
14.2M
Cost β¬
β¬ 142
Cost / tk
β¬ 0.20
Governor budget
β¬142/β¬500
Sentinel block
0.3%
Agent registry Β· 34 active Β· 3 paused success/cost/tokens
| Agent | Population | Dominio | Status | Run 7g | Success | Avg β¬ | Tokens | Sentinel |
|---|---|---|---|---|---|---|---|---|
| TC Ticket Classifier | operator | ITSM | active | 1,247 | 96.4% | β¬0.02 | 2.1M | β |
| MF Metric Forecaster | expert | NOC | active | 184 | 91.2% | β¬0.18 | 0.6M | β |
| SH Self-Heal Gatekeeper | sentinel | NOC | guarded | 421 | 88.4% | β¬0.04 | 1.2M | 4 blk |
| MI MI Declarer | sentinel | ICC | active | 14 | 100% | β¬0.12 | 0.1M | β |
| OP OnCall Pager | operator | ALL | active | 312 | 99.4% | β¬0.01 | 0.4M | β |
| EM Email Thread Miner | expert | ITSM | active | 872 | 94.1% | β¬0.06 | 3.4M | β |
| MT MITRE Mapper | expert | SOC | active | 67 | 92.8% | β¬0.21 | 0.4M | β |
| AS AI Scribe | operator | HD | active | 1,584 | 97.2% | β¬0.03 | 4.8M | β |
| SR SAM Right-Sizer | expert | FinOps | paused | 0 | β | β | β | β |
| KH KB Auto-Heal | sentinel | HD | active | 184 | 94.6% | β¬0.08 | 0.7M | β |
| FE FinOps Enforcer | sentinel | FinOps | active | 42 | 96.4% | β¬0.15 | 0.3M | 2 blk |
| DR Discovery Runner | operator | CMDB | active | 112 | 89.3% | β¬0.05 | 0.2M | β |
Population mix agenti per popolazione
Distribuzione agenti per popolazione (operator/expert/sentinel)
Sentinel events Β· 30g eventi/g per tipo
Eventi sentinel 30g per tipo (cost block / blast radius / bias)
NH Β· Operations Cockpit v0.2 mockup Β· 2026-06-04 Β· Operator view (multi-tenant)