Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Configure a Key Performance Indicator in IT Analytics Data Loss Prevention Content Pack

Created: 08 Nov 2012 • Updated: 22 Nov 2013
Language Translations
dprager's picture
+10 10 Votes
Login to vote

One of the advantages of using IT Analytics is the ability to use an intuitive reporting framework that lets you quickly translate large data volumes with the goal of making informed business decisions. Microsoft SQL Analysis Services leverages this capability through Key Performance Indicators (KPIs). KPIs are defined as quantifiable measures that represent a critical success factor in an organization. The emphasis is on the action of quantifying something in the environment. For example, the KPIs must be measurable to successfully be monitored and compared against a given objective. 

In this article we will look at the native capabilities for easily creating a KPIs in the IT Analytics Data Loss Prevention Content Pack. Using the DLP Incidents Summary Cube we will create a KPI that will allow for the monitoring of incident trends over time.

To complete this exercise, you should have IT Analytics with the Data Loss Prevention Content Pack already installed. For more information, please refer to the Connect article for installing IT Analytics.

Creating a KPI from a Cube View

  1. Launch the Symantec Management Console.
  2. Click the Reports menu item and select All Reports.
  3. Expand the Reports folder.
  4. Expand the IT Analytics folder.
  5. Expand the Cubes folder.
  6. Select the DLP Incident Summary Cube.
  7. Click anywhere in the PivotTable window to display the Field List.  Clicking on this icon  in the toolbar will also cause the field list to be displayed.
  8. Drag and drop the Incident Count measure into the Totals pane:

  1. Drag and drop the Incident - Severity attribute into the rows pane:

  1. Right click on the cell in the cube that represents Incident Count with High Severity and then select Use as KPI Value.

  1. In the New Key Performance Indicator section, verify that KPI Value is populated and the KPI Goal is defined as “None.” 

  1. Click the Create KPI button .
  2. In the Key Performance Indicator Window type "DLP High Severity Incidents Trend" in the KPI Name textbox.

  1. Verify that the following boxes are correctly filled out:
  • Database Name - This box should be the name of the Analysis Services database that IT Analytics Solution is configured to use.
  • Cube Name - This box should already be set to the DLP Incident Summary Cube.
  • Associated Measure Group - This box should already be set to Incidents.
  • Value Expression - This box should already be populated with the MDX code that represents the measure that was selected for the KPI Value.
  • Trend - This box should be set to ‘Compare Current Period To Previous Period’ This will open another set of boxes.
  • Date Dimensions - Set this box to DLP Detection Date.
  • Number of days in period of comparison - This box should be set to whatever period you wish to track the trend for. Set to 30 days to track the trend by month
  • Trend Graphic – Set this to Arrow - Descending

  1. Click the Save KPI button.
  2. Verify the window returns and displays a message that the KPI has been saved successfully:

  1. Click the Close button.
  2. Click OK on the Windows Message box to reload the page.

  1. Click the Key Performance Indicator item from the left tree navigation.

  1. The new KPI should now display in the list with the current value defined. The trend arrow indicates that incidents have increased since the previous 30 day period. Additionally, optional trending arrows (ascending/descending) can be selected as graphics to depict the arrow direction with a color status indicator (red/green).

Optional - Setting the Status of a KPI (Advanced)

For the purposes of creating a KPI, the Status Expression is defined as a number between 1 and -1. While we defined this as Percentage of Goal in the previous exercise, the most flexible and granular way of defining how these values are populated is through an MDX string. This comes into play when we want to explicitly set an acceptable threshold for a certain metric.

This procedure is an example of enhancing the KPI that was previously created above.

  1. On the Key Performance Indicators page, click the Edit link next to the KPI that was already created, “DLP High Severity Incidents Trend
  2. In the Status Expression box, click MDX Expression.
  3. In the text area box that pops up, enter the following MDX code:

      KPIValue("DLP High Severity Incidents Trend") > 2 * KPIGoal("DLP High Severity Incidents Trend")
      THEN   -1
      KPIValue("DLP High Severity Incidents Trend") < KPIGoal("DLP High Severity Incidents Trend")
      THEN   1
      ELSE   0

  1. For Status Graphic, click Traffic Light.
  2. Click Save KPI.
  3. Click Close.
  4. Refresh the list of KPIs. A stoplight should display under the Status column. It indicates the current status for this KPI.