I am creating dashboard templates for CEM related metrics. One issue I have come across, is that is appears that some of the metrics, such as slow time, unauthorised access etc only show up once they are triggered (in the investigator tree). On a dashboard, this will show up as a grey 'traffic light' as there is no data. Does anyone know if there is a way to force a value for the metric, ideally 0 is no data is coming through. This is so that the light will be green, until the threshold is breached when a metric such as slow time is triggered. I know you can force a metric in the EPAgent to report a certain value if there is no data. Not sure if it can be done with CEM.
The relevant function to check for absent data is: "metricData[i].timeslicedValue.dataIsAbsent()"
OOTB script BtStats-DefectPercent.js uses it.
Some other community refs here:
Other contributors might have alternative suggestions.
Hope this helps
Was Lynn's answer helpful? Do you have any followup questions?