Key Performance Indicator Formulas

This topic outlines the formulas used to calculate key performance indicators (KPIs) for cases and alerts in TheHive.

Key performance indicator formulas table

KPI	Formula	In case description	In alert description
Time to detect (TTD)	= creation date in TheHive - event date	= case.newDate - case.startDate	= alert.newDate - alert.date
Time to triage (TTT)	= date of status In Progress - creation date in TheHive	= case.inProgressDate - case.newDate	= alert.inProgressDate - alert.newDate
Time to acknowledge (TTA)	= date of status In Progress - event date	= case.inProgressDate - case.startDate	= alert.inProgressDate - alert.date
Time to qualify (TTQ)	= date of alert closure or merge into case - alert creation date in TheHive	= max(alert.importedDate, alert.closedDate) - alert.newDate	not applicable
Time to resolve (TTR)	= end of the incident date - date of status In Progress	= case.endDate - min(alert.inProgress, case.inProgress)	not applicable

Units

If the unit of an indicator is not explicitly mentioned, values are in milliseconds.

Next steps

• About Key Performance Indicators
• Hide Key Performance Indicators
• Measure Case Performance
• Measure Alert Performance