The Average Response Time card appears in the top center of the dashboard and measures how long it takes for a new incident to be acknowledged by an administrator after detection.
Overview
The Average Response Time card tracks the mean duration between when an incident is first created by Scout and when it is acknowledged by a human user. Acknowledgment typically occurs when an incident is moved out of the New column into Investigating, Contained, or another active status.
This metric reflects your team’s responsiveness to new alerts; how quickly people begin acting on issues once they’re detected.
The time is displayed as a concise duration such as 12m, 3h, or 1.8d, and updates automatically as new incidents are acknowledged.
How It Works
For each incident, Scout records two key timestamps:
- Created: When the detection engine or service first generates the incident.
- Acknowledged: When a user changes its status from New to another state such as Investigating.
The card calculates the average duration between these two timestamps for all incidents acknowledged within the current reporting window.
If no incidents have been acknowledged during that time, the card displays a dash (—) to indicate there’s no current data.
Why It Matters
This metric represents your organization’s human response speed or how quickly alerts move from automated detection to active analysis. Fast acknowledgment times mean incidents are triaged quickly, limiting the window of uncertainty where threats could evolve unnoticed.
Tracking this helps administrators:
- Measure responsiveness and alert fatigue
- Identify coverage gaps during nights or weekends
- Demonstrate service-level compliance for acknowledgment times
- Pinpoint when additional automation or staffing might be needed
A consistent downward trend in response time indicates operational maturity and effective alert handling.
Tips and Best Practices
- Review this metric alongside Critical Incident Resolution to compare detection-to-acknowledgment and full-resolution performance.
- If acknowledgment time spikes, review alert routing or escalation workflows.
- Automate notifications or integrate ticketing to reduce delays.
- Use the metric to validate improvements after tuning detection rules or adding coverage hours.
The Average Response Time card reflects how quickly your team acknowledges new incidents after detection. It measures responsiveness, not total resolution time.