SOC Handbook: Fixed Mean Time to Triage Calculation Logic

What Changed

Fixed query logic in the SOC Handbook Security Operations Efficiency workbook by reordering operations to ensure proper filtering before time-to-triage calculations.

Query Logic Fix

Moved the arg_max() operation before Owner and Product filtering to ensure the calculation uses the latest incident state before applying additional filters. This prevents incorrect triage time measurements that could occur when filtering was applied before incident deduplication.

Operational Impact

SOC managers using this workbook for performance metrics will now see accurate mean time to triage calculations. Previous calculations may have been skewed due to the filter order affecting incident state selection.

Affected Files

Solutions/SOC Handbook/Workbooks/SecurityOperationsEfficiency.json Workbooks/WorkbooksMetadata.json (packaging artefacts: mainTemplate.json, Solution metadata, ReleaseNotes.md)