Dashboard

The Dashboard is the AgentSOC overview home at /, where you start each shift and get a single read on the current security posture.

What it does

The Dashboard summarizes activity across your environment so you can orient quickly before diving into specific work. It pulls from the same normalized alert data that powers the rest of the platform, then rolls it up into headline metrics, breakdowns, and a feed of recent activity.

Use it to answer the first questions of any shift: How many alerts came in? What is critical right now? Is anything being escalated or left unresolved?

Key actions

  • Scan the headline metrics. Key performance indicators cover alerts today, enriched alerts, escalated alerts, false positives, resolved alerts, and actions taken, each with a short-term trend.
  • Read the severity breakdown. See how alerts split across critical, high, and lower severities, including counts of critical and high alerts that need attention.
  • Review status and source. Breakdowns by status and by data source show where alerts sit in the pipeline and which integrations are generating them.
  • Check the timeline. A time-series view shows alert volume over your selected range so you can spot spikes.
  • Open recent alerts. The recent activity feed lists the latest alerts. Select one to jump straight into triage on the Alerts page.

Tips

  • Start every shift here to baseline what "normal" looks like before you act on individual items.
  • Rising escalated or unresolved counts are a signal to prioritize the Incidents and Alerts queues.
  • Trend arrows compare recent activity against the prior period — treat sudden jumps as worth investigating, not just noise.
Available metrics and breakdowns depend on your data sources and the selected time range. Confirm exact fields against your deployment.