Dashboard Guide
Navigate and use the CastellanAI security dashboard effectively.
Remember: The Customer Portal is for account management. The Security Dashboard (this guide) is for threat monitoring. Access it by clicking "Open Security Dashboard" from the Portal.
Dashboard Overview
The Security Dashboard provides real-time visibility into your security posture.
Main Components
| Component | Description |
|---|---|
| Summary Cards | Key metrics at a glance |
| Event Timeline | Recent security events |
| Threat Map | Geographic distribution of events |
| Agent Status | Health of your deployed agents |
Security Events
Viewing Events
Navigate to Security Events to see all captured events.
Event Details
Click any event to see detailed information:
- 📋 Overview
- 📂 Categories
- ⚠️ Severity
| Field | Description |
|---|---|
| Timestamp | When the event occurred |
| Source | Endpoint that generated the event |
| Category | Event classification |
| Severity | Critical, High, Medium, Low |
Event Categories
| Category | Examples |
|---|---|
| Authentication | Failed logins, account lockouts, privilege escalation |
| Process | Suspicious process execution, script activity |
| Network | Unusual connections, port scanning, data exfiltration |
| File | Suspicious file access, modifications, malware detection |
| System | Configuration changes, service modifications |
Severity Levels
| Level | Score | Description |
|---|---|---|
| Critical | ≥90 | Immediate threat requiring urgent action |
| High | 70-89 | Significant risk, investigate promptly |
| Medium | 40-69 | Potential concern, review when possible |
| Low | Under 40 | Informational, routine activity |
Critical events are highlighted in red and trigger immediate alerts.
Filtering Events
Use filters to narrow down events:
| Filter | Options |
|---|---|
| Date Range | Select time period (last hour, day, week, custom) |
| Severity | Critical, High, Medium, Low |
| Category | Authentication, Process, Network, File, System |
| Agent | Filter by source endpoint |
| Search | Full-text search across all fields |
Exporting Events
- Apply your desired filters
- Click Export
- Choose format:
- CSV - For spreadsheets
- JSON - For automation/API
- Download the file
Alerts
Configuring Alerts
- Go to Settings → Alerts
- Click + New Alert Rule
- Define conditions:
- 📝 Conditions
- 🔔 Notifications
| Condition | Description |
|---|---|
| Event Type | Which event categories to monitor |
| Severity Threshold | Minimum severity to trigger |
| Occurrence Frequency | Single event or multiple occurrences |
| Time Window | How long to track occurrences |
Notification Channels
| Channel | Setup |
|---|---|
| Enter recipient email addresses | |
| Slack | Connect your Slack workspace |
| Microsoft Teams | Add Teams webhook URL |
Managing Alerts
| Action | Description |
|---|---|
| Acknowledge | Mark an alert as seen (stops repeat notifications) |
| Resolve | Close an alert after investigation |
| Snooze | Temporarily silence an alert (1 hour, 4 hours, 24 hours) |
💡 Alert Best Practices
- Start conservative - Begin with high-severity alerts only
- Avoid alert fatigue - Don't over-alert on low-priority events
- Use time windows - Require multiple occurrences before alerting
- Review regularly - Tune rules based on false positive rate
AI Insights
The AI-powered analysis provides intelligent threat assessment:
- 🎯 Threat Scoring
- 🔍 Pattern Detection
- 💡 Recommendations
- 🔗 Correlation
Threat Scoring
Each event receives an automated risk score based on:
- Event type and historical patterns
- Context from correlated events
- Known threat indicators
- Behavioral analysis
Pattern Detection
AI identifies unusual behavior:
- Anomalous login times - After-hours authentication
- Lateral movement - Suspicious cross-endpoint activity
- Data exfiltration - Unusual outbound data transfers
- Privilege escalation - Unexpected permission changes
Recommendations
Get suggested actions for each event:
- Investigate - Review related events
- Block - Recommended network/user blocks
- Escalate - When to involve management
- Monitor - Watch for continued activity
Event Correlation
AI links related events to show:
- Attack chains - Multi-step attack sequences
- Common source - Events from same actor
- Timeline - Chronological attack progression
Click "View Related" on any event to see correlated activity.
Accessing AI Insights
Access AI insights from the Insights tab on any security event.
AI Chat
Use natural language to query your security data:
Example queries:
• "Show me failed logins in the last 24 hours"
• "What are the top threats this week?"
• "Explain this security event"
• "Are there any suspicious patterns from server-01?"
What's Next?
| Guide | Description |
|---|---|
| Security Score | Understand your security posture |
| Event Monitoring | Deep dive into event analysis |
| Threat Detection | Learn about AI-powered detection |