Dashboard Overview
Get real-time visibility into your security posture with CastellanAI's comprehensive dashboard.
Key Dashboard Sections
The CastellanAI dashboard provides at-a-glance insights into your security operations:
| Section | Description |
|---|---|
| Security Metrics | Real-time KPIs: Events/24h, open events, critical threats, and agent health |
| Event Timeline | Chronological view of security events with severity indicators and quick actions |
| Threat Distribution | Visual breakdown of threats by type, severity, and affected assets |
| Recent Activity | Latest security events, user actions, and system changes |
Security Metrics Explained
Events/24h
Total number of security events collected across all agents in the last 24 hours.
| Volume | Events |
|---|---|
| Low Volume | <1,000 |
| Normal | 1K-10K |
| High Volume | >10K |
Open Events
Security events that have been detected but not yet triaged, investigated, or resolved.
Event Statuses:
- New (Yellow) - Awaiting triage
- In Progress (Blue) - Under investigation
- Resolved (Green) - Closed/mitigated
Critical Threats
High-severity events requiring immediate attention (e.g., active malware, data exfiltration).
| Severity | Risk Score |
|---|---|
| Critical | 9.0-10.0 |
| High | 7.0-8.9 |
| Medium | 4.0-6.9 |
| Low | 0.1-3.9 |
Agent Health
Percentage of agents reporting healthy status and successfully sending events.
| Status | Percentage |
|---|---|
| Healthy | >95% |
| Degraded | 80-95% |
| Critical | <80% |
Using Dashboard Filters
Refine your dashboard view with powerful filtering capabilities:
Time Range Filter
Adjust the time window for all dashboard metrics and visualizations.
- Last 1 Hour
- Last 24 Hours (Default)
- Last 7 Days
- Last 30 Days
- Custom Range
Severity Filter
Show only events matching specific severity levels.
- Critical (Red)
- High (Yellow)
- Medium (Blue)
- Low (Green)
Event Type Filter
Focus on specific event categories.
- Authentication
- Malware
- Network
- Process
- File
- Registry
Agent/Host Filter
View events from specific agents or hosts using the search bar.
Interactive Dashboard Features
Real-Time Updates
Dashboard metrics auto-refresh every 30 seconds. Manual refresh available via refresh button.
Drill-Down Analysis
Click any metric or chart to view detailed event information and investigation tools.
Export Capabilities
Export filtered dashboard data to CSV, JSON, or PDF for offline analysis and reporting.
Quick Actions
Perform common actions directly from dashboard: block IP, isolate host, investigate event.
Dashboard Customization
Personalize your dashboard to match your security operations workflow:
- Save Filter Presets - Save frequently used filter combinations for quick access (e.g., "Critical Events - Last Hour").
- Widget Arrangement - Drag and drop dashboard widgets to organize them based on your priorities.
- Auto-Refresh Settings - Configure auto-refresh interval from 10 seconds to 5 minutes, or disable for manual updates.
- Role-Based Views - Dashboard automatically adapts based on user role, showing relevant metrics and actions.
What's Next?
- Exporting Data - Learn how to export dashboard data and security events
- Custom Reports - Create and schedule custom security reports