Dashboard Overview
Get real-time visibility into your security posture with CastellanAI's comprehensive dashboard.
The dashboard provides at-a-glance insights into your security operations with real-time metrics and interactive visualizations.
Dashboard Layout
| Section | Description |
|---|---|
| Security Metrics | Real-time KPIs: Events/24h, open events, critical threats, agent health |
| Event Timeline | Chronological view with severity indicators and quick actions |
| Threat Distribution | Visual breakdown by type, severity, and affected assets |
| Recent Activity | Latest security events, user actions, and system changes |
Security Metrics
- 📊 Events/24h
- 📋 Open Events
- 🔴 Critical Threats
- 💚 Agent Health
Events/24h
Total security events collected across all agents in the last 24 hours.
| Volume | Events | Status |
|---|---|---|
| Low | Under 1,000 | Normal operations |
| Normal | 1K-10K | Typical activity |
| High | Over 10K | Elevated activity |
Open Events
Security events detected but not yet triaged, investigated, or resolved.
| Status | Color | Description |
|---|---|---|
| New | 🟡 Yellow | Awaiting triage |
| In Progress | 🔵 Blue | Under investigation |
| Resolved | 🟢 Green | Closed/mitigated |
Critical Threats
High-severity events requiring immediate attention.
| Severity | Risk Score | Response Time |
|---|---|---|
| Critical | 9.0-10.0 | Immediate |
| High | 7.0-8.9 | < 1 hour |
| Medium | 4.0-6.9 | < 4 hours |
| Low | 0.1-3.9 | < 24 hours |
Critical threats include active malware, data exfiltration, and privilege escalation.
Agent Health
Percentage of agents reporting healthy status.
| Status | Percentage | Action |
|---|---|---|
| Healthy | Over 95% | Normal |
| Degraded | 80-95% | Review agents |
| Critical | Under 80% | Immediate action |
Dashboard Filters
- ⏱️ Time Range
- 🎯 Severity
- 📁 Event Type
- 🖥️ Agent/Host
Time Range Filter
Adjust the time window for all metrics and visualizations.
| Option | Use Case |
|---|---|
| Last 1 Hour | Real-time monitoring |
| Last 24 Hours | Daily review (default) |
| Last 7 Days | Weekly trends |
| Last 30 Days | Monthly analysis |
| Custom Range | Specific investigations |
Severity Filter
Show only events matching specific severity levels.
| Severity | Color | Description |
|---|---|---|
| Critical | 🔴 Red | Immediate action |
| High | 🟡 Yellow | Prompt attention |
| Medium | 🔵 Blue | Schedule review |
| Low | 🟢 Green | Informational |
Event Type Filter
Focus on specific event categories.
| Category | Examples |
|---|---|
| Authentication | Login failures, MFA events |
| Malware | Detections, quarantines |
| Network | Suspicious connections |
| Process | Unusual executions |
| File | Sensitive file access |
| Registry | Configuration changes |
Agent/Host Filter
View events from specific agents or hosts.
| Method | Description |
|---|---|
| Search | Type hostname to filter |
| Multi-select | Choose multiple hosts |
| Groups | Filter by agent groups |
Interactive Features
- 🔄 Real-Time
- 🔍 Drill-Down
- 📤 Export
- ⚡ Quick Actions
Real-Time Updates
| Feature | Description |
|---|---|
| Auto-refresh | Every 30 seconds |
| Manual refresh | Click refresh button |
| Live indicators | Pulse animation on new events |
Drill-Down Analysis
Click any metric or chart to view detailed information.
| Click Target | Result |
|---|---|
| Metric card | Detailed breakdown |
| Chart segment | Filtered event list |
| Timeline event | Full event details |
Export Capabilities
Export filtered dashboard data for offline analysis.
| Format | Best For |
|---|---|
| CSV | Spreadsheet analysis |
| JSON | API integration |
| Reports and presentations |
Quick Actions
Perform common actions directly from the dashboard.
| Action | Description |
|---|---|
| Block IP | Immediate IP blocking |
| Isolate Host | Network isolation |
| Investigate | Open event details |
Dashboard Customization
| Feature | Description |
|---|---|
| Save Filter Presets | Save frequent filter combinations for quick access |
| Widget Arrangement | Drag and drop widgets to organize by priority |
| Auto-Refresh Settings | Configure interval from 10 seconds to 5 minutes |
| Role-Based Views | Dashboard adapts based on user role |
📝 Dashboard Setup Checklist
- Review default dashboard layout
- Configure time range preference
- Set severity filter defaults
- Create filter presets for common views
- Arrange widgets by priority
- Configure auto-refresh interval
- Test drill-down navigation
- Export sample report
What's Next?
| Guide | Description |
|---|---|
| Generating Reports | Create comprehensive security reports |
| Exporting Data | Export dashboard data and security events |
| Custom Reports | Create and schedule custom reports |