Dashboard
The dashboard provides an at-a-glance view of your security operations. It’s the first thing you see after logging in.
Overview
The dashboard displays:
- Alert statistics - New, acknowledged, and resolved counts
- Recent alerts - Latest detections requiring attention
- System health - OpenSearch connectivity and index status
- Rule statistics - Deployed vs total rules
Alert Statistics
The top row shows alert counts by status:
| Status | Meaning |
|---|
| New | Unreviewed alerts requiring triage |
| Acknowledged | Alerts being investigated |
| Resolved | Completed investigations |
| False Positive | Tuned out detections |
Recent Alerts
The recent alerts panel shows the latest detections:
- Severity indicator - Color-coded by risk level
- Rule name - Which detection triggered
- Timestamp - When the alert fired
- Quick actions - Acknowledge or investigate
Click an alert to open the full investigation view with log context and enrichment.
System Health
The health panel shows:
- OpenSearch status - Connection health
- Index patterns - Data flow status per log source
- Background tasks - Scheduler status
Health Indicators
| Color | Status | Action |
|---|
| 🟢 Green | Healthy | No action needed |
| 🟡 Yellow | Warning | Monitor closely |
| 🔴 Red | Critical | Immediate attention |
Rule Statistics
Shows your detection coverage:
- Total rules - All rules in the system
- Deployed - Actively detecting
- Undeployed - Saved but inactive
- Snoozed - Temporarily disabled
Customization
The dashboard layout is fixed, but you can:
- Set your default time range in user preferences
- Configure which severity levels appear in recent alerts
- Enable browser notifications for critical alerts
Next Steps
