Dashboard
The dashboard provides an at-a-glance view of your security operations. It’s the first thing you see after logging in.Overview
The dashboard displays:- Alert statistics - New, acknowledged, and resolved counts
- Recent alerts - Latest detections requiring attention
- System health - OpenSearch connectivity and index status
- Rule statistics - Deployed vs total rules
Alert Statistics
The top row shows alert counts by status:| Status | Meaning |
|---|---|
| New | Unreviewed alerts requiring triage |
| Acknowledged | Alerts being investigated |
| Resolved | Completed investigations |
| False Positive | Tuned out detections |
Recent Alerts
The recent alerts panel shows the latest detections:- Severity indicator - Color-coded by risk level
- Rule name - Which detection triggered
- Timestamp - When the alert fired
- Quick actions - Acknowledge or investigate
System Health
The health panel shows:- OpenSearch status - Connection health
- Index patterns - Data flow status per log source
- Background tasks - Scheduler status
Health Indicators
| Color | Status | Action |
|---|---|---|
| 🟢 Green | Healthy | No action needed |
| 🟡 Yellow | Warning | Monitor closely |
| 🔴 Red | Critical | Immediate attention |
Rule Statistics
Shows your detection coverage:- Total rules - All rules in the system
- Deployed - Actively detecting
- Undeployed - Saved but inactive
- Snoozed - Temporarily disabled
Customization
The dashboard layout is fixed, but you can:- Set your default time range in user preferences
- Configure which severity levels appear in recent alerts
- Enable browser notifications for critical alerts
Next Steps
Alert Investigation
Learn to investigate alerts
Health Monitoring
Configure health thresholds