Your Dashboard

The dashboard is your daily operational view into your organization's vulnerability posture. It aggregates data across all your environments into a single-pane summary designed for a quick morning review or a shift handoff glance.

Threat Pulse

The Threat Pulse banner at the top of the dashboard shows the global infrastructure threat level from the SANS Internet Storm Center (ISC) INFOCON:

This is not your environment's risk level. It is the global backdrop. A GREEN INFOCON with a full Strike List still means you have work to do. An ORANGE INFOCON with an empty Strike List means the industry is under pressure but your specific assets are not currently affected.

Your Exposure

The left section of the dashboard shows aggregate exposure metrics across all your environments:

Total Findings: The count of all active (non-acknowledged, non-dismissed) findings across all environments. This is your current open workload.

KEV Count: How many of your active findings are in the Known Exploited Vulnerabilities catalog. This number should be as close to zero as possible. Every KEV finding represents a confirmed, actively exploited vulnerability in your environment.

Critical Count: How many active findings have a CVSS score of 9.0 or higher. These are the most severe vulnerabilities.

Donut Chart: A visual breakdown of active findings by severity:

• Red: Critical (CVSS 9.0-10.0)
• Orange: High (CVSS 7.0-8.9)
• Yellow: Medium (CVSS 4.0-6.9)
• Blue: Low (CVSS 0.1-3.9)

Exploited Count: Findings with confirmed active exploitation (KEV flagged or exploit_maturity = WEAPONIZED).

Public Exploit Count: Findings with publicly available exploit code (FUNCTIONAL or WEAPONIZED).

PoC Count: Findings with proof-of-concept code available.

By Layer Breakdown:

• OT: X findings -- OT team owns these.
• OS: X findings -- IT team owns these.
• NETWORK: X findings -- network team owns these.

This breakdown answers "who owns what" at a glance. Use it to assign workload and track progress by team.

Strike List

The right section of the dashboard shows the Strike List -- your top CVE findings ranked by BCS score (exploitation urgency).

Each Strike List entry shows:

• CVSS score bubble (color-coded by severity)
• CVE ID and truncated title
• KEV badge (red) -- if this CVE is confirmed exploited
• EXPLOIT badge (orange) -- if a public exploit is available
• PoC badge (yellow) -- if proof-of-concept code exists
• EPSS percentile badge

The Strike List ordering logic:

1. KEV flagged AND EPSS 90th percentile or higher (always at the top).
2. KEV flagged, any EPSS.
3. Public exploit available, high EPSS.
4. PoC available, high CVSS.
5. High CVSS, high EPSS, no exploit.

Click any Strike List entry to open the full CVE detail page where you can read SAGE analysis, check patch status, acknowledge the finding, or create a ticket.

Dashboard Refresh and Caching

The dashboard data updates every 5 minutes via a cached endpoint. The first load after the cache expires may take 1-2 seconds as the cache is rebuilt. Subsequent loads within the 5-minute window return in under 10 milliseconds.

For real-time intelligence, do not rely on the dashboard. The dashboard is a posture summary. For real-time alerts, configure your integrations (email, Teams, Slack, webhooks). For real-time threat news, check the Intel section.

What the Dashboard Is Not

The dashboard is not a real-time threat feed. It is a posture snapshot. It shows your current exposure and your top priorities. It does not stream live exploitation events.

The dashboard is not a replacement for triage. It shows you where to start. The actual triage workflow happens in the environment findings list, where you review individual findings, acknowledge them, and create tickets.

The dashboard is not a replacement for reports. For management presentations, compliance submissions, or detailed analysis, use the Reports section to generate formatted, exportable documents.