Mitigation Dashboard
What is it for?
Section titled “What is it for?”The Mitigation Dashboard is the central control panel for monitoring the effectiveness and activity of the automatic mitigation system. It provides real-time metrics, trend analysis, and the ability to trigger manual mitigation analysis.
Dashboard components
Section titled “Dashboard components”1. Main statistics panel
Section titled “1. Main statistics panel”Total Blocked
- Metric: Total number of blocked IP addresses across history.
- Interpretation: High = active and effective system; low = few threats or inactive rules.
Blocked Today
- Metric: IP addresses automatically blocked in the last 24 hours.
- Interpretation: Sudden spikes can indicate ongoing attacks; a stable pattern indicates controlled threats.
Blocked Last Week
- Metric: IP addresses automatically blocked in the last 7 days.
- Interpretation: Compare with previous weeks to detect recurring attack patterns.
Attempts Prevented
- Metric: Estimated number of blocked attack attempts this month.
- Interpretation: Key security ROI metric; high = highly effective system.
2. Most blocked attack type
Section titled “2. Most blocked attack type”- Shows the most blocked alert type of the month.
- Includes a description of the attack type.
- Indicates where to focus additional effort.
3. “Activate Auto-Mitigation” button
Section titled “3. “Activate Auto-Mitigation” button”Manually analyzes all open alerts for the site and applies mitigation rules immediately, without waiting for the next automatic cycle.
When to use it:
- During an active attack: immediate threat response.
- After configuring new rules: apply them immediately to existing alerts.
- Manual review: when you suspect alerts have not been mitigated.
- Testing: verify that rules work correctly.
Process:
- Analyzes all open alerts for the site.
- Evaluates each alert against active rules.
- Applies blocks when thresholds are met.
- Shows the result: “X automatic mitigations were activated”.
!!! info "" Only available when there is a specific siteId.
4. Mitigation effectiveness card
Section titled “4. Mitigation effectiveness card”| Metric | Color | Target |
|---|---|---|
| Success Rate | Green | > 95% |
| Successful Mitigations | — | X of Y total |
| Failed Mitigations | Red | < 5% of total |
| Average Response Time | Blue | < 1000ms |
5. Activity summary
Section titled “5. Activity summary”- Automatic blocks (last month): total IPs blocked by the system.
- Manual blocks: IPs blocked by administrators.
- System status:
- “Active and Functional”: there are active blocks.
- “Ready”: system prepared but no active blocks.
Dashboard interpretation
Section titled “Dashboard interpretation”| Scenario | Interpretation | Action |
|---|---|---|
| ”Clean” dashboard with few blocks | Site is quiet or rules are not active enough | Verify whether rules are active |
| Sudden block spike | Possible coordinated attack | Review logs and consider additional measures |
| Constant blocks of one type | Specific vulnerability or vector under attack | Adjust rule or investigate vector |
| High failure rate | System is not blocking correctly | Review server configuration |
| High response time | Possible overload | Optimize rules or increase resources |
Best practices
Section titled “Best practices”Recommended monitoring:
- Review the dashboard daily during the first 30 days.
- Review it weekly once stable.
- Review it immediately after configuring new rules.
Trend analysis:
- Compare similar weeks, for example Monday vs. Monday.
- Identify hourly attack patterns.
- Correlate with site changes.
Documentation:
- Note significant spikes and their cause.
- Record configuration changes.
- Keep a false-positive log.