Operations

How to Read Your Security Dashboard

A guide to the Xpernix security dashboard — understanding alert queues, risk scores, trend charts, and compliance widgets to get daily security situational awareness.

5 min read Last updated: March 2026

Overview

The Xpernix Security Dashboard is your daily starting point. This guide explains every section so you can build a consistent morning security review habit in under 10 minutes.

Dashboard Sections at a Glance

Section What it shows
Risk Score Composite score (0–100) for your environment this week
Open Alerts Alerts awaiting your acknowledgement
Alert Trend 30-day bar chart of alerts by severity
Top Threats Most active MITRE techniques detected
Source Health Status of all connected log sources
Compliance Posture Coverage against your selected frameworks

The Risk Score

Your environment’s Risk Score (top of dashboard) is calculated daily from:

  • Number and severity of open alerts
  • Unresolved critical findings older than 48 hours
  • Detection coverage gaps (log sources with low activity)
  • Threat intelligence matches against your assets

A score below 20 is green (healthy). 20–60 is amber (needs attention). Above 60 is red (action required).

The score trend line shows your trajectory over the last 30 days — a declining score is good.

Open Alerts Queue

The Open Alerts widget shows alerts that have been reviewed by Xpernix analysts but require your acknowledgement or action.

Each alert card shows:

  • Severity (Critical / High / Medium / Low)
  • Title and affected asset
  • Analyst note — what we found and recommended next step
  • Time to respond — SLA timer for critical alerts

Click any alert to open the full incident view with timeline, raw events, enrichment data, and response playbook.

Alert Trend Chart

The 30-day chart shows alert volume broken out by severity. Use it to spot:

  • Spikes — sudden increase on a specific day (often correlates with a scan, attack, or new log source)
  • Gradual increases — slowly growing noise problem
  • Drops — may indicate a log source went offline (check Source Health)

Click any bar to filter the alert list to that specific day.

Top Threats (MITRE ATT&CK)

This panel maps your alerts to MITRE ATT&CK tactics and techniques. Techniques with the most alerts in the last 7 days are ranked at the top.

If you see T1078 - Valid Accounts frequently, it may indicate credential stuffing. If T1059 - Command and Scripting Interpreter is prominent, check your endpoint detections.

Source Health

Every connected log source has a health status:

Status Meaning
🟢 Healthy Events arriving within normal latency
🟡 Degraded Events arriving but below expected volume
🔴 Down No events in the last 2 hours
⚪ Paused Source manually paused

A down source is a blind spot. Xpernix will alert you automatically, but checking this daily is a good habit.

Compliance Posture Widget

If you’ve enabled a compliance framework (SOC 2, ISO 27001, PCI-DSS), this widget shows your current coverage percentage and any controls with gaps.

Click View Full Report to generate a PDF report suitable for auditors.

Building a Daily Review Habit

A good morning security review takes less than 10 minutes:

  1. Check Risk Score — is it trending up or down?
  2. Clear the Open Alerts queue — acknowledge and assign as needed
  3. Scan Source Health — fix any red sources
  4. Glance at Top Threats — anything unusual?

Your Xpernix analyst team will proactively reach out via your dedicated channel if there’s anything requiring urgent attention outside of this cadence.

Ready to get started?

Book a free discovery call — we'll have your managed SIEM environment live within hours.

Book a Discovery Call