Theme
Security Dashboard
The Security Dashboard provides real-time visibility into security events, anomaly detection rules, and IP reputation management. It has four tabs: Overview, Events, Rules, and IP Reputation.
Overview Tab
Four stat cards at the top:
| Metric | Description |
|---|---|
| Total Events (30d) | Security events in the last 30 days |
| Unresolved | Events still open |
| Active Rules | Anomaly detection rules currently enabled |
| Blocked IPs | IP addresses currently blocked |
Below the stats:
- Events by Severity — breakdown of events by severity level
- Top Event Types — bar chart of most common event types
Security dashboard overview tab showing stat cards for total events, unresolved count, active rules, and blocked IPs, with events by severity breakdown and top event types bar chart
Events Tab
A filterable table of security events:
| Column | Description |
|---|---|
| Type | Event type (e.g., brute_force, impossible_travel, prompt_injection) |
| Severity | Badge colored by severity |
| Risk Score | Numeric risk score |
| IP | Source IP address |
| Action | Action taken (alert, block, rate_limit) |
| Status | Open or Resolved |
| Date | Timestamp |
Filters
- Severity dropdown
- Unresolved only toggle
Click Resolve on any open event to mark it as handled.
Security events table showing columns for type, severity badge, risk score, IP address, action taken, status, and date, with severity dropdown filter and unresolved toggle
Rules Tab
Anomaly detection rules define what triggers a security event.
Creating a Rule
- Click New Rule.
- Choose from pre-built rule templates or create a custom rule.
Rule Template Categories
| Category | Examples |
|---|---|
| Rate Limiting | Conversation rate limit, escalation rate limit, password spray detection |
| Geo-Restrictions | Location-based access control |
| Behavior | After-hours access, VPN/Tor detection |
| Pattern Matching | Sensitive data access patterns |
| Conversation Fraud | Prompt injection, social engineering, SSN/CC leakage, PII extraction |
Managing Rules
Each rule card shows:
- Name and severity badge
- Type and action (alert, block, rate_limit)
- Cooldown period
- Toggle switch to enable/disable (system rules)
- Delete button (custom rules only)
IP Reputation Tab
IP Lookup
- Enter an IP address in the lookup field.
- Click Lookup.
- The result shows:
| Field | Description |
|---|---|
| IP | The queried address |
| Location | Country and region |
| ISP | Internet service provider |
| Score | Reputation score |
| Threats | Badges for VPN, Tor, Proxy, Datacenter, Blocked |
Blocking / Unblocking IPs
- Click Block IP to add an IP to the blocklist. Blocked IPs are rejected on all requests.
- Click Unblock on a blocked IP to remove it.
Blocked IPs Table
Shows all currently blocked IPs with country, ISP, threat indicators, and an Unblock button.