Client Security Dashboard

Client Security Dashboard — Per-Tenant SOC Console

The Threatstealth client dashboard gives each organization a scoped security operations console — executive KPIs, active threat queue, compliance posture summary, and module access all in one view.

• Executive KPIs — MTTD, MTTR, open incidents, compliance score, and phishing resilience in one panel
• Active threat queue — open alerts and incidents sorted by severity with one-click triage
• Compliance posture — real-time control status across SOC 2, ISO 27001, PCI DSS, and CIS Controls
• Module access — WAF, EDR, MDM, IAM, and vulnerability scanner all accessible from the client console
• Custom branding — client-facing dashboard with MSSP or client organization branding
• Audit-ready evidence — direct access to control evidence and audit logs scoped to the client tenant

Executive Security KPIs: Translating Operations Into Leadership Language

The executive summary panel in the client security dashboard presents the security metrics that leadership cares about — not raw alert volumes or rule hit counts, but business-relevant KPIs that convey the security posture trajectory and operational effectiveness of the security programme. MTTD and MTTR trend charts show whether the team is detecting and responding faster or slower than in previous periods. The open incidents count with severity breakdown shows the current risk exposure. The compliance posture score shows whether the organisation is maintaining or improving its control coverage. The phishing resilience index shows the employee risk profile relative to peer benchmarks.

• MTTD trend — detection speed over rolling 30-day and 90-day windows with direction indicator
• MTTR trend — response speed metrics showing whether incident resolution is improving or degrading
• Open incident summary — current open incidents by severity with age indicators for overdue responses
• Compliance posture score — overall control coverage percentage across all active compliance frameworks
• Phishing resilience index — composite employee resilience score with trend and industry peer comparison

Active Threat Queue and Client-Scoped Alert Triage

The active threat queue in the client dashboard shows all open security alerts and incidents scoped to the client's organisation — a view that combines WAF attack alerts, EDR behavioural detections, IAM identity anomalies, and vulnerability scanner findings into a single severity-sorted list. Client security staff with analyst-level access can triage alerts, add investigation notes, assign alerts to owners, and mark findings as resolved or false positive directly from this queue. All client actions in the alert queue are logged and visible to the MSSP operator — allowing the MSSP to review client triage decisions and provide guidance where needed.

• Unified alert queue — WAF, EDR, IAM, and scanner findings in one severity-sorted client-scoped view
• One-click alert triage — status updates, owner assignment, and note addition without navigating to sub-modules
• Alert detail panel — full alert context, correlated signals, and investigation timeline accessible inline
• False positive workflow — structured false positive reporting with reviewer approval and suppression rule creation
• MSSP visibility — MSSP operator view of all client triage activity for oversight and guidance

Real-Time Compliance Posture Across Multiple Frameworks

The compliance posture panel shows the current control implementation status across all active compliance frameworks simultaneously — enabling organisations managing multiple simultaneous compliance obligations to see all frameworks in one view rather than navigating between separate compliance tools. Each framework is displayed as a posture percentage with a breakdown of compliant, partially compliant, and non-compliant controls. Clicking any framework opens the detailed control view with individual control status, the most recent evidence artifact, and the next evidence collection timestamp. Non-compliant controls surface in a gap remediation queue with suggested remediation actions and owner assignment.

• Multi-framework view — SOC 2, ISO 27001, PCI DSS, CIS Controls, and NIST CSF status in one panel
• Framework posture percentages — compliant/partial/non-compliant breakdown per active framework
• Control-level drill-down — individual control status, evidence link, and next validation timestamp
• Gap remediation queue — non-compliant controls listed with suggested actions and assignment workflow
• Compliance trend tracking — framework posture percentage trend over the past 30, 60, and 90 days

Module Access and Integrated Security Operations Workflow

The client dashboard serves as the primary navigation hub for all security operations modules available to the organisation. WAF management, EDR agent console, MDM device management, IAM monitoring, vulnerability scanner, phishing simulation, and compliance automation are all accessible directly from the client dashboard navigation without requiring separate logins or portal sessions. This integrated access model eliminates the context-switching overhead of traditional point-solution security stacks and ensures that all security data remains correlated — an analyst investigating a WAF alert can immediately pivot to the affected server's EDR agent view and the relevant user's IAM event history in the same session.

• Single-session access — all security modules accessible from the client dashboard without additional authentication
• Module navigation — direct links to WAF, EDR, MDM, IAM, vulnerability management, phishing, and compliance
• Cross-module investigation — alert-level links enabling one-click pivot to related module views for investigation
• Notification centre — unified alert and compliance notification feed across all active modules
• Audit log access — direct access to all security audit logs scoped to the client tenant for compliance review