SOC overview · live
Dashboard
Posture, throughput, and AI-triage health across the last 24 hours. Drill into Incidents for correlated kill-chains or Alerts for individual investigations.
Alerts (24h)
14,280
vs 7d avg +8.2%
Auto-triaged
95.3%
13,602 closed by copilot +1.4pp
Open incidents
3
1 critical · 2 high
MTTR
18m
FP rate 4.2% -6m
Alert volume · 24h
10,455
peak 720 @ 13:00
00:0006:0012:0018:00now
AI verdict mix
- True positive5
- False positive1
- Needs review2
- Benign0
Severity distribution
- critical2
- high4
- medium2
- low0
ATT&CK tactic spreadmap →
- Persistence2
- Execution1
- Credential Access1
- Exfiltration1
- Lateral Movement1
- Initial Access1
- Command & Control1
Top risk entities
- 185.220.101.42ip · external96
- DC-EU-01host · internal95
- invoice-portal-corp[.]codomain · external93
- a3f9...c21efile · external88
- svc_backupuser · internal84
Open incidents
3- CRITICALinvestigatingSuspected hands-on-keyboard intrusion via finance phishingINC-2026-0418 · 5 alerts · 11 entities · owner you
- HIGHopenM365 password spray from residential proxyINC-2026-0417 · 1 alerts · 25 entities · owner j.park
- HIGHopenAnomalous S3 read volume by order-workerINC-2026-0416 · 1 alerts · 4 entities · owner unassigned
Copilot today
- 13,602 alerts auto-closed (auditable).
- 67 escalated to analyst review.
- Mean copilot verdict in 42s.
Connector healthall →
- Microsoft SentinelSIEM
- CrowdStrike FalconEDR
- OktaIdP
- AWS GuardDutyCloud
- VirusTotalTIP