Executive Dashboard

Risk Scores are AI-computed composite rankings for every endpoint. The score combines node risk (local vulns), choke score (network centrality), local risk (CVE severity), and proximity to crown jewels. Higher = more dangerous.

Attack Graph shows how an attacker can traverse your network from internet-facing entry points to crown-jewel assets. Drag nodes to rearrange. Edges show adjacency — thicker = higher traversal probability. Crown jewels have a 👑 icon.

Risk Heatmap provides a bird's-eye view of all endpoints as colored tiles. Red = Critical (≥75), Orange = High (≥50), Yellow = Medium (≥25), Green = Low. Filter by tier using the dropdown. Click a cell for details.

Alert Rationalization uses the attack graph to prioritize alerts by crown-jewel impact. Alerts on endpoints that sit on attack paths to critical assets are ranked higher. Low-impact alerts are auto-suppressed — reducing noise up to 80%.

Assets are the network endpoints in your environment. Click "+ Add Asset" to register servers, VMs, containers, or network devices. Include the hostname, IP, OS info, and sensitivity label. The graph engine uses assets to compute attack paths.

Vulnerabilities are CVE findings from your scanner tools (Qualys, Nessus, etc.). Click "+ Add Vulnerability" and link each CVE to an asset. Include CVSS base score, EPSS probability, severity, and exploit/patch status. These feed directly into the risk scoring engine.

Identities are the user accounts, service accounts, and managed identities in your environment. These feed the Identity Surface (IDSurf) score — a key factor in attack path probability. Privileged accounts without MFA create high-risk pivot vectors.

What-If Simulator lets you test remediation actions before deploying them. Add actions like patch_vulnerability, add_segmentation, isolate_endpoint etc., then hit Run Simulation. Compare before/after risk scores and ROI to prioritize budget.