Dashboard

The Dashboard provides an identity-centric view of fleet security posture, surfacing the highest-risk identities, critical findings, and module-gated security metrics.

Identity Risk Score

The Identity Risk Hero widget occupies the top of the Dashboard. It displays the fleet-wide identity risk score — a value from 0 to 100 where higher numbers indicate greater risk — alongside a trend line showing how that score has changed over recent periods. Below the score, a breakdown shows the proportion of identities by type: Human, Service, and Dormant. This score reflects identity-level risk signals across the fleet, not server posture or uptime.

The Environment and Tag selectors at the top of the page apply to all Dashboard widgets. Changing the environment or tag filter narrows every widget — including the identity risk score, summary cards, and the findings feed — to the selected subset of the fleet.

Top Identity Risks

Three summary cards sit below the identity risk score, each highlighting a specific risk dimension:

Who can root shows the count of identities across the fleet that have a path to root access — through direct UID 0 membership, SUDO rules, group membership in privileged groups, or other mechanisms. A high count indicates broad privilege exposure.

Privilege drift captures changes in privilege scope over the measured period — identities that gained or lost elevated access, new SUDO rules added, and group membership changes that affect privileged access. Unexpected upward drift warrants investigation.

SSH exposure surfaces the SSH key risk signal across the fleet: keys with weak algorithms, keys authorized on multiple servers, and orphaned keys associated with accounts that no longer exist.

Critical Findings Feed

The Critical Findings Feed is a chronological, auto-refreshing stream of the highest-priority findings from across all pillars. It draws from four sources simultaneously: security signals from Zero Trust Enforcement, configuration drift events, compliance control failures, and identity risk events. Findings appear in a unified view regardless of which pillar generated them, making it the fastest place to see what requires immediate attention.

Module-Gated Sections

Professional and Enterprise tenants see additional sections below the Critical Findings Feed that are not present on the Starter tier:

The Zero Trust section shows an activity summary for signals detected in the current period, a drift event count with severity breakdown, and an SSH key health summary across the fleet.

The Compliance section shows pass/fail scores for each enabled compliance framework. Scores reflect the current state of enrolled servers against each framework's control requirements.

The Response Summary Widget appears when the zero-trust module is present. It shows active response commands currently in flight and a log of recently completed response actions.

Starter tier tenants see an expanded Identity Risk Hero widget with additional findings in the Critical Findings Feed in place of these sections.

Note: Module-gated sections display an upgrade prompt for tenants without the required module license. The Dashboard structure adapts to the modules enabled on your account — sections that require an unentitled module are replaced with information about enabling that module.

Related: Console Overview | Identity Intelligence | Zero Trust Enforcement | Compliance & Audit