1. Expel Help Center
  2. Getting Started with Expel
  3. Dashboards

Situation Report Dashboard

The Situation report shows you an overview of your organization and activity. This report also specifically highlights open actions that need to be taken care of by your organization. When you first open this tab, you see information for the last 30 days, but you can specify a different time period using the list on the right.

WB_Situation_Report_Dashboard.png

To open this screen, click Dashboards > Situation Report.

Each area on this screen shows you specifics about your environment. Depending on your specific environment, your screen can look slightly different than our examples here.

Activity metrics

This area shows you a quick overview of what Expel is doing and noticing in your environment. To see charts and dig a little deeper into these metrics, click the bottom of the area. It expands to show you more information.

WB_Situation_Report_Activity_Metrics_expanded.png

In this area, the information is divided into further categories for you. For example, you see 883 reviewed alerts in the last 30 days, with the alerts separated into categories on a chart.

Open action items

This area shows you a summary at a glance of the important areas below. Investigative Actions and Remediation Actions specifically require your organization to take action to complete them. Click one of the areas to go to that area.

WB_Security_Report_dashboard_open_action_items.png

Open security incidents

This area shows you any open security incidents you have. Security incidents don't close automatically after remediation actions are completed by you. Close the incident or ask the SOC analysts to close it after all remediation steps are complete.

WB_Security_Report_dashboard_open_security_incidents.png

Our example here shows 10 open incidents, but you can have more or less than that.

 

You can see some details about any investigation in your environment. You see the threat level above the incident and the status of the incident in the charts on the left. You can also click Findings or Remediations under the charts to see more details. In the incident area on the right, you see threat type, the attack timing, the detection technology, and more. To see the specifics for an incident, click the name of the incident.

Open remediation actions

This area shows you any open remediation actions that must be taken by your team.

WB_Security_Report_dashboard_open_remediation_actions.png

You can scroll the list to see more details. You can also select a checkbox, if available, and block items. This allows you to easily remediate in one place. To see all remediation actions, click View all remediation actions. For privacy concerns, we blurred some of the information in this example.

Open investigative actions

This area shows you any open investigative actions that need to be taken by your team.

WB_Security_Report_dashboard_open_investigation_actions.png

You can see the details about any open investigation in your environment and what the next steps are for your team. To see all open investigative actions, click View all investigative actions. For privacy concerns, we blurred some of the information in this example.

Open investigations

This area shows you all the open investigations.

WB_Situation_Report_Open_Investigations.png

You can see all currently open investigations with quick overviews. Click the link to open an individual investigation to see more details.

Related articles