The dashboard is the first page operators see when they sign in. It answers three questions at a glance: what is happening right now, what is unusual, and where should I look first.
Headline metrics
The top of the page shows four counters for the selected window (default: last 24 hours):
- Total actions: every request the proxy handled.
- Allowed: requests that matched a permissive policy or no policy.
- Flagged: requests forwarded but flagged for review.
- Denied: requests rejected by policy or rate limit, plus DLP blocks.
Each counter shows a delta against the previous matching window so you can spot trends.
Action-status breakdown
A stacked time-series chart shows the breakdown of ALLOWED, FLAGGED, DENIED, DLP_BLOCKED, and DLP_WARNED over the window. A spike in any non-ALLOWED series is your cue to drill into Sessions.
Top agents
A list of the most active agents with their request count, error rate, and latency p95. Click any row to jump to the agent’s detail page with the same chart filtered to that agent.
Top policies
A list of policies by fire count: useful for confirming that the policies you authored are matching what you expect. A noisy policy is often the first sign of either misconfigured agents or evolving attack patterns.
DLP findings
A breakdown of findings by class (PII, secrets, source code, custom). Each class links to a filtered view in DLP.
Time and tenant filters
Two filters at the top of the page apply to every widget:
- Window: last hour, last 24 hours, last 7 days, or a custom range.
- Tenant: for users with access to multiple tenants.
Filters are reflected in the URL so dashboards are shareable.