Global / Active Alerts Dashboard Explained

This section explains the data and calculations behind the "Global View" and "Active Alerts" dashboards. Its goal is to help you understand how we transform raw alert data into the meaningful counts and trends you see on your screen.

Recent Alerts (Last 24 Hours)

Figure 1 – Recent Alerts Dashboard

This widget gives you a quick snapshot of recent alert activity, broken down by severity (Critical, Attention, Review).

Main Number (e.g., 18): This is the total count of active alerts for that severity level over the past 24 hours.
Trend Number (e.g., +3): This shows how the alert count has changed compared to the previous 24-hour period (from 48 hours ago to 24 hours ago).
A positive number (e.g., +3) means you have more alerts in the last 24 hours than you did in the 24 hours before that.
A negative number (e.g., -4) means the alert count has decreased.
A zero means that the alert count remained the same.

Figure 2 – Recent Alerts trend calculation

Figure 2 illustrates a process of determining the Recent Alerts trend number. To determine the trend, the system subtracts the number of active alerts in the current 24-hour period (blue line) from those in the previous 24-hour period (yellow line).

Total Alerts

Figure 3 – Total Alerts Dashboard

This widget gives you a quick snapshot of all alert activity, broken down by severity (Critical, Attention, Review).

Main Number (e.g., 18): This is the total count of active alerts for that severity level.
Trend (e.g.,”Rising”): This shows how the alert count has been changing over the past 7 days. Read more about trend calculations here.

Top Tenants with New Alerts in 24 Hours

Figure 4 – Top Tenants with New Alerts Dashboard

This list shows which of your azure tenants or AD agents have generated the most new alerts over the past 24 hours. It's a quick way to identify which sources are currently the "noisiest" or most at-risk.

7-Day Alert Timeline

Figure 5 – 7-Day Alert Timeline Dashboard

This graph displays the total number of alerts generated each day for the last seven days. This helps you visualize daily fluctuations and spot patterns over the course of a week. The timeline includes data for the current day, which may change as new alerts come in.

How Alert Trends (Rising, Improving, Stable) Are Calculated

On your Total Alerts dashboard and in your Total Alerts table, you'll see a trend status next to your alert counts, labeled as Rising, Improving, or Stable. This status is not just a simple comparison; it's the result of a statistical analysis of your alert volume over the last 7 days.

Here’s the step-by-step process we use to determine your trend:

Step 1: Gather the Data

First, the system collects the total number of alerts for each of the past seven days. This gives us a 7-day history of your alert volume.
Step 2: Check for Stability

Before looking for a trend, the system checks if the alert volume is already flat. If the number of alerts is almost the same every day (e.g., [10, 11, 10, 12, 10, 11, 10]), the trend is automatically classified as Stable. This check prevents the system from flagging insignificant daily fluctuations as a trend.
Step 3: Calculate the Trend

If the alert numbers show enough variation, the system uses a statistical method (Spearman's Rank Correlation) to analyze the relationship between time and your alert counts. This method is excellent at identifying a consistent direction, even if the changes aren't perfectly linear day-to-day.

The result of this calculation determines the trend:

Rising: This indicates a consistent upward pattern in the number of alerts over the 7-day period. It suggests a worsening situation that may require investigation.
Improving: This indicates a consistent downward pattern in alert volume. It suggests that issues are being resolved or that previous risks are diminishing.
Stable: This is reported when there is no clear upward or downward correlation. This can mean the alert volume is either consistently low/high or fluctuates randomly without a clear direction.