The consolidated view

How the AlertKick dashboard combines infrastructure, security, alerts, and compliance onto one screen - and how to read it at a glance.

Updated

The AlertKick dashboard is built around one assumption: when something’s wrong, you want to know what, where, and who’s handling it, without opening five tabs. This guide walks through the layout and explains what each panel is telling you.

The top strip

Across the top of every page you’ll see four counters: servers, active alerts, security events (24h), and on-call. The numbers are colour-coded so a glance is enough - red means something needs attention, green means quiet. Click any of them to jump to the filtered list.

Servers

The default view groups servers by status:

  • Online - agent has checked in within the last 60 seconds
  • Stale - last check-in 1-10 minutes ago
  • Offline - no check-in for more than 10 minutes
  • Pending - agent registered but hasn’t reported yet

Each row carries the hostname, vendor (Ubuntu, Debian, Rocky, Alpine…), agent version, and a quick-status chip for each enabled check (CPU, memory, disk, docker, eBPF). Hover the chip to see the current value; click the hostname to open the server detail page with full graphs and event history.

Active alerts

Alerts are grouped by host and then by check, so the same disk-full event across three servers reads as three lines rather than thirty. Each alert shows:

  • The check that triggered it and its current value
  • How long it’s been firing
  • The escalation level it’s reached (see [[escalation-policies]])
  • Who’s currently on the hook for it

Security events

The security panel surfaces only events that the AI verdict ranked above info. The full firehose is one click away, but the dashboard keeps it focused on what the on-call needs to act on - critical, high, and unverified events that haven’t been triaged yet. MITRE ATT&CK tactic chips appear next to each event (see [[mitre-attack-overview]]).

What’s not on the dashboard, on purpose

  • Per-metric graphs - these live on the server detail page, not on the overview. Tens of small graphs at the top level mostly add noise.
  • Compliance score trend - moves slowly enough that a daily email is more useful than a dashboard tile.
  • Long historical alert lists - only the active ones are shown here; the search page is for digging into resolved history.

Tips

  • Use the Acknowledge button to silence further escalation while you investigate. Acknowledgement is recorded with your name and the time, and shows up on the alert’s audit trail.
  • The dashboard auto-refreshes every 10 seconds. If you need a fixed snapshot for a screenshot, click the pause icon in the top right.
  • Mobile and tablet layouts collapse the side panels into bottom tabs so the same four counters and the active alerts list are one tap away.

Next steps

  • Configure [[escalation-policies]] so alerts route to the right person.
  • Set up [[roster-management]] to share the on-call load across the team.
  • Turn on eBPF security and read the [[mitre-attack-overview]] guide.