Dashboard¶
The rimae/scan dashboard provides a real-time operational overview of your vulnerability posture. It is the default landing page after login and auto-refreshes every 60 seconds.
First-Run Setup Checklist¶
If no assets have been inventoried yet, the dashboard displays a setup checklist instead of metrics. Complete these steps to begin:
- Configure Wazuh integration -- connect rimae/scan to your Wazuh manager.
- Review vulnerability sources -- enable or disable the 70+ data feeds.
- Review OS versions -- map your distro/version combinations so advisories match correctly.
- Trigger first inventory pull -- kick off the initial Wazuh sync.
Once assets are present the checklist is replaced by the full dashboard.
KPI Cards¶
Six key performance indicators are displayed across the top of the dashboard:
| Card | Description |
|---|---|
| Total Assets | Number of assets in inventory. Shows a secondary count of stale assets when any exist. |
| Open Vulns | Total open vulnerability matches (status open or in_review). Card border changes colour when the highest open severity is critical or high. |
| Critical | Count of open matches with CVSS >= 9.0. |
| CISA KEV | Count of open matches confirmed in the CISA Known Exploited Vulnerabilities catalog. This card pulses when KEV entries are present. |
| New (24h) | Vulnerability matches first seen in the last 24 hours. |
| Patch Coverage | Percentage of open vulnerabilities that have a known fix available. |
Note: All severity counts are derived from open matches only. Resolved and accepted-risk matches are excluded from KPI totals.
Vulnerability Trend Chart¶
A line chart below the KPI row plots daily vulnerability counts broken down by severity:
- Critical (dark red)
- High (amber)
- Medium (gold)
- Low (teal)
Use the period selector buttons to switch between 7-day, 30-day, and 90-day windows. The chart queries the /api/summary/trend endpoint and renders each severity as an independent line, making it easy to spot spikes in newly discovered vulnerabilities.
Hover over any data point to see the exact count for that day and severity.
Recent Activity Feed¶
The activity feed on the right side shows the latest system events, such as:
- Inventory sync completions
- Crawler updates (e.g. "NVD crawler updated 150 CVEs")
- New KEV entry detections
- EPSS score refresh cycles
- Correlation engine run completions
Each event is tagged with a severity level indicated by a coloured dot (critical, high, medium, low, info).
Coverage Metrics¶
Below the activity feed, three coverage health indicators are displayed:
- Fresh Inventory -- Percentage of assets with inventory data less than 24 hours old. The progress bar turns green at 80%+, yellow at 50-79%, and red below 50%.
- Sources Healthy -- Ratio of healthy vulnerability sources to total configured sources.
- Last Correlation -- Relative time since the last correlation engine run completed.
Top 10 Critical CVEs¶
A table at the bottom ranks the most critical open CVEs across your environment. Each row shows:
| Column | Description |
|---|---|
| CVE ID | Links to the CVE detail view. |
| CVSS | Base score rendered as a colour-coded bar. |
| EPSS % | Exploit Prediction Scoring System probability, displayed as a percentage. |
| KEV | Badge indicating CISA KEV status (confirmed or extended). |
| Exploits | Badges for Metasploit, Nuclei, ExploitDB availability. |
| Assets | Number of assets affected by this CVE. |
| Patch | Green check if a fix is available; grey X if not. |
The table is sorted by composite score descending and limited to 10 rows. Click any CVE ID to navigate to its full detail page.
Related Documentation¶
- Vulnerabilities -- CVE Explorer and advisory feeds
- Correlation Engine -- how matches are generated
- Remediation Queue -- acting on open vulnerabilities