Skip to content
Mimir

Dashboard overview

Dashboard overview

The Dashboard is the page Mimir drops you on after sign-in. It’s a single-screen status board for an operator who just sat down at the console and wants the same three answers every time: how big is my fleet right now, is anything on fire, and what’s the trend. Every card on the page is read-only, and the whole layout refreshes every 30 seconds so you can leave it open as a passive monitor.

What you get

The page is one row of stat cards across the top, an optional row of trend sparklines beneath them, and a two-column grid for everything else.

Stat cards (top row, six cells) are the load-bearing numbers:

  • Total Hosts — every host the server knows about, including decommissioned ones. Bookmarks against total_hosts from GET /api/v1/dashboard/summary.
  • Online — agents whose last check-in is inside the staleness window. Tracks the green dot in the Hosts list.
  • Stale — agents past the online threshold but not yet past the offline threshold. Triage these first: they’re either misbehaving or about to drop off.
  • Offline — agents that haven’t checked in for a long stretch.
  • Critical Offline — the subset of offline hosts tagged critical in the fleet config. These need the loudest attention.
  • Fleet Compliance — the rolled-up pass rate across every active compliance policy. A pill renders green at 90% and up, yellow at 70–89%, red below 70%.

Trend sparklines (second row, three cells, rendered only when the server has captured more than one snapshot) chart the same three top-level metrics across recent samples: online hosts, compliance percentage, alert count. Outlier samples are flagged with anomaly markers — a dropping compliance line or a spiking alert count gets visual emphasis before you even read the number.

Compliance Breakdown (left column, lower) is the big table of your compliance posture, one row per policy. Each row shows policy name, the severity badge (high / medium / low), the platforms it applies to, the compliance pill (computed the same way as the fleet header), and the per-policy hosts passing / total counts. Click any row to expand a short preview of the failing hosts. If a policy has more than five failures, click View all N failing hosts → to open the side-panel drilldown — it lists every failing host with a link to the host detail page and a Copy hostnames button to dump the list to your clipboard. Severity is the primary sort (high first, then medium, then low), with worse compliance breaking ties inside each severity tier.

Top Alerts (left column, below compliance) is a five-row preview of the highest-priority unacknowledged alerts, sourced from the same security_events feed the Alerts page reads. Click a row to open the alert directly.

Recently Checked In (right column, top) is the five most recent agent heartbeats, with a status dot and a human-friendly timestamp. Quick way to confirm a freshly-enrolled host actually phoned home.

OS Distribution (right column) is a horizontal bar chart of the fleet’s OS breakdown. Useful for spotting drift like “we have one random Debian box in a Windows shop.”

Agent Health (right column, only rendered when at least one counter is non-zero) surfaces three operational signals: certs expiring within 30 days, total agent reconnects in the last 24 hours, and hosts whose FIM (file integrity monitor) heartbeat is more than 30 minutes stale. A non-zero number in any row means something to look at; zero rows are hidden so the card stays quiet during healthy periods.

Compliance by Platform (right column, below agent health, only rendered when policy data exists) breaks the same compliance pill down per OS family — useful for “is the failure concentrated on macOS?” diagnostics.

Why use it

Three patterns:

  1. Open-and-glance triage. First thing in the morning, open the Dashboard, scan the six stat cards. If Critical Offline is non-zero or Fleet Compliance dropped overnight, you have a lead.
  2. Passive monitoring. The page polls every 30 seconds, so you can park it on a side monitor during incident-response windows. The staleness banner (see below) tells you if the page has gone quiet.
  3. Compliance review. Use the Compliance Breakdown table as the entry point into “which policies are failing on which hosts” — the drilldown panel gives you a copyable list of hostnames you can hand to a remediation team.

Freshness and staleness

The dashboard auto-refreshes every 30 seconds. If the auto-refresh stalls for more than a minute, Mimir renders a yellow Last updated N min ago banner at the top of the page — that’s the signal to check the server connection, not to keep trusting the numbers below. The agent health panel polls on its own 60-second interval; the rest of the page shares the dashboard summary fetch.

If a fetch fails outright, a red “Could not reach the server” banner appears and the page keeps showing the last-known values rather than blanking out. That’s deliberate: stale data with a loud banner is more useful than an empty page during a server hiccup.

Permissions

GET /api/v1/dashboard/summary is gated by withAnyAuth — every signed-in user sees the same fleet-wide aggregates. There’s no per-tenant filtering: Mimir’s tenancy boundary is the deployment, not the row. If you need separate dashboards for separate teams, that’s a separate Mimir instance.

Where to next

  • Alerts — open the full alert feed when Top Alerts shows something worth investigating.
  • Hosts — jump into a specific host’s detail view when a compliance failure or recent-checkin entry catches your eye.
  • Hunts — start a fleet-wide IOC sweep when the alert feed suggests something needs proactive hunting.