Overview

The Overview tab in AttackMetricx Brand Protection acts as the mission control center for safeguarding your organization’s digital identity. It consolidates all key metrics ranging from overall brand risk and takedown activity to severity distribution and platform exposure into a single, dynamic dashboard. Instead of leaving teams guessing where threats originate, the system transforms raw monitoring into real-time intelligence, empowering analysts to prioritize efforts and measure progress with confidence.

What makes this dashboard powerful is not only the breadth of visibility it provides, but also the depth of context. Every widget is backed by automated intelligence and cross-platform monitoring, ensuring that executives, SOC teams, and compliance officers can all view brand threats in a format tailored for both strategic and operational decision-making.

Now that we understand its importance, let’s dive into the Overview tab and explore the core components that make it the first stop in any brand protection strategy.

Add Organization Info

The Add Organization Info feature is the foundation of the Brand Protection module. Before any monitoring or takedown action can be executed, the platform requires organizations to formally define and validate their profile. This step is critical because it ensures that every enforcement request (such as removing fraudulent pages, ads, or fake accounts) is backed by legitimate ownership and legal authority.

Within this section, analysts are asked to provide:

• Organization Name – The official registered name of the entity.

• Email Address & Phone Number – Verified contact details for escalations and confirmations.

• User Name – The account owner or administrator responsible for brand oversight.

• Add Official Social Media Links – Legitimate accounts of the organization (e.g., Facebook, LinkedIn, Instagram) are entered to help the system distinguish between authentic and fraudulent identities.

• Upload Files – Legal evidence such as power of attorney, trademark certificates, or other documents that authorize AttackMetricx to request takedowns on behalf of the brand.

• Has Been Onboarded – A confirmation toggle that indicates the setup process is complete. Once enabled, the organization is considered officially onboarded, which unlocks the takedown workflows.

  At this stage, analysts are also required to choose the operational mode for handling fraudulent content. These modes determine how the system will act when detecting impersonations or brand abuse:

  • Auto Takedown (Exclude Whitelisted URLs) – The platform automatically initiates takedowns for all detected fraudulent items except for URLs explicitly whitelisted by the organization.

  • Takedown Only Upon Manual Request – No action is taken until an analyst manually requests a takedown.

  • Takedown Only After Official Email Approval – Each takedown requires explicit approval via an official email before execution.

  • Monitor Only – No Takedown Actions – The system will monitor and log fraudulent activity without taking any removal action.

By completing this step, the organization empowers AttackMetricx to act swiftly and decisively against impersonation attempts, counterfeit campaigns, and other brand abuse across digital platforms. Without onboarding, takedown workflows remain locked and monitoring is limited to observation only.

Brand Protection [Organization Name]

Once the organization information is added, the system clearly reflects the protected entity’s name on the left navigation pane. For example, it might display:

Brand Protection [ Cystack – Palestine]

This ensures analysts always have clear visibility into which brand profile they are currently monitoring and managing. It also helps distinguish between multiple organizations if the SOC (Security Operations Center) is responsible for protecting more than one brand at the same time.

Organization Risk

The Organization Risk gauge is the central indicator in the Brand Protection Overview. It summarizes your brand’s exposure level by analyzing active fraud cases, their severity, volume, recency, and the effectiveness of takedown actions. The result is a single score on a 0–100 scale, mapped to clear grades:

• A (90–100): Excellent posture — minimal brand abuse detected, cases are resolved quickly and efficiently.

• B (80–89): Strong posture — low exposure, only a few cases pending; takedown workflow is effective.

• C (70–79): Moderate posture — exposure exists and requires continuous monitoring to prevent escalation.

• D (60–69): Weak posture — noticeable abuse activity; delays in review or takedown actions increase risk.

• E (50–59): Poor posture — significant open or severe cases, takedown speed is too slow.

• F (≤50): Critical posture — high exposure and unresolved threats; urgent action required to protect the brand.

Brand Status

The Brand Status widget provides a real-time breakdown of all takedown activities and their current stage. It allows security and compliance teams to instantly see how brand-abuse incidents are being handled and whether they require further action. The total count at the top (e.g., 77 ALL) reflects all tracked incidents.

Breakdown of categories

• Completed Takedown (Green): Successfully removed fraudulent or abusive content. Demonstrates system efficiency and successful enforcement.

• Takedown In Progress (Blue): Ongoing cases where removal requests are already in motion but not yet finalized.

• Takedown Rejected (Red): Cases internally marked as rejected by the customer for example, if a finding is deemed irrelevant, low risk, or not worth escalation.

• Out of Scope (Orange): Items detected but deemed outside the agreed coverage scope.

• Reviewed (Yellow): Cases already checked by the team, with no further action needed.

• Pending Customer Review (Purple): Incidents awaiting customer validation or input before any takedown action can proceed.

Why it matters

By combining counts with color-coded categories, the Brand Status widget gives a clear operational snapshot of where threats stand helping prioritize urgent cases (e.g., rejections or pending approvals) and track overall progress in protecting the brand.

Activity Tracker

The Activity Tracker is a visual timeline chart that illustrates how takedown activities evolve over time. Instead of just static numbers, it transforms raw takedown data into a dynamic, color-coded with dates graph making it easy to see trends, spikes, and the overall effectiveness of brand protection efforts.

How it works

• The X-axis represents time (dates/months), allowing analysts to track when specific activities occurred.

• The Y-axis reflects the volume of takedown actions.

• Each action type is plotted with a distinct color for instant recognition:

  • Green: Completed Takedown

  • Blue: Takedown In Progress

  • Red: Takedown Rejected

  • Yellow: Reviewed

  • Orange: Out of Scope

Why it matters

The Activity Tracker doesn’t just log numbers it tells the story of your brand’s defense over time. Analysts can immediately identify:

• When brand abuse incidents peaked.

• How quickly takedowns were executed.

• Whether most cases are being completed, stuck in progress, or rejected.

By visualizing takedown operations in near-real time, the Activity Tracker provides executives with a clear performance snapshot and gives SOC teams the ability to prove ROI by showing measurable improvements in brand protection efforts.

Brand Severity

The Brand Severity widget is a risk-classification radar chart that categorizes every detected fraudulent incident based on its potential impact. Instead of viewing all takedowns as equal, this feature shows how dangerous each case is, empowering teams to prioritize what matters most.

How it works

• Each severity level is represented by a specific color for immediate clarity:

  • Red (Critical): Incidents posing the most urgent and damaging threat (e.g., large-scale phishing sites, financial fraud).

  • Orange (High): Major risks requiring swift attention, such as fake social media accounts targeting customers.

  • Yellow (Medium): Moderate threats with contained impact but still needing resolution.

  • Green (Low): Low-risk or less exploitable cases.

  • Blue (Info): Informational alerts for monitoring and awareness.

• The percentage distribution across these categories instantly reveals the threat landscape profile of the brand.

Why it matters

Severity-based visualization ensures that organizations don’t just count takedowns but understand their weight and urgency. This helps:

• Executives grasp the real business risk at a glance.

• SOC teams focus efforts on high and critical cases first.

• Strategic defense planning by correlating which severity level dominates over time.

In short, the Brand Severity chart transforms takedown data into actionable prioritization intelligence, proving the platform’s strength in not just detecting brand abuse—but ranking it by impact.

Platform Distributio

The Platform Distribution widget visualizes where fraudulent activities tied to your brand are most frequently detected. By mapping incidents across platforms—such as social media, messaging apps, websites, ads, and underground channels—it highlights the ecosystems most exploited by attackers.

• Each platform type is represented with a distinct color, paired with absolute counts and a proportional pie chart for quick visual comparison.

• For example:

  • Blue (Facebook): Often the highest exposure point due to fake pages, cloned profiles, and scam campaigns.

  • Purple (Websites): Fraudulent domains or phishing clones impersonating your brand.

  • Teal (Instagram): Fake accounts or misleading ads targeting your customers.

  • Green (WhatsApp) & Yellow (Ads): Fraudulent campaigns spreading via messaging or ad networks.

  • Others (X, TikTok, Telegram, Truecaller): Additional platforms monitored for abuse, even if currently reporting zero cases.

Why it matters

This breakdown allows organizations to pinpoint where their brand is most at risk and allocate takedown resources accordingly. Instead of spreading efforts thin, security teams can prioritize high-volume channels (e.g., Facebook or websites) while still monitoring emerging vectors like Telegram or TikTok.

Ultimately, Platform Distribution transforms scattered incidents into strategic insights, showing not only how much brand abuse exists but also where adversaries choose to operate. This visibility empowers proactive defense and faster remediation across the most exploited environments.

Fraud Indicators List

The Fraud Indicators List is a customizable input panel that lets organizations define specific keywords, phrases, or identifiers tied to their brand. These could include product names, executive names, campaign titles, or internal project codes. Once added, the system automatically uses these indicators to expand monitoring coverage and detect fraudulent activity that may otherwise slip under the radar.

Beyond automated monitoring, these indicators also serve as filters for manual investigations, allowing analysts to refine searches inside the Brand Protection module and accelerate fraud discovery.

Why it matters

• Provides granular control over brand monitoring security teams can zero in on specific threats unique to their organization.

• Enhances detection of targeted scams, such as fake campaigns or phishing attempts using internal project names.

• Strengthens collaboration between security and business teams (e.g., marketing, legal), ensuring that brand-abuse detection is aligned with real-world assets and priorities.

• Supports both automated detection and manual fraud hunting, ensuring no blind spots remain in the organization’s defense strategy.

In essence, the Fraud Indicators List transforms brand protection from a passive defense into a dynamic, intelligence-driven shield, empowering organizations to proactively detect, validate, and act against fraud attempts before they escalate.

Latest Fraudulent

The Latest Fraudulent section provides a real-time feed of the most recent fraudulent cases detected and logged within the Brand Protection module. It allows analysts to immediately review, validate, and act upon newly identified threats to their brand presence across platforms.

Each fraudulent case includes structured fields for clear traceability:

• Fraud Link – The URL of the fraudulent page, post, or ad impersonating or misusing the organization’s brand.

• Fraud Established Date – The date when the system first confirmed the fraudulent activity.

• Severity – A classification (e.g., High, Medium, Low) highlighting the potential impact of the fraudulent incident.

• Whitelisted – Indicates whether the item has been explicitly allowed (e.g., Yes or No).

• Added Date – The date when the fraudulent case was entered into the Attackmatricx.

• Added By – The account or system user responsible for adding the incident.

• Modified Date – Any updates or changes applied to the fraudulent case.

• Status – The current stage of the takedown or validation workflow. Options include:

  • To Check By Customer

  • Out Of Scope

  • Request Takedown

  • Reviewed

  • Completed

  • Rejected

  We will explain these statuses in detail in the Fraudulent Tracking section at Filtering.

Visual Timeline (Show Timeline):

For each case, analysts can open a graphical timeline that displays the history of the fraudulent incident. This visualization helps track repeated occurrences, escalation steps, and resolution times, enabling a clear understanding of the fraud’s lifecycle.

View Full Details of Fraudulent Incidents:

A shortcut is provided to the Fraudulent Tracking tab, where comprehensive records, extended metadata, and management actions are available. (We will explain this feature in detail in the Fraudulent Tracking section).

Why it matters:

By combining structured metadata, workflow statuses, and a timeline visualization, the Latest Fraudulent section empowers teams to prioritize threats, accelerate takedown actions, and maintain transparency across the entire fraud-handling process.