Threat Exposure Dashboard
The Threat Exposure Dashboard is the beating heart of AttackMetricx the place where everything is covered.
Instead of forcing security teams to jump between separate modules (ASM, Dark Web, Brand Protection, Threat Intelligence), this dashboard aggregates all exposures in one command center.
Here, every critical element of your security posture is measured, visualized, and tracked in real-time:
From vulnerabilities and misconfigurations to dark web leaks and brand impersonations.
From risky open ports to certificate issues, DNS misalignments, and ransomware associations.
It’s not just a dashboard it’s a CTEM-driven cockpit where exposures flow through the full lifecycle:
Scoping → Discovery → Prioritization → Validation → Mobilization.
This unified view means your team can move from detection to action faster than attackers can exploit.
It’s the clearest proof of how powerful, customizable, and intelligence-driven our platform is.
Let’s Start Exploring the Dashboard
Attack Surface Rating
The Attack Surface Rating (located at the top-left of the dashboard) reflects the overall security health of your external-facing assets.
It consolidates all findings from your domains, subdomains, IPs, ports, and cloud exposures into a single percentage score (0–100%).
The closer the score is to 100%, the stronger and cleaner your security posture.
A lower score indicates higher risk due to unresolved vulnerabilities, misconfigurations, or exposed services.
When clicking on the Attack Surface Rating instantly redirects you to the Attack Surface Dashboard, where you can explore in detail.
Dark Web Rating
The Dark Web Rating (located at the top-right of the dashboard) measures your organization’s overall exposure and risk posture across the dark web.
The percentage reflects how much of your organization’s sensitive data, credentials, or brand indicators are exposed in dark web sources such as forums, marketplaces, Russian market, onion sites, botnet logs, and ransomware leaks.
100% → Excellent posture, no detected exposures.
0% → Extremely risky posture, with major exposures tied to your assets.
Navigation & Deep Dive
When clicking on the Dark Web Rating takes you directly into the Dark Web Dashboard, where you can explore in detail.
Our Current Security Risk Score
This section provides a holistic grade of your organization’s current cybersecurity posture, displayed as a familiar A–F score, much like an academic grading system.
What It Represents
The score is calculated based on the totality of exposures detected across your assets (attack surface issues, vulnerabilities, misconfigurations, dark web findings, brand protection alerts). It is a direct reflection of how secure or at risk your organization is right now.
Score Breakdown
A (90–100): Excellent security posture, minimal risks.
B (80–89): Good posture, but some issues need monitoring.
C (70–79): Moderate risk, several exposures require remediation.
D (60–69): Weak posture, high likelihood of exploitation.
E (50–59): Very poor posture, critical weaknesses exist.
F (≤50): Failing posture, systems are highly vulnerable. Immediate remediation is essential.
This score is designed for both executives and security teams:
Executives → Get a quick, business-level understanding of organizational risk.
Security Teams → Know where to focus remediation first to improve the grade.
The higher the score, the stronger your defense. An F means urgent action is required to protect against imminent threats.
In the top-left corner of the Our Current Security Rating widget, you’ll find a calendar icon that provides access to the Threat Exposure Calendar, a dynamic, intelligence visualization designed to monitor and analyze your organization’s cybersecurity posture over time.
This feature empowers security teams to track exposure evolution, identify risk fluctuation patterns, and measure defensive performance across multiple time dimensions daily, monthly, and yearly.
Daily View: Displays day-by-day exposure metrics, highlighting fluctuations in risk level and domain-specific security scores.
Monthly View: Aggregates exposure data to reveal month-over-month trends in resilience, highlighting improvement or degradation of posture.
Yearly View: Provides a strategic overview of long-term progress, enabling executive-level assessment of the organization’s overall cyber defense maturity.
Inside the calendar, each cell displays the security rating grade (A–F) along with its percentage score (e.g., B – 87.5%, F – 47.3%), and the number of affected domains for that date or period. This provides an instant visual indicator of how your organization’s security posture fluctuates over time.
At the top of the calendar, you can filter results by domain (e.g., example.com, example2.com) to focus on specific assets or subsidiaries, ensuring precise visibility into the security lifecycle of each environment.
Threat Exposure Management
The Threat Exposure Management section is the heartbeat of our CTEM (Continuous Threat Exposure Management) cycle.
Here, every exposure detected by the platform flows through a structured lifecycle — from initial scoping to final mobilization. This ensures that risks are not only identified, but also validated, prioritized, and acted upon with precision.
Each stage is fully interactive: clicking any of the metrics (e.g., Scoping or Validation) will take you directly into that context, allowing teams to drill deeper and manage findings in real time.
1. Scoping
Initial mapping of your organization’s attack surface and threat landscape.
Identifies assets, domains, subdomains, and potential vectors that require monitoring.
This stage ensures nothing is missed before diving into vulnerability discovery.
2. Discovered Issues
Total number of exposures detected across ASM Issues.
Covers misconfigurations, risky ports, leaked credentials, impersonating domains, and more.
Each discovery is automatically cataloged with severity, type, and affected asset.
3. Prioritization
Not all findings are equal. This stage applies threat intelligence, exploit prediction, and business context to determine which issues matter most.
Exposures tied to ransomware, actively exploited CVEs, or critical assets rise to the top.
Helps teams focus resources on the risks that truly endanger the business.
4. Validation
Automated and manual checks confirm whether exposures are real, reproducible, and exploitable.
AttackMetricx uses a custom-built scanning and exploitation engine, not just passive OSINT.
Continuously updated with new payloads, templates, and exploit modules for active verification.
Issues that are directly validated in real time through active interaction with the target, e.g. SQL Injection, XSS, RCE …etc.
Reduces false positives and ensures that time is not wasted chasing irrelevant noise.
5. Mobilizations
Final stage where involves orchestrating cross-functional teams security, IT operations, dev, and business stakeholders to take coordinated remediation actions.
This ensures findings are not just logged, but actively resolved.
Why This Matters
Most security tools stop at “detection.”
Our platform goes further by delivering a closed-loop system: from discovery to remediation. This means security teams don’t just know where they are exposed they know what to fix first, what’s validated, and how to act immediately.
This makes our Threat Exposure Management a force multiplier, turning raw data into business-prioritized intelligence and strengthening resilience at every step.
Issues Status Panel
This section provides a real-time overview of the current state of all detected issues across the platform whether they come from the Dark Web or the Attack Surface. It allows teams to instantly see what has been reviewed, what remains unseen, what is resolved, and what is still outstanding.
Each box is clickable, taking you directly into the detailed breakdown of that category.
Viewed Issues
Issues that have already been opened and reviewed by analysts.
Ensures visibility into what has been acknowledged and addressed at least at the review stage.
Not Viewed Issues
Newly discovered issues that no analyst has reviewed yet.
Highlights backlog items that require immediate attention.
Resolved Issues
Issues that have been successfully fixed or closed.
A direct indicator of remediation progress.
Unresolved Issues
Issues that have been detected but are still unresolved and active risks.
These represent the most urgent threats that require action.
Confirmed Issues
Exposures that have been actively validated by AttackMetricx (not just passively flagged).
These findings are highly accurate, real, and immediately actionable.
Potential Issues
Issues that are suspected but not fully validated.
Serve as early warnings, useful for analyst review and correlation with threat intelligence.
When clicking on the Go to Dark Web Dashboard at top right instantly redirects you to the Dark Web Dashboard
Why This Matters
Provides a complete workflow view: discovery → review → resolution.
Distinguishes between confirmed and potential issues to minimize false positives.
Each status is interactive, leading to detailed dashboards with asset-level insights and timelines.
Dark Web Overview
This section provides a high-level snapshot of dark web exposures tied to your organization. It consolidates four critical categories, allowing analysts to instantly spot where threats are emerging.
Each item is clickable selecting it will redirect you to the deeper dive into the specific type. Additionally, the “Go to Dark Web Dashboard” button at the top-right corner takes you directly to the full dedicated dashboard view Dark Web Dashboard.
1. Botnets
Shows the number of compromised devices, accounts, or sessions connected to botnet activity involving your organization.
2. Breaches
Represents the number of data breaches where your organization’s credentials, emails, or sensitive information were exposed.
3. Mentions
Tracks references to your organization, domains, or assets across dark web forums, marketplaces, onion sites, Russian market and Telegram groups.
4. Ransomware
Highlights whether your organization is associated with ransomware activity for example, if you are listed on a ransomware leak site or targeted group.
Attack Surface Threat Exposure
This section provides a comprehensive breakdown of all detected exposures across your organization’s attack surface. The total number of exposures is displayed at the top (e.g., 733), and each one is categorized by severity level to help prioritize remediation.
Severity Levels
Each severity category is interactive by clicking on any box (e.g., Exploited, Critical, High), the system takes you directly to a filtered view of all exposures with that exact severity level in the Surface Web Dashboard, along with full technical details.
Exploited
These are vulnerabilities currently known to be actively exploited in the wild.
Highest priority for immediate action.
Critical
Severe exposures that could cause major business impact if exploited.
Examples include unauthenticated RCE, privilege escalation, or sensitive data leaks.
High
High-risk issues that could enable attackers to gain access, pivot, or disrupt systems.
Typically requires prompt but not emergency-level remediation.
Medium
Moderate impact vulnerabilities such as XSS or weaker misconfigurations.
Still important but less urgent than High or Critical.
Low
Minor issues or best-practice gaps, e.g., missing headers or weak configurations.
Info
Informational findings that do not represent immediate risk but provide valuable context (e.g., technology versions, open directories).
Exposure Types
On the right, findings are also divided into two major categories:
Vulnerabilities → Software flaws (CVEs, code weaknesses, outdated libraries).
Misconfigurations → Improper setups (weak certificates, open ports, DNS issues, policy gaps).
Latest Issues
This widget shows the most recent issues detected across your assets. Each entry includes:
Issue name (e.g., SSL Certificate Issuer, External Service Interaction).
Affected Assets → The number of domains/subdomains where the issue was found (displayed with a counter badge like +25).
Last Seen Timestamp → The most recent detection date/time for the issue.
Interactive Feature: Each issue is clickable. By selecting it, you’re taken to a detailed issue view, showing affected assets, technical context, and remediation steps.
This allows you to see whether the same exposure is present across multiple assets, giving better visibility into systemic weaknesses.
Exposure by Category
Here, all exposures are grouped into categories, helping teams quickly understand the nature of risks:
Vulnerabilities (e.g., CVEs, software flaws).
Certificates (expired, invalid, or misconfigured SSL/TLS).
Risky Ports (open services that may be exploitable).
DNS Issues (dangling records, misconfigurations).
Clearnet (exposures in publicly reachable assets).
Each category is clickable. By selecting one, the system opens a filtered detailed view of all exposures of that type, enabling faster triage and remediation.
Brand Protection
This section highlights exposures tied to your brand identity in external environments:
Domains – Monitored corporate domains.
Apps – Web apps impersonating or connected to your brand.
Social Media – Fake or malicious social media accounts.
Social Markets – Mentions of your brand in underground markets.
Takedowns – Count of completed takedown actions.
Each metric is clickable. By selecting it, you get a detailed report of related findings for example, a list of suspicious domains or flagged social accounts ensuring proactive brand protection.
Latest News
This panel streams real-time cybersecurity news and advisories, ensuring your security team is aware of global developments that might affect your environment.
Each news item shows title + publication date/time.
Clicking a headline redirects you to the full external source.
On the top right, “View All News” provides a full archive, helping analysts keep track of historical advisories and threat landscape updates.
Last updated
Was this helpful?