Management Console
The KYRA MDR Management Console is a multi-tenant SOC analyst dashboard that provides security operations teams with a unified interface for alert triage, incident management, asset inventory, compliance tracking, and threat intelligence.
Console Features
The console organizes features into seven navigation groups, gated by service tier.
Overview
| Feature | Description |
|---|---|
| Dashboard | SOC overview with real-time metrics — alert statistics, severity breakdown, SLA compliance, MITRE ATT&CK coverage, ingestion rate, trend charts, and executive view |
| SOC Metrics | Key security operations metrics — MTTD, MTTR, alert volume trends, analyst workload distribution, and detection coverage analytics |
| AI Analysis | AI-powered security analysis dashboard — classification accuracy, true/false positive rates, confidence scoring, severity heatmaps, and trend analysis |
Detection & Response
| Feature | Description |
|---|---|
| Detections | Alert management with advanced search, filtering, bulk actions (assign, acknowledge, suppress, close), severity badges, detail panel with 7 tabs (Overview, Detections, Timeline, Evidence, Raw Data, Actions, ATT&CK Map), and similar-alert correlation |
| Incidents | Full incident lifecycle — create, assign, investigate, escalate, close. Includes SLA compliance tracking, Kanban board view, task management, timeline, comments, and linked alert management |
| Analyst Workbench | Unified investigation workspace — take ownership, escalate, close cases. Response actions (isolate host, block IP, disable account, kill process, scan endpoint, collect forensics) with license-gated EDR/NDR controls |
| Playbooks | SOAR playbook management — trigger conditions (alert severity, type, source matching), multi-step workflows with configurable actions, execution history, and dry-run testing |
Investigation
| Feature | Description |
|---|---|
| Log Search | Full-text log search across all connected data sources with filtering, field browsers, syntax highlighting, click-to-filter, and export (CSV/JSON) |
| Network Logs | Network traffic log analysis with source/destination filtering, protocol breakdown, click-to-search IPs, and detail view |
| Timeline | Chronological event timeline across alerts and incidents for investigative workflows with entity pivot (click entities to search logs) |
| Investigation Graph | Interactive entity relationship visualization using Cytoscape.js — maps hosts, users, IPs, processes, and domains with their connections. Supports fcose layout with SVG icons |
Threat Intelligence
| Feature | Description |
|---|---|
| Threat Intelligence | IOC management with 27+ threat intelligence feeds (OTX, AbuseIPDB, VirusTotal, EmergingThreats, etc.), 50,000+ IOCs, feed health monitoring, and IOC search/enrichment |
| Risk Intelligence | Risk management with four lists — Whitelist (trusted entities), Watchlist (monitored entities), Blocklist (blocked entities), Threatlist (known threats). Supports bulk import/export |
| Detection Rules | Detection rule management — view, enable/disable, tune, and test. Multilingual rule names/descriptions (en/ko/ja). MITRE ATT&CK technique mapping |
| MITRE ATT&CK | Interactive MITRE ATT&CK matrix with technique coverage visualization, detection count heatmap, sub-technique drill-down, and linked detection rules |
Infrastructure
| Feature | Description |
|---|---|
| Assets | Asset inventory with risk scores, criticality tagging, vulnerability tracking, and export. Groups endpoints, servers, and cloud resources per tenant |
| Subdomains | External attack surface monitoring — subdomain discovery, DNS record tracking, certificate monitoring, and risk scoring |
| Connectors | Data source integration management — health monitoring, connectivity testing, and configuration for 36+ third-party security tool connectors |
| Collectors | Lightweight log collector agent management — deployment status, version tracking, configuration, and health monitoring |
Compliance
| Feature | Description |
|---|---|
| Compliance | Compliance posture dashboard with framework mappings (ISMS-P, ISO 27001, SOC 2, PCI-DSS, TISAX, CMMC, GDPR, CCPA, NIST CSF), control status tracking, and audit evidence collection |
| Identities | Identity and access management monitoring — user activity tracking, privilege analysis, and anomaly detection |
| Privacy / DSR | Data Subject Request management — intake, processing, tracking, and compliance reporting for privacy regulations |
Management
| Feature | Description |
|---|---|
| Reports | On-demand and scheduled report generation with downloadable PDF/CSV output, progress tracking, and email delivery |
| Audit Logs | Comprehensive audit trail of all user and system actions with filtering and export |
| Notifications | Notification management — real-time alerts, email digests, severity-based filtering, and read/unread tracking |
| Billing | Subscription and billing management — plan selection, usage tracking, payment history, and tier upgrades |
| Settings | User profile, team management, API keys, integrations, log sources, notification preferences, two-factor authentication, and timezone configuration |
Service Tiers & Feature Access
Features are gated by subscription tier:
| Tier | Level | Features Included |
|---|---|---|
| Detect (Free) | 0 | Dashboard, Log Search, Collectors, Billing, Settings |
| Respond (MDR) | 1 | + Incidents, Workbench, Playbooks, Timeline, Network Logs, Assets, Connectors, Reports, Audit Logs, Notifications, SOC Metrics, AI Analysis, Threat Intel, Risk Intelligence, Detection Rules, MITRE ATT&CK, Subdomains, Investigation Graph |
| Hunt (Pro) | 2 | + Compliance, Identities, Privacy/DSR, EDR response actions |
| Custom | 3 | Full access with custom configurations |
Locked features display in the sidebar with a lock icon and a link to upgrade.
KYRA AI Assistant
An AI-powered assistant is available throughout the console:
- Toggle: Click the brain icon in the top bar, or press
g then k - Capabilities: Ask questions about alerts, get investigation recommendations, analyze threats in real-time
- Context-aware: The assistant understands which page you’re on and can reference the current alert or incident
Global Search
Press Ctrl+K / Cmd+K to open global search with prefix-based routing:
alert:— Search detectionsincident:— Search incidentsasset:— Search assets- Default — Search logs
Keyboard Shortcuts
| Shortcut | Action |
|---|---|
? | Open shortcuts help |
g then d | Go to Dashboard |
g then a | Go to Detections |
g then i | Go to Incidents |
g then s | Go to Settings |
g then l | Go to Log Search |
g then k | Toggle KYRA AI panel |
Escape | Close any open dialog or panel |
Authentication & Access Control
Authentication Methods
- Email/password login with JWT-based sessions
- Single Sign-On (SSO) via Okta, Azure AD, Google, or any OIDC provider
- Two-factor authentication (TOTP) with backup recovery codes
- API key management for programmatic access
Role-Based Access Control
| Role | Permissions |
|---|---|
| Admin | Full access including tenant management, SSO configuration, user management |
| Analyst | Alert/incident management, playbook creation, compliance evidence, report generation |
| Viewer | Read-only access to dashboards, alerts, incidents, assets, compliance, reports |
Internationalization
The console supports three languages, switchable via the top bar:
- English (default)
- 한국어 (Korean)
- 日本語 (Japanese)
All navigation labels, page content, form fields, and toast messages are translated.
Real-Time Features
- Push Notifications: Real-time alert notifications with severity-based filtering and aggregation
- Live Dashboard Updates: Automatic data refresh across all dashboard metrics (30-second intervals)
- Critical Alert Badges: Visual indicators for active critical and high-severity alerts in the sidebar
- System Health Monitoring: Live connector health status with degraded/offline indicators
- Timezone Support: User-configurable timezone with live clock display (UTC, KST, or custom)
Theme Support
Three visual themes available via the top bar toggle:
- Dark — Default dark theme
- Light — Light theme for daytime use
- Matrix — Terminal-style green-on-black theme
Multi-Tenant Isolation
Each tenant sees only their own data. Tenant isolation is enforced through:
- JWT-based authentication with tenant-scoped claims
- All API queries automatically filtered by tenant context
- Cross-tenant resource access prevention at every layer
- Separate data partitions per tenant
Security Features
- Session management with automatic token refresh and expiry
- CORS protection with origin allowlisting
- Rate limiting per tenant based on service tier
- Security headers (frame protection, content type enforcement, referrer policy)
- Comprehensive audit logging of all user actions