top of page
Adding Real-Time Detection Features to the CDR Dashboard.png
Panoptica_logo.png

Adding Real-Time Detection Features to the CDR Dashboard

Product feature, UX/UI

This case study demonstrates how adding real-time detection capabilities can transform a traditional security dashboard into a more dynamic and responsive tool, ultimately enabling faster, more effective threat mitigation in cloud environments.

WHAT WE DID

We enhanced the Cloud Detection & Response (CDR) dashboard by integrating Live Streaming and real-time threat processing capabilities. This addition empowered security analysts to monitor and respond to threats instantly, rather than relying on retrospective data.

MY ROLE​

As the lead product designer, I:

  • Conducted user research to identify pain points in the existing workflow.

  • Collaborated with engineers, product managers, and security analysts to define requirements.

  • Designed the real-time alerting interface with a focus on usability and efficiency.

  • Iterated on designs based on stakeholder feedback and feasibility constraints.

  • Ensured cross-functional alignment to balance user needs with technical feasibility.

THE CHALLENGE & GOAL 

Challenge:

Prior to this feature, security teams relied on delayed data, limiting their ability to respond proactively. Analysts often had to manually refresh logs or wait for periodic updates, creating gaps in incident response.

Without real-time visibility, threats could go undetected for crucial minutes, increasing the risk of breaches. Additionally, analysts struggled with information overload from multiple threat sources, making it difficult to prioritize incidents effectively.

Goal:

Our primary objective was to introduce Live Streaming capabilities, ensuring:

  • Threats are detected and displayed in real time.

  • Alerts are clear and actionable, reducing analyst fatigue.

  • Integration is seamless, without disrupting existing workflows.

  • Analysts can group, filter, and prioritize alerts efficiently to focus on the most critical threats.

Group 1000006248.png
RESEARCH

To validate our approach, I conducted:

  • User Interviews → Engaged with security analysts to understand their workflows, needs, and frustrations.

  • Competitive Analysis → Reviewed industry benchmarks for real-time security monitoring.

  • Data Analysis → Worked with engineers to assess system feasibility and processing speeds.

Key Insights:

 

  1. Analysts needed an intuitive way to track live threats without being overwhelmed.

  2. Grouping similar threats was critical to prevent information overload.

  3. Quick response actions (e.g., isolate an asset, dismiss false positives) needed to be directly integrated into the dashboard.

  4. Custom filters and sorting options were necessary for prioritizing the most relevant threats.

WORKING PROCESS

  1. Understanding User Needs & Defining Requirements

    • Conducted interviews with security analysts to document workflows and pain points.

    • Collaborated with product managers to prioritize features based on user impact.

    • Defined technical constraints with engineers to ensure real-time processing feasibility.
       

  2. Stakeholder Alignment & Collaboration

    • Led cross-functional discussions with product and engineering teams to ensure alignment between business goals, technical feasibility, and user needs.

    • Facilitated workshops to validate design concepts and refine the Live Streaming functionality before development.

    • Iterated on requirements based on feasibility assessments from engineering and security teams.
       

  3. Wireframing & Prototyping

    • Designed multiple UI iterations, testing different layouts for real-time event visibility.

    • Developed interactive prototypes to simulate live updates and gather feedback.

    • Ensured that the interface effectively balanced real-time data updates with cognitive load considerations.
       

  4. Iterative Design & Refinement

    • Conducted internal feedback sessions to identify usability challenges.

    • Adjusted alert grouping, event timeline visualization, and quick-action workflows to improve efficiency.

    • Introduced custom filtering and severity-based sorting based on user feedback to enhance clarity.

    • Tested alternative designs for the live-streaming feature to reduce distractions and improve scan-ability.

MVP - live- flat view - open.png
THE DESIGN

The final design introduced a Live Streaming panel that dynamically updated threat events in real time. The key improvements included:

  1. Real-Time Event Timeline → A visual timeline displaying threat patterns over time.

  2. Severity-Based Event Grouping → Critical alerts are prioritized, while related threats are grouped together to reduce noise.

  3. Contextual Drill-Down Panel → Clicking an event opens an expanded view with in-depth details and evidence, allowing analysts to quickly assess and take action.

  4. Quick Action Controls → Analysts can respond to threats directly (e.g., create a ticket, isolate a machine, dismiss false positives) without leaving the dashboard.

  5. Customizable Filters & Timeframes → Users can refine event streams based on severity, asset type, and time range.

 

These changes ensured analysts could efficiently track and respond to threats in real time without overwhelming them with excessive notifications.

Group 1000006252.png
MVP - live- flat view - open.png
MVP - not live- flat view.png
Grouped Views for Threat Investigation:

To enhance usability and investigation efficiency, we introduced different ways to group and view threat data:

  1. Potential Threat Grouping → Events are grouped by potential threat, making it easier for security teams to identify and prioritize similar types of threats across multiple assets.

  2. Rule-Based Grouping → Another view organizes events by rule, helping users understand which specific security policies are frequently triggered and might require adjustments.

  3. Asset-Based Grouping → This grouping enables teams to focus on the assets affected by each event, which is crucial for targeted response and mitigation.

Section 13.png
Section 3.png
Section 3-1.png
Asset Details and Threat Investigation:

To provide deeper insights, we enhanced the asset details and investigation workflow:

  • Asset Details View → Selecting an incident opens a detailed view of affected assets, including information like MITRE ATT&CK techniques and threat progression.

  • Captured Evidence Visualization → The Captured Evidence tab organizes relevant data artifacts, such as process launches and file downloads, helping analysts understand the full scope of an incident.

MVP - Asset Details - Potential threats .png
MVP - Asset Details - Potential threats - open.jpg
MVP - Asset Details - Captured evidence .png
This design was focused on reducing response times, increasing visibility into ongoing threats, and enabling real-time detection and analysis with minimal user friction.
Frame 1010105083.png
SUCCESS CRITERIA

 

To measure success, we tracked:

  • Threat response time → Improved by 40%, as analysts could act instantly.

  • User adoption → Analysts reported increased efficiency in identifying and mitigating incidents.

  • Reduced alert fatigue → Grouped alerts and filtering options led to fewer distractions.

  • Stakeholder satisfaction → Product managers and security teams confirmed the feature's impact on operational efficiency.

SUMMARY

This project reinforced the importance of:

  • Early stakeholder alignment to balance feasibility and usability.

  • Iterative design to refine solutions based on real-world feedback.

  • Designing for cognitive load to prevent information overload in high-stakes environments.

  • Proactive collaboration with engineering to ensure seamless integration and technical feasibility.

 

By focusing on real-time visibility and efficient response actions, we significantly enhanced the effectiveness of the CDR dashboard, making security teams more proactive and responsive. Lessons learned here will inform future improvements in live monitoring and automation.

Other Projects

Incident Response Dashboard 

Incident Response Dashboard .png

Side-by-Side Remediation

Scan history Desktop HD Copy 4.png
bottom of page