Trust And Coverage Settings

Settings should explain which configuration and enrichment layers make the overview trustworthy, not just collect generic toggles.

This page is about confidence infrastructure: inventory freshness, owner mapping, destination labeling, and the defaults that determine whether the top-level dashboard can make strong claims.

Confidence State

Partially blocked

2 enrichment gaps · 1 stale sync risk · 1 operator default needing review

Coverage Layers

4 watched

Four settings families most directly affect overview trust.

Blocked

2 gaps

Endpoint ownership and destination labeling still weaken confidence.

At Risk

1 stale sync

Credential allowlist freshness may still be lagging the current environment.

Operator Defaults

3 live

Three dashboard assumptions directly shape what security sees first.

Coverage Layers

Show the settings that change whether the overview should be trusted.

Endpoint ownership mapping

blocked

One live host is still missing confident owner binding and environment classification.

Why It Matters

Without owner mapping, the overview cannot make strong attribution claims about the clearest trust break.

Recommended Fix

Improve endpoint enrichment and require owner binding before hosts appear as fully trusted.

Destination intent labeling

blocked

The overview can see the HTTP edge, but not yet whether the destination is expected internal traffic.

Why It Matters

Boundary-crossing stories remain lower-confidence until route intent and trust class are known.

Recommended Fix

Add destination labeling so unusual internal traffic and true exposure edges are separated.

Credential allowlist freshness

at risk

The key may be truly unknown or simply missing from a fresh sync.

Why It Matters

A stale allowlist makes security either overreact or underreact to the most important open credential story.

Recommended Fix

Increase sync freshness and expose staleness visibly in the operator brief.

Baseline model routing profile

healthy

The system still has a stable enough understanding of expected model lanes to highlight novelty clearly.

Why It Matters

Good baseline modeling is what lets the overview compress normal activity and elevate unusual combinations.

Recommended Fix

Keep the baseline visible and update it cautiously so novelty detection stays meaningful.

Operator Defaults

Show the assumptions that shape the first-contact view.

Overview time window

24h + live

The first-contact page emphasizes current live stories and the last day of meaningful change.

Stable majority threshold

compress

Known-good activity stays summarized unless it starts to concentrate or cross important boundaries.

Trust-gap visibility

always on

Coverage blockers stay visible because confidence limits are part of the security story, not footnotes.

Why Settings Matter To The Overview

Tie settings back to posture language, not generic admin work.

Posture quality

Bad enrichment creates weak verdicts.

If ownership and destination context are stale, the posture verdict becomes less useful even when the raw signal is correct.

Priority quality

Bad defaults create noisy concern cards.

If every anomaly fires equally, the overview becomes a list of cards instead of an opinionated first-contact page.

Drilldown quality

Bad mapping creates dead-end clicks.

If the system cannot connect issues to owners, entities, or destinations, the next click stops being helpful.