diff --git a/concepts/metrics.mdx b/concepts/metrics.mdx index 8f1fe1e..377ab16 100644 --- a/concepts/metrics.mdx +++ b/concepts/metrics.mdx @@ -11,6 +11,10 @@ description: "Understanding how ChainPatrol measures and reports threat protecti They are built by aggregating your organization's activity (reports, detections, blocked assets, takedowns) into simple, readable summaries. + +The **Reports Total** metric shows the volume of work ChainPatrol has to check through potential threats. While useful for understanding overall activity, it is not as meaningful as the **Confirmed Threats Count** or the **Takedowns Count**, which better reflect actual threat impact and resolution. + + ### Why It Matters Metrics help you answer **"Are we protected?"** by showing threat volume, coverage, and response quality to your internal stakeholders and, when enabled, to external audiences via your Security Portal. @@ -103,4 +107,4 @@ For provider performance review, you analyze median time to takedown by asset ty - Metrics reveal protection gaps: Tracking detections by channel shows where attackers focus, helping you prioritize monitoring efforts on platforms with highest threat activity - Time-based analysis identifies campaign patterns: Sudden spikes in detections often indicate coordinated campaigns, while steady increases suggest growing attacker interest - Speed metrics drive operational improvements: Median time to block and takedown completion times help identify bottlenecks in your response process -- Filtering enables strategic decisions: Breaking down metrics by brand, asset type, or threat category reveals which parts of your organization face the most risk +- Filtering enables strategic decisions: Breaking down metrics by brand, asset type, or threat category reveals which parts of your organization face the most risk \ No newline at end of file diff --git a/concepts/reports.mdx b/concepts/reports.mdx index 2d9ff8d..14ef173 100644 --- a/concepts/reports.mdx +++ b/concepts/reports.mdx @@ -103,6 +103,12 @@ Creating a report in ChainPatrol is straightforward: **After Review** - Status changes to CLOSED, asset statuses are updated, you're notified of the outcome, and actions are taken (blocking, allowing, etc.). +## Deleting Reports + +> **Warning:** Reports in ChainPatrol should **almost never be deleted**. The only valid reason to delete a report is to remove sensitive information that was uploaded by accident and should not be stored in a report. + +> **Info:** If a detection source is producing noise that affects your report metrics, this should be resolved by properly configuring your detection sources — not by deleting reports. + ## Report Best Practices **Provide Clear Context** - Include how you discovered the threat, why you believe it's malicious, any user reports or complaints, and timeline of when it appeared. @@ -118,4 +124,4 @@ Creating a report in ChainPatrol is straightforward: - Multi-asset reports capture campaign scope: Grouping related threats in one report helps reviewers understand attack patterns and makes blocking entire campaigns more efficient - Context accelerates review decisions: Reports with screenshots, explanations, and evidence of harm move through review faster than bare URLs with no context - Three submission methods serve different needs: Manual reports for ad-hoc discoveries, API reports for automated detection systems, and portal reports for community submissions -- Report status tracks progress without micromanagement: TODO, IN_PROGRESS, and CLOSED states provide visibility while letting the security team work without constant updates +- Report status tracks progress without micromanagement: TODO, IN_PROGRESS, and CLOSED states provide visibility while letting the security team work without constant updates \ No newline at end of file