From 8d825eac29e2d78a45909d70d89fddfd10c8aa01 Mon Sep 17 00:00:00 2001 From: Nikita Varabei Date: Fri, 5 Jun 2026 05:33:34 -0400 Subject: [PATCH 1/2] =?UTF-8?q?docs:=20update=20Reports=20based=20on=20kno?= =?UTF-8?q?wledge=20update=20"Report=20deletion=20policy=20=E2=80=94=20alm?= =?UTF-8?q?ost=20never=20delete=20reports"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- concepts/reports.mdx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/concepts/reports.mdx b/concepts/reports.mdx index 2d9ff8d..14ef173 100644 --- a/concepts/reports.mdx +++ b/concepts/reports.mdx @@ -103,6 +103,12 @@ Creating a report in ChainPatrol is straightforward: **After Review** - Status changes to CLOSED, asset statuses are updated, you're notified of the outcome, and actions are taken (blocking, allowing, etc.). +## Deleting Reports + +> **Warning:** Reports in ChainPatrol should **almost never be deleted**. The only valid reason to delete a report is to remove sensitive information that was uploaded by accident and should not be stored in a report. + +> **Info:** If a detection source is producing noise that affects your report metrics, this should be resolved by properly configuring your detection sources — not by deleting reports. + ## Report Best Practices **Provide Clear Context** - Include how you discovered the threat, why you believe it's malicious, any user reports or complaints, and timeline of when it appeared. @@ -118,4 +124,4 @@ Creating a report in ChainPatrol is straightforward: - Multi-asset reports capture campaign scope: Grouping related threats in one report helps reviewers understand attack patterns and makes blocking entire campaigns more efficient - Context accelerates review decisions: Reports with screenshots, explanations, and evidence of harm move through review faster than bare URLs with no context - Three submission methods serve different needs: Manual reports for ad-hoc discoveries, API reports for automated detection systems, and portal reports for community submissions -- Report status tracks progress without micromanagement: TODO, IN_PROGRESS, and CLOSED states provide visibility while letting the security team work without constant updates +- Report status tracks progress without micromanagement: TODO, IN_PROGRESS, and CLOSED states provide visibility while letting the security team work without constant updates \ No newline at end of file From 690f5bbabc24f6b69e8ea401a65d850a67614520 Mon Sep 17 00:00:00 2001 From: Nikita Varabei Date: Fri, 5 Jun 2026 05:34:08 -0400 Subject: [PATCH 2/2] =?UTF-8?q?docs:=20update=20Metrics=20based=20on=20kno?= =?UTF-8?q?wledge=20update=20"Report=20deletion=20policy=20=E2=80=94=20alm?= =?UTF-8?q?ost=20never=20delete=20reports"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- concepts/metrics.mdx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/concepts/metrics.mdx b/concepts/metrics.mdx index 8f1fe1e..377ab16 100644 --- a/concepts/metrics.mdx +++ b/concepts/metrics.mdx @@ -11,6 +11,10 @@ description: "Understanding how ChainPatrol measures and reports threat protecti They are built by aggregating your organization's activity (reports, detections, blocked assets, takedowns) into simple, readable summaries. + +The **Reports Total** metric shows the volume of work ChainPatrol has to check through potential threats. While useful for understanding overall activity, it is not as meaningful as the **Confirmed Threats Count** or the **Takedowns Count**, which better reflect actual threat impact and resolution. + + ### Why It Matters Metrics help you answer **"Are we protected?"** by showing threat volume, coverage, and response quality to your internal stakeholders and, when enabled, to external audiences via your Security Portal. @@ -103,4 +107,4 @@ For provider performance review, you analyze median time to takedown by asset ty - Metrics reveal protection gaps: Tracking detections by channel shows where attackers focus, helping you prioritize monitoring efforts on platforms with highest threat activity - Time-based analysis identifies campaign patterns: Sudden spikes in detections often indicate coordinated campaigns, while steady increases suggest growing attacker interest - Speed metrics drive operational improvements: Median time to block and takedown completion times help identify bottlenecks in your response process -- Filtering enables strategic decisions: Breaking down metrics by brand, asset type, or threat category reveals which parts of your organization face the most risk +- Filtering enables strategic decisions: Breaking down metrics by brand, asset type, or threat category reveals which parts of your organization face the most risk \ No newline at end of file