Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion concepts/metrics.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ description: "Understanding how ChainPatrol measures and reports threat protecti

They are built by aggregating your organization's activity (reports, detections, blocked assets, takedowns) into simple, readable summaries.

<Note>
The **Reports Total** metric shows the volume of work ChainPatrol has to check through potential threats. While useful for understanding overall activity, it is not as meaningful as the **Confirmed Threats Count** or the **Takedowns Count**, which better reflect actual threat impact and resolution.
</Note>

### Why It Matters

Metrics help you answer **"Are we protected?"** by showing threat volume, coverage, and response quality to your internal stakeholders and, when enabled, to external audiences via your Security Portal.
Expand Down Expand Up @@ -103,4 +107,4 @@ For provider performance review, you analyze median time to takedown by asset ty
- Metrics reveal protection gaps: Tracking detections by channel shows where attackers focus, helping you prioritize monitoring efforts on platforms with highest threat activity
- Time-based analysis identifies campaign patterns: Sudden spikes in detections often indicate coordinated campaigns, while steady increases suggest growing attacker interest
- Speed metrics drive operational improvements: Median time to block and takedown completion times help identify bottlenecks in your response process
- Filtering enables strategic decisions: Breaking down metrics by brand, asset type, or threat category reveals which parts of your organization face the most risk
- Filtering enables strategic decisions: Breaking down metrics by brand, asset type, or threat category reveals which parts of your organization face the most risk
8 changes: 7 additions & 1 deletion concepts/reports.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,12 @@ Creating a report in ChainPatrol is straightforward:

**After Review** - Status changes to CLOSED, asset statuses are updated, you're notified of the outcome, and actions are taken (blocking, allowing, etc.).

## Deleting Reports

> **Warning:** Reports in ChainPatrol should **almost never be deleted**. The only valid reason to delete a report is to remove sensitive information that was uploaded by accident and should not be stored in a report.

> **Info:** If a detection source is producing noise that affects your report metrics, this should be resolved by properly configuring your detection sources — not by deleting reports.

## Report Best Practices

**Provide Clear Context** - Include how you discovered the threat, why you believe it's malicious, any user reports or complaints, and timeline of when it appeared.
Expand All @@ -118,4 +124,4 @@ Creating a report in ChainPatrol is straightforward:
- Multi-asset reports capture campaign scope: Grouping related threats in one report helps reviewers understand attack patterns and makes blocking entire campaigns more efficient
- Context accelerates review decisions: Reports with screenshots, explanations, and evidence of harm move through review faster than bare URLs with no context
- Three submission methods serve different needs: Manual reports for ad-hoc discoveries, API reports for automated detection systems, and portal reports for community submissions
- Report status tracks progress without micromanagement: TODO, IN_PROGRESS, and CLOSED states provide visibility while letting the security team work without constant updates
- Report status tracks progress without micromanagement: TODO, IN_PROGRESS, and CLOSED states provide visibility while letting the security team work without constant updates