Analytics and Reporting¶
Smailander provides comprehensive analytics and reporting capabilities to help you understand threat patterns, track trends, and generate actionable security insights.
Analytics Overview¶
Dashboard Analytics¶
The main dashboard provides real-time analytics:
┌─────────────────────────────────────────────────────────┐
│ Analytics Dashboard │
├─────────────────────────────────────────────────────────┤
│ Time Period: Last 30 days ▼ | Compare: Previous period │
├─────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Total │ │ Threats │ │ Detection │ │
│ │ Emails │ │ Detected │ │ Rate │ │
│ │ 12,847 │ │ 8,590 (67%) │ │ 92% │ │
│ │ ↑ 15% │ │ ↑ 12% │ │ ↑ 3% │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
├─────────────────────────────────────────────────────────┤
│ Charts and Visualizations │
│ • Threat Distribution • Geographic • Timeline • Trends │
└─────────────────────────────────────────────────────────┘
Key Metrics¶
| Metric | Description | Formula |
|---|---|---|
| Total Emails | All emails received | COUNT(emails) |
| Threats Detected | Emails with threat score ≥ 50 | COUNT(emails WHERE threat_score ≥ 50) |
| Detection Rate | % of threats detected | (Threats / Total) × 100 |
| Malware Rate | % of emails with malware | COUNT(emails WHERE malware_detected) / Total |
| Spam Rate | % of emails classified as spam | COUNT(emails WHERE spam_score ≥ 70) / Total |
| Phishing Rate | % of emails that are phishing | COUNT(emails WHERE phishing_score ≥ 70) / Total |
Time Periods¶
Available Time Periods¶
| Period | Use Case | Typical Insights |
|---|---|---|
| Last 24 hours | Real-time monitoring | Immediate threats, active campaigns |
| Last 7 days | Weekly review | Weekly patterns, emerging threats |
| Last 30 days | Monthly analysis | Monthly trends, seasonal patterns |
| Last 90 days | Quarterly review | Quarterly trends, long-term patterns |
| Last 365 days | Yearly analysis | Annual trends, year-over-year comparison |
| Custom | Specific analysis | Custom date ranges for investigations |
Period Comparison¶
Compare current period with previous period:
Metrics Comparison (Last 30 days vs Previous 30 days)
┌──────────────────┬───────────┬──────────┬─────────┐
│ Metric │ Current │ Previous │ Change │
├──────────────────┼───────────┼──────────┼─────────┤
│ Total Emails │ 12,847 │ 11,172 │ ↑ 15% │
│ Threats Detected │ 8,590 │ 7,661 │ ↑ 12% │
│ Malware Rate │ 23% │ 21% │ ↑ 2% │
│ Spam Rate │ 45% │ 48% │ ↓ 3% │
│ Phishing Rate │ 32% │ 28% │ ↑ 4% │
└──────────────────┴───────────┴──────────┴─────────┘
Change Indicators: - ↑ Green: Increase (may be positive or negative depending on metric) - ↓ Red: Decrease (may be positive or negative depending on metric) - → Gray: No change
Threat Distribution Analytics¶
Threat Type Breakdown¶
Visual breakdown of threat types:
Threat Distribution
┌─────────────────────────────────────┐
│ │
│ ┌─────────────┐ │
│ ╱ ╲ │
│ │ Malware │ 23% │
│ ╲ ╱ │
│ ╲ ╱ │
│ └─────────────┘ │
│ │
│ Spam: 45% | Phishing: 32% │
└─────────────────────────────────────┘
Threat Score Distribution¶
Distribution of threat scores across all emails:
Threat Score Distribution
Score Range | Count | Percentage
──────────────────────────────────────
0-19 (CLEAN) 2,569 20%
20-39 (LOW RISK) 1,285 10%
40-59 (SUSPICIOUS) 403 3%
60-79 (THREAT) 3,210 25%
80-100 (CRITICAL) 5,380 42%
──────────────────────────────────────
Total 12,847 100%
Threat Evolution Over Time¶
Track how threats evolve:
graph LR
A[Jan] --> B[Feb]
B --> C[Mar]
C --> D[Apr]
style A fill:#1dd1a1
style B fill:#feca57
style C fill:#ff9ff3
style D fill:#ff6b6b
Trend Analysis: - Increasing: Threats are becoming more prevalent - Decreasing: Threats are becoming less common - Stable: Threat levels remain consistent - Seasonal: Threats follow seasonal patterns
Geographic Analytics¶
Country Distribution¶
Top countries by threat volume:
Top 10 Countries by Threat Volume
Rank | Country | Threats | % of Total | Trend
─────┼──────────────┼─────────┼────────────┼────────
1 │ Russia │ 2,341 │ 27.2% │ ↑ 5%
2 │ China │ 1,567 │ 18.2% │ → 0%
3 │ Brazil │ 987 │ 11.5% │ ↑ 3%
4 │ Nigeria │ 756 │ 8.8% │ ↓ 2%
5 │ India │ 623 │ 7.2% │ ↑ 1%
6 │ Vietnam │ 534 │ 6.2% │ → 0%
7 │ Indonesia │ 445 │ 5.2% │ ↓ 1%
8 │ Pakistan │ 389 │ 4.5% │ ↑ 2%
9 │ Ukraine │ 312 │ 3.6% │ ↑ 4%
10 │ Philippines │ 234 │ 2.7% │ ↓ 1%
Geographic Heatmap¶
Visual representation of threats by location:
World Threat Heatmap
🔴 High Volume
🟠 Medium Volume
🟡 Low Volume
⚪ No Activity
[Interactive World Map with Color Coding]
Features: - Click on country for detailed statistics - Hover for threat count and percentage - Filter by threat type - Zoom in for regional details
Geographic Anomalies¶
Identify unexpected geographic patterns:
{
"anomalies": [
{
"country": "Antarctica",
"threats": 45,
"expected": 0,
"severity": "HIGH",
"description": "Unexpected threat activity from unusual location"
},
{
"country": "Luxembourg",
"threats": 234,
"expected": 50,
"severity": "MEDIUM",
"description": "Higher than expected threat volume"
}
]
}
Honeypot Analytics¶
Honeypot Performance¶
Compare honeypot effectiveness:
Honeypot Performance Analysis
Honeypot │ Emails │ Threats │ Threat % │ Top Threat │ Status
──────────────────────┼────────┼─────────┼──────────┼────────────┼────────
monitor@company.com │ 3,456 │ 2,890 │ 84% │ Spam │ Active
test@company.com │ 1,247 │ 834 │ 67% │ Malware │ Active
amazon-leak@company.c │ 12 │ 0 │ 0% │ N/A │ Inactive
admin-trap@company.com │ 8,132 │ 4,857 │ 60% │ Phishing │ Active
sales-test@company.com │ 0 │ 0 │ 0% │ N/A │ Inactive
Honeypot Activity Timeline¶
Track honeypot activity over time:
Honeypot Activity Timeline (Last 30 days)
Emails per Day
↑
100│ ●●●●●●●●●●●●●●●●●●●●●
75│ ●●●●●●●●●●●●●●●●●●●●●●●●●●
50│ ●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
25│●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
0└────────────────────────────→ Day
1 5 10 15 20 25 30
● monitor@company.com
● test@company.com
● admin-trap@company.com
Honeypot Comparison¶
Compare honeypots side-by-side:
{
"honeypots": [
{
"email": "monitor@company.com",
"emails": 3456,
"threats": 2890,
"threat_rate": 0.84,
"top_threat": "spam",
"trend": "increasing",
"efficiency": "HIGH"
},
{
"email": "test@company.com",
"emails": 1247,
"threats": 834,
"threat_rate": 0.67,
"top_threat": "malware",
"trend": "stable",
"efficiency": "MEDIUM"
}
]
}
Sender Analytics¶
Top Threat Senders¶
Identify most malicious senders:
Top 10 Threat Senders
Rank │ Sender │ Emails │ Threats │ Threat % │ Blacklisted
─────┼───────────────────────┼────────┼─────────┼──────────┼────────────
1 │ spam@bad1.com │ 567 │ 567 │ 100% │ ✅ Yes
2 │ phishing@evil.com │ 456 │ 456 │ 100% │ ✅ Yes
3 │ malware@bad2.com │ 345 │ 345 │ 100% │ ✅ Yes
4 │ attacker@bad3.com │ 234 │ 234 │ 100% │ ✅ Yes
5 │ bot@bad4.com │ 189 │ 189 │ 100% │ ✅ Yes
Sender Reputation¶
Track sender reputation over time:
Sender Reputation History
spam@bad1.com Reputation Score
100│ ┌──────────────────────────────
75│ │ ╱╲
50│ │ ╱ ╲
25│ │ ╱ ╲
0│ │╱ ╲────────────────────
0└────────────────────────────→ Time
Jan Feb Mar Apr May Jun Jul
Reputation Scores: - 0-20: Very suspicious - 21-40: Suspicious - 41-60: Neutral - 61-80: Reputable - 81-100: Highly reputable
Domain Analytics¶
Analyze threat sources by domain:
Top Malicious Domains
Domain │ Emails │ Threats │ Threat % │ Reputation
───────────────────────┼────────┼─────────┼──────────┼────────────
bad-domain.com │ 1,234 │ 1,234 │ 100% │ 12/100
evil-spam.com │ 987 │ 987 │ 100% │ 15/100
phishing-site.com │ 756 │ 756 │ 100% │ 8/100
malware-host.com │ 543 │ 543 │ 100% │ 10/100
Malware Analytics¶
Malware Types¶
Breakdown of malware detected:
Malware Type Distribution
Type │ Count │ Percentage │ Trend
──────────────────┼───────┼────────────┼────────
Trojan │ 1,456 │ 52.3% │ ↑ 5%
Ransomware │ 567 │ 20.4% │ ↑ 8%
Worm │ 345 │ 12.4% │ ↓ 2%
Spyware │ 234 │ 8.4% │ → 0%
Virus │ 178 │ 6.4% │ ↓ 3%
Adware │ 99 │ 3.6% │ ↑ 1%
Rootkit │ 89 │ 3.2% │ ↑ 2%
Other │ 78 │ 2.8% │ → 0%
──────────────────┼───────┼────────────┼────────
Total │ 2,786 │ 100% │ -
Malware Trends¶
Track malware evolution over time:
Malware Trend (Last 30 days)
Count per Day
↑
50│ ●●●●●●●●●●
40│ ●●●●●●●●●●●●●
30│ ●●●●●●●●●●●●●●●●
20│ ●●●●●●●●●●●●●●●●●●●
10│●●●●●●●●●●●●●●●●●●●●●
0└────────────────────────→ Day
1 5 10 15 20 25 30
● Trojan
● Ransomware
● Worm
Malware Families¶
Identify specific malware families:
Top 10 Malware Families
Rank │ Family │ Count │ Percentage │ First Seen
─────┼───────────────────────────┼───────┼────────────┼────────────
1 │ Trojan.GenericKD │ 456 │ 16.4% │ 2026-02-15
2 │ Ransom.Locky │ 345 │ 12.4% │ 2026-02-20
3 │ Trojan.Emotet │ 234 │ 8.4% │ 2026-01-28
4 │ Worm.Conficker │ 189 │ 6.8% │ 2026-01-10
5 │ Trojan.Zeus │ 167 │ 6.0% │ 2026-02-05
Trend Analysis¶
Pattern Recognition¶
Identify recurring patterns:
graph TD
A[Pattern Recognition] --> B[Daily Patterns]
A --> C[Weekly Patterns]
A --> D[Monthly Patterns]
A --> E[Seasonal Patterns]
B --> F[Peak hours: 2-6 AM UTC]
C --> G[Peak days: Monday-Thursday]
D --> H[Peak weeks: 2nd and 4th]
E --> I[Peak seasons: Holiday periods]
style F fill:#ff6b6b
style G fill:#feca57
style H fill:#ff9ff3
style I fill:#54a0ff
Campaign Detection¶
Identify coordinated attack campaigns:
{
"campaigns": [
{
"id": "campaign_001",
"name": "Holiday Phishing Campaign",
"start_date": "2026-02-15",
"end_date": "2026-02-20",
"emails": 1,234,
"senders": 12,
"domains": 8,
"patterns": [
"Brand impersonation",
"Urgency keywords",
"Similar email templates"
],
"status": "ACTIVE"
}
]
}
Anomaly Detection¶
Identify unusual activity:
{
"anomalies": [
{
"type": "volume_spike",
"description": "Unusual increase in email volume",
"severity": "HIGH",
"detected_at": "2026-03-12T14:30:15Z",
"metrics": {
"expected": 100,
"actual": 500,
"deviation": "400%"
}
},
{
"type": "new_malware",
"description": "New malware family detected",
"severity": "CRITICAL",
"detected_at": "2026-03-12T15:00:00Z",
"malware_name": "Ransom.NewVariant.001"
}
]
}
Reporting¶
Report Types¶
Daily Digest¶
Daily summary of activity:
Daily Digest - March 12, 2026
Summary
-------
Total Emails: 428
Threats Detected: 287 (67%)
Malware: 98 | Spam: 189 | Phishing: 67
Top Threats
----------
1. spam@bad1.com - 45 emails
2. phishing@evil.com - 34 emails
3. malware@bad2.com - 28 emails
New Threats
-----------
New malware detected: Ransom.NewVariant.001
New phishing campaign: Holiday Gift Scam
Recommendations
---------------
Review 12 critical threats (score ≥ 80)
Update firewall rules for 3 new IPs
Block 2 new malicious domains
Weekly Summary¶
Comprehensive weekly analysis:
- Email volume trends
- Threat type breakdown
- Geographic distribution
- Top senders and domains
- Malware trends
- Phishing campaigns
- Anomalies and incidents
- Recommendations
Monthly Analysis¶
In-depth monthly report:
- Monthly trends and patterns
- Comparison with previous months
- Year-over-year analysis
- Detailed threat intelligence
- Campaign analysis
- Performance metrics
- Security posture assessment
- Strategic recommendations
Custom Reports¶
Create custom reports with specific parameters:
{
"report": {
"name": "Vendor Security Assessment",
"period": {
"start": "2026-03-01",
"end": "2026-03-12"
},
"filters": {
"honeypots": ["vendor-leak@company.com"],
"threat_score": {"min": 60},
"include": ["emails", "threats", "senders", "domains"]
},
"format": "pdf",
"schedule": "weekly",
"recipients": ["security@company.com", "vendor-relations@company.com"]
}
}
Report Scheduling¶
Automate report generation and delivery:
{
"schedule": {
"report_id": "monthly_threat_summary",
"frequency": "monthly",
"day_of_month": 1,
"time": "09:00",
"timezone": "UTC",
"format": "pdf",
"delivery": {
"email": true,
"recipients": ["security@company.com"],
"subject": "Monthly Threat Summary - {month}"
},
"next_run": "2026-04-01T09:00:00Z"
}
}
Export Options¶
Export Formats¶
| Format | Description | Features |
|---|---|---|
| CSV | Spreadsheet compatible | Raw data, filters applied |
| JSON | Structured data | Programmatic access |
| Formatted report | Charts, visualizations | |
| Excel | Excel workbook | Multiple sheets, formulas |
| PNG | Image format | Screenshots, presentations |
Export Configuration¶
Customize export settings:
{
"export": {
"format": "csv",
"include": {
"emails": true,
"threats": true,
"analytics": true,
"charts": true
},
"filters": {
"dateRange": {
"start": "2026-03-01",
"end": "2026-03-12"
},
"threatScore": {"min": 60}
},
"compression": "zip",
"max_size": "100MB"
}
}
Export Limits¶
| Export Type | Max Size | Max Records |
|---|---|---|
| Dashboard snapshot | 10 MB | 1,000 records |
| Custom report | 100 MB | 50,000 records |
| Full export | 1 GB | 500,000 records |
Large Exports
Large exports are processed asynchronously and delivered via email or download link.
Best Practices¶
1. Regular Monitoring¶
- Daily: Review daily digest
- Weekly: Analyze weekly trends
- Monthly: Comprehensive monthly review
- Quarterly: Strategic assessment
2. Trend Analysis¶
- Track patterns: Identify recurring attack patterns
- Spot anomalies: Detect unusual activity early
- Correlate events: Link related threats
- Forecast trends: Predict future threats
3. Report Distribution¶
- Security team: Daily/weekly detailed reports
- Management: Monthly executive summaries
- Compliance: Quarterly compliance reports
- Audit: Annual comprehensive reports
4. Data Retention¶
- Raw data: 180 days (GDPR compliant)
- Analytics: 365 days
- Threat intelligence: Indefinite (anonymized)
- Reports: Based on retention policy
Troubleshooting¶
Analytics Not Updating¶
Symptom: Analytics showing stale data
Solutions: 1. Refresh browser (Ctrl+F5 / Cmd+Shift+R) 2. Check internet connection 3. Verify API status 4. Clear browser cache 5. Contact support if persistent
Reports Not Sending¶
Symptom: Scheduled reports not delivered
Solutions: 1. Verify email recipients are correct 2. Check spam folder 3. Verify report schedule settings 4. Check email service status 5. Recreate report schedule
Export Fails¶
Symptom: Export process fails
Solutions: 1. Reduce date range 2. Check available disk space 3. Verify export format is supported 4. Try smaller export size 5. Contact support for large exports
Next Steps¶
- Reports - Generate custom reports
- API: Analytics - Programmatic analytics access
- Technical Guide - Deep dive into architecture
Need Help?¶
- FAQ - Common questions
- Troubleshooting - Solve issues
- API Documentation - API reference
- Contact - Get support