Dashboard Guide¶
The Smailander dashboard provides real-time visibility into your email honeypot operations, threat detection activities, and security intelligence.
Dashboard Overview¶
Main Dashboard Layout¶
┌─────────────────────────────────────────────────────────────┐
│ Header: Logo, Navigation, User Profile, Dark/Light Toggle │
├─────────────────────────────────────────────────────────────┤
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Total │ │ Threats │ │ Honeypots│ │ Active │ │
│ │ Emails │ │ Detected │ │ Active │ │ Alerts │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
├─────────────────────────────────────────────────────────────┤
│ Charts and Visualizations Section │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Threat Distribution (Donut Chart) │ │
│ └─────────────────────────────────────────────────────┘ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Geographic Distribution (World Map) │ │
│ └─────────────────────────────────────────────────────┘ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Activity Timeline (Line Chart) │ │
│ └─────────────────────────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ Recent Emails Table │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Time | From | Subject | Threat Score | Actions │ │
│ └─────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
Key Metrics Cards¶
Total Emails¶
The Total Emails card displays the cumulative count of all emails received across all your honeypots.
- What it shows: Total email count
- Update frequency: Real-time (updates within seconds)
- What it means: Indicates volume of traffic your honeypots are attracting
Interpretation
- High volume: Your honeypots are well-placed and visible
- Low volume: Consider placing honeypots in more visible locations
- Sudden spike: Possible new attack campaign or data breach
Threats Detected¶
The Threats Detected card shows the number of emails classified as malicious.
- What it shows: Count of emails with threat score ≥ 50
- Types tracked:
- Malware (ClamAV detected)
- Spam (SpamScanner score ≥ 70)
- Phishing (URL patterns or content analysis)
- Update frequency: Real-time
Alerts
If threats detected spike significantly, you may need to: - Check for active attack campaigns - Verify if a data breach has occurred - Update your security rules
Active Honeypots¶
The Active Honeypots card displays the number of honeypots currently receiving emails.
- What it shows: Count of honeypots with recent activity (last 30 days)
- Inactive honeypots: Those without emails in 30 days are excluded
- Update frequency: Every hour
Note
Click this card to view all honeypots and manage their status
Active Alerts¶
The Active Alerts card shows urgent notifications requiring attention.
- What it shows: Number of unacknowledged alerts
- Alert types:
- High-threat emails (score ≥ 80)
- Malware detected
- Suspicious patterns identified
- System events
- Update frequency: Real-time
Taking Action
Click this card to: - View alert details - Acknowledge alerts - Investigate threats - Export alert data
Charts and Visualizations¶
Threat Distribution¶
The Threat Distribution donut chart shows the breakdown of email classifications.
┌─────────────────────────────────────┐
│ Threat Distribution │
│ │
│ ┌───────────────┐ │
│ ╱ Malware ╲ 35% │
│ ╱ ╲ │
│ │ SpamScanner │ 40% │
│ ╲ ╱ │
│ ╲ Phishing ╱ 25% │
│ └───────────────┘ │
│ │
│ Malware: 35% | Spam: 40% | Phishing: 25% │
└─────────────────────────────────────┘
What it tells you: - Malware dominant: Attackers sending infected attachments - Spam dominant: Bulk spam campaigns targeting your honeypots - Phishing dominant: Sophisticated social engineering attacks
Using this data
- Adjust detection thresholds based on threat mix
- Focus security resources on dominant threat type
- Create custom rules for specific threat patterns
Geographic Distribution¶
The Geographic Distribution world map shows where email sources are located.
Color coding: - 🟢 Green: Low threat volume - 🟡 Yellow: Medium threat volume - 🔴 Red: High threat volume
What it tells you: - Geographic patterns: Identify regions with high attack volume - Targeted attacks: Specific regions may indicate targeting - Proxy/VPN usage: Anomalous geographic patterns
Actionable insights
- Block high-threat regions in firewall rules
- Investigate unexpected geographic sources
- Create region-specific alerting rules
Activity Timeline¶
The Activity Timeline line chart shows email volume and threats over time.
Volume
↑
100│ ╱╲ ╱╲
80│ ╱ ╲ ╱ ╲
60│ ╱ ╲ ╱ ╲
40│ ╱ ╲ ╱ ╲
20│╱ ╲ ╱ ╲
0└─────────────────────────→ Time
Mon Tue Wed Thu Fri Sat Sun
What it tells you: - Patterns: Identify regular attack cycles - Trends: Spot increasing or decreasing threat levels - Anomalies: Detect unusual spikes or drops
Pro analysis
- Compare timeline with security events
- Correlate with external threat intelligence
- Identify attack patterns and timing
Recent Emails Table¶
Table Overview¶
The Recent Emails table shows the most recent emails received across all honeypots.
| Column | Description | Example |
|---|---|---|
| Time | When email was received | 2026-03-12 14:30:15 UTC |
| From | Sender email address | attacker@malicious.com |
| To | Honeypot email address | test@company.com |
| Subject | Email subject line | Urgent: Account compromised |
| Threat Score | Overall threat rating (0-100) | 85 - THREAT |
| Actions | Available actions | View, Analyze, Delete |
Threat Score Indicators¶
| Score | Color | Label | Action |
|---|---|---|---|
| 80-100 | 🔴 Red | CRITICAL | Immediate investigation |
| 60-79 | 🟠 Orange | THREAT | Analyze and respond |
| 40-59 | 🟡 Yellow | SUSPICIOUS | Monitor and review |
| 20-39 | 🟢 Light Green | LOW RISK | Log and archive |
| 0-19 | ✅ Green | CLEAN | No action needed |
Available Actions¶
View Email¶
Click View to see complete email details: - Full email headers - Email body content - Attachments (safe preview) - Threat analysis details - SMTP analysis results
Analyze Threat¶
Click Analyze to perform deep threat analysis: - Correlation with other emails - Pattern matching - Reputation checks - Threat intelligence lookup
Download Email¶
Click Download to export the email: - EML format: Original email format - JSON format: Structured data - PDF format: Readable report
Delete Email¶
Click Delete to permanently remove the email: - Warning: This action is irreversible - Audit: Deletion is logged - Compliance: May affect GDPR retention policies
GDPR Consideration
Deleting emails before the 180-day retention period may affect: - Compliance with data retention policies - Threat intelligence collection - Audit trail completeness
Filtering and Search¶
Filter Panel¶
The filter panel allows you to narrow down emails based on multiple criteria.
{
"dateRange": {
"start": "2026-03-01",
"end": "2026-03-12"
},
"threatScore": {
"min": 70,
"max": 100
},
"honeypot": "all",
"threatType": ["malware", "phishing"],
"sender": "malicious.com",
"sortOrder": "descending",
"limit": 50
}
Filter Options¶
| Filter | Options | Description |
|---|---|---|
| Date Range | Custom range presets | Filter by time period |
| Threat Score | Min/Max slider | Filter by threat level |
| Honeypot | Dropdown list | Filter by honeypot |
| Threat Type | Multi-select checkboxes | Filter by threat classification |
| Sender | Text search | Filter by sender domain |
| Sort Order | Ascending/Descending | Sort by any column |
| Results Limit | 10-100 per page | Control pagination |
Advanced Search¶
Use the advanced search bar for complex queries:
Examples:
- threat_score:>80 AND threat_type:malware
- sender:"@malicious.com" AND date_range:"last_7_days"
- honeypot:"test@company.com" OR honeypot:"monitor@company.com"
Real-Time Updates¶
Live Notifications¶
The dashboard updates in real-time as new emails arrive:
sequenceDiagram
participant Email as Email Arrives
participant API as Smailander API
participant DB as Database
participant WS as WebSocket
participant UI as Dashboard UI
Email->>API: New email webhook
API->>DB: Store email
API->>API: Analyze threat
API->>WS: Broadcast update
WS->>UI: Real-time notification
UI->>UI: Update dashboard
Features: - Live indicator: Shows real-time connection status - Toast notifications: Brief alerts for new threats - Auto-refresh: Dashboard updates automatically - Manual refresh: Available via refresh button
Notification Settings¶
Customize notification preferences:
{
"notifications": {
"real_time": true,
"sound": true,
"desktop": false,
"email_digest": {
"enabled": true,
"frequency": "daily"
}
}
}
Dashboard Settings¶
Customization Options¶
Time Zone¶
Set your preferred time zone for timestamps: - Default: UTC - Options: All standard time zones - Impact: Affects all time displays
Refresh Rate¶
Control how often the dashboard updates: - Real-time: Updates on new email (WebSocket) - 10 seconds: Manual refresh interval - 30 seconds: Manual refresh interval - 1 minute: Manual refresh interval - 5 minutes: Manual refresh interval
Performance
Higher refresh rates consume more bandwidth. Adjust based on your needs.
Theme¶
Choose between light and dark mode: - Light: Clean, professional appearance - Dark: Reduced eye strain, better for low-light environments - Auto: Follows system preference
Card Layout¶
Customize which metric cards are displayed and their order: - Drag and drop to reorder - Toggle cards on/off - Save custom layouts per user
Export Options¶
Export dashboard data in multiple formats:
| Format | Use Case | Features |
|---|---|---|
| CSV | Spreadsheet analysis | Full data, filters applied |
| JSON | Programmatic use | Structured data, API-compatible |
| Reports and presentations | Formatted, charts included | |
| PNG | Screenshots | Dashboard snapshot |
Keyboard Shortcuts¶
Speed up your workflow with keyboard shortcuts:
| Shortcut | Action |
|---|---|
N | Create new honeypot |
R | Refresh dashboard |
F | Open filter panel |
S | Open search |
D | Dark/Light mode toggle |
E | Export current view |
? | Show keyboard shortcuts |
Best Practices¶
1. Regular Monitoring¶
- Check daily: Review dashboard at least once per day
- Set alerts: Configure alerts for high-threat emails
- Trend analysis: Review weekly and monthly trends
2. Filter Management¶
- Save filters: Create saved filters for common queries
- Use presets: Leverage date range presets (Last 7 days, etc.)
- Combine filters: Use multiple filters for precise results
3. Response Prioritization¶
- Critical threats (80-100): Immediate investigation
- Threats (60-79): Analyze within 24 hours
- Suspicious (40-59): Review weekly
- Low risk (0-39): Archive and monitor
4. Data Retention¶
- Follow policy: Respect GDPR 180-day retention
- Export important: Export critical threats for external analysis
- Audit trail: Maintain logs of all actions
Troubleshooting¶
Dashboard Not Updating¶
Symptom: Dashboard shows stale data
Solutions: 1. Check internet connection 2. Refresh browser (Ctrl+F5 / Cmd+Shift+R) 3. Verify WebSocket connection status 4. Clear browser cache 5. Check API status page
Slow Loading¶
Symptom: Dashboard takes long time to load
Solutions: 1. Reduce number of displayed items 2. Increase refresh rate 3. Check browser performance 4. Verify network speed 5. Contact support if persistent
Missing Data¶
Symptom: Some honeypots or emails not showing
Solutions: 1. Check filter settings 2. Verify date range includes desired period 3. Confirm honeypot is active 4. Check for browser console errors 5. Verify user permissions
Next Steps¶
- Honeypot Management - Create and manage honeypots
- Email Monitoring - Deep dive into email analysis
- Threat Detection - Understanding threat scoring
- Analytics - Advanced analytics and reporting
Need Help?¶
- FAQ - Common questions
- Troubleshooting - Solve issues
- API Documentation - API reference
- Contact - Get support