Skip to content
KYRA MDR Documentation

Management Console

Management Console

The KYRA MDR Management Console is a multi-tenant SOC analyst dashboard that provides security operations teams with a unified interface for alert triage, incident management, asset inventory, compliance tracking, and threat intelligence.

Console Features

Dashboard

SOC overview with real-time metrics — alert statistics, severity breakdown, SLA compliance, MITRE ATT&CK coverage, ingestion rate, analyst workload, and trend charts.

Detections

Alert management with advanced search, filtering, bulk actions (assign, acknowledge, suppress, tag), severity badges, and similar-alert correlation.

Incidents

Full incident lifecycle management — create, assign, investigate, escalate. Includes task tracking, timeline visualization, comments, and linked alert management.

Assets

Asset inventory with risk scores, criticality tagging, vulnerability tracking, and export capabilities. Groups endpoints, servers, and cloud resources per tenant.

Timeline

Chronological event timeline across alerts and incidents for investigative workflows with full-text search and date range filtering.

Connectors

Data source integration management — health monitoring, connectivity testing, and configuration for third-party security tool connectors.

Compliance

Compliance posture dashboard with framework mappings (ISMS-P, ISO 27001, SOC 2, PCI-DSS, TISAX, CMMC, GDPR, CCPA, NIST CSF), control status tracking, and audit evidence collection.

Threat Intelligence

Threat intelligence feed management — IOC search, enrichment lookups (IP, domain, file hash), and correlation with internal alerts.

Detection Rules

Detection rule management — view, enable/disable, tune, and test detection logic with rule simulation capabilities.

Playbooks

Automated response playbook management — SOAR-lite workflow definitions for common alert types with execution history and dry-run testing.

Reports

On-demand and scheduled report generation with downloadable PDF/CSV output, progress tracking, and email delivery.

Authentication & Access Control

Authentication Methods

  • Email/password login with JWT-based sessions
  • Single Sign-On (SSO) via Okta, Azure AD, Google, or any OIDC provider
  • Two-factor authentication (TOTP) with backup recovery codes
  • API key management for programmatic access

Role-Based Access Control

RolePermissions
AdminFull access including tenant management, SSO configuration, user management
AnalystAlert/incident management, playbook creation, compliance evidence, report generation
ViewerRead-only access to dashboards, alerts, incidents, assets, compliance, reports

Fine-Grained Permissions

Permissions are defined as domain-level access controls (e.g., alerts, incidents, compliance, reports, settings), allowing granular control over user capabilities.

Real-Time Features

  • Push Notifications: Real-time alert notifications with severity-based filtering and aggregation
  • Live Dashboard Updates: Automatic data refresh across all dashboard metrics
  • Critical Alert Badges: Visual indicators for active critical and high-severity alerts
  • System Health Monitoring: Live connector health status with degraded/offline indicators

Multi-Tenant Isolation

Each tenant sees only their own data. Tenant isolation is enforced through:

  • JWT-based authentication with tenant-scoped claims
  • All API queries automatically filtered by tenant context
  • Cross-tenant resource access prevention at every layer
  • Separate data partitions per tenant

Security Features

  • Session management with automatic token refresh and expiry
  • CORS protection with origin allowlisting
  • Rate limiting per tenant based on service tier
  • Security headers (frame protection, content type enforcement, referrer policy)
  • Comprehensive audit logging of all user actions