Trending Dashboard¶

SentriKat's trending dashboard gives you a time-series view of your vulnerability posture so you can see whether things are improving or getting worse at a glance.

What it shows¶

Three chart widgets, built with Chart.js, each driven by daily snapshots:

Open Critical/High over time — line chart, last 30/60/90 days
KEV findings over time — line chart with a band for newly-published KEVs
Mean time to fix (MTTF) — moving average by severity

Each chart has three views selectable from the view toggle:

Last 30 days (daily resolution)
Last 90 days (daily resolution)
Last 12 months (weekly resolution)

Data source¶

The dashboard is fed by daily snapshots (02:00, in the configured display timezone) taken by the background scheduler:

Every day, SentriKat takes a point-in-time snapshot of:
Open findings by severity
Open findings that are CISA KEV
Count of assigned vs unassigned findings
Count of risk-accepted findings
Time-to-fix for each finding closed since the previous snapshot
Snapshots are stored in the trend_snapshots table
Snapshots older than 2 years are pruned by the retention scheduler

No customer data leaves SentriKat for the trending dashboard — all aggregation is local.

Accessing the dashboard¶

Go to Dashboard (home page of the customer portal).
The trending widgets appear after the compliance score and the Critical/High counts.
Use the view toggle in the top right of each widget to switch between 30d / 90d / 12mo.

Per-product view¶

You can also see the trend for a single product:

Go to Products → pick a product.
Scroll to the Trending section.
Same three widgets, scoped to the product's findings.

Interpreting the charts¶

Open Critical/High chart¶

Each line is the count of open (not resolved, not risk-accepted) findings at that severity at that point in time.

Downward slope = you're fixing faster than new findings come in. Good.
Flat high = you're keeping up but not making progress. Look at your SLA policy and assignment rules.
Upward slope = findings accumulating. Something is broken in your remediation pipeline.

KEV chart¶

The blue line is open KEV findings at that time. The grey band at the top marks newly-published KEVs across the industry (not necessarily in your inventory) so you can see whether a spike on your side correlates with an industry-wide event.

MTTF chart¶

Mean time to fix, calculated from closed findings only. Shows how long it typically takes to get from detection to closure, broken out by severity.

Targets to aim for (matching CISA BOD 22-01):

Critical KEV: ≤ 14 days
Critical non-KEV: ≤ 21 days
High: ≤ 30 days
Medium: ≤ 90 days

Exporting trend data¶

The underlying snapshots are queryable via the API:

curl -sf \
  -H "Authorization: Bearer $SENTRIKAT_API_KEY" \
  "https://sentrikat.example.com/api/vulnerabilities/trends?since=2026-01-01" \
  -o trends.json

Response is a JSON array of {timestamp, open_critical, open_high, open_kev, mttf_days} objects, one per time bucket.

Useful for feeding external BI tools like Grafana or Metabase.

Troubleshooting¶

"No data for this range"¶

The trending dashboard shows nothing during the first day after installation — it needs at least one snapshot to plot anything. Wait for the next daily snapshot (02:00).

Gaps in the chart¶

Gaps usually mean the scheduler was stopped (the SentriKat application was down). Check the admin health page.

MTTF shows zero¶

MTTF only counts findings closed within the time window. If nothing has been closed yet, the chart is empty. This is expected on a fresh install.