AIEGIS IT Dashboard Manual

Chapter 01

What Is the IT Dashboard

The IT Dashboard is where your team reviews, investigates, and acts on AI policy violations caught by AIEGIS in real time. Every blocked or flagged AI interaction that happens on your organisation's devices appears here.

What the Dashboard Shows

AIEGIS enforces AI policy silently in the background. When an employee's browser or desktop app sends a request to an AI vendor (ChatGPT, Claude, Gemini, etc.) that violates policy, AIEGIS blocks or warns — and logs that event. The IT Dashboard is the window into all of those events.

Feature	What It Does
Stats Bar	Live counts of blocks, warnings, pending reviews, and 24-hour activity
Violations Table	Every flagged AI interaction — agent, action, decision, threats detected, timestamp
IT Actions	Log responses: notify employee, add note, escalate, recommend training, mark done
Filter Bar	Filter by decision type (Block / Warn) or review status (Pending / Reviewed)
Auto-refresh	Table refreshes every 30 seconds. No manual reload needed.

Good to Know

The dashboard does not modify employee behaviour directly. AIEGIS does that in real time. The dashboard is your audit trail and response log.

What the Dashboard Does Not Show

AIEGIS is scoped to AI traffic only. You will not see general web browsing, email, or non-AI application activity. Requests that passed AIEGIS with an ALLOW decision do not appear in the violations table.

Chapter 02

Accessing the Dashboard

The Violation Centre requires an admin key. This prevents employees from viewing each other's records or altering the audit trail.

URL Format

Address Bar

https://aiegis.ie/it/violations?key=YOUR_ADMIN_KEY

Replace YOUR_ADMIN_KEY with the admin key provided by your AIEGIS deployment owner. Treat the URL like a password — do not share it externally.

Security Note

Bookmark the dashboard URL with your key included. If you suspect the key is compromised, contact your deployment owner immediately to rotate it.

Without a Key

If you visit /it/violations without a key, the table displays an authentication error. No violation data is exposed without the key.

Chapter 03

Reading the Stats Bar

The stats bar gives you a live pulse on AI policy activity across your organisation. It updates automatically every 30 seconds.

Stats Bar — Live Example

247

Total Violations

31

Blocked

216

Warnings

18

Pending Review

229

Reviewed

14

Last 24 Hours

Stat	Meaning	When To Act
Total Violations	All blocks + warnings since deployment	Baseline reference
Blocked	Requests stopped before reaching the AI vendor	Review all — real enforcement occurred
Warnings	Requests that passed but were logged	Spot-check regularly for patterns
Pending Review	Violations not yet actioned by IT	Clear this queue daily
Reviewed	Violations where an IT action was taken	Audit trail — no action needed
Last 24 Hours	New violations in the past 24 hours	A spike here means investigate now

Chapter 04

The Violations Table

Each row is one flagged AI interaction. The table shows you who, what, why, and when — everything you need to assess and respond.

Violations Table — Row Example

Sales Assistant

agt_a1b2c3

BLOCK

Send message → api.openai.com

Today 14:32

Notify

Note

Escalate

Training

✓ Done

Column Breakdown

Column	What It Shows
Agent	Name and ID of the AI agent or tool that triggered the violation. Name is set at registration; ID is the system identifier.
Action / Target	What the agent was trying to do and where — e.g. "Send message" to api.openai.com.
Decision	BLOCK (stopped) or WARN (passed with flag). See Chapter 10.
Threats	Which AIEGIS layers flagged the request. Hover tags for full detail. See Chapter 11 for layer definitions.
Time	When the event occurred, in your local timezone.
IT Actions	Buttons to log your response. Actions taken appear as tags below the buttons. Reviewed rows are dimmed.

Chapter 05

Filtering and Searching

The filter bar above the table lets you narrow violations to exactly what you need to review right now.

Decision Filter

1

All Decisions (default) Shows both BLOCK and WARN violations. Use for a full picture of the day's activity.

2

Blocks Only Filter to only stopped requests. Priority queue — an employee was blocked from reaching an AI vendor.

3

Warnings Only Filter to requests that passed but were logged. Use for pattern detection — repeat warnings often precede a block.

Status Filter

1

Pending Review Violations where no IT action has been taken. Start your shift here — this is your open queue.

2

Reviewed Already actioned violations. Use to audit past decisions or retrieve a note you added earlier.

Recommended Daily Workflow

Start with Blocks Only + Pending Review. Clear that queue first. Then switch to All Decisions + Pending Review for warnings. End with a scan of Last 24h in All Decisions view.

Chapter 06

Reviewing a Violation

Every violation needs a human decision. This chapter walks you through the review process step by step.

1

Read the agent and action Identify who triggered the violation and what they were trying to do. Is this a known agent running expected behaviour, or something unexpected?

2

Check the decision and threats BLOCK or WARN? Which layers flagged it? Hover over threat tags for full descriptions. Layer numbers map to security categories in Chapter 11.

3

Decide: false positive or real? If the block looks like a legitimate request that should not have been flagged, note it and consider a policy adjustment. If it looks like a real violation, escalate or notify the employee.

4

Take an IT action Log what you did. At minimum, click "Done" so the row leaves the pending queue and your review is recorded.

Important

Clicking "Done" marks the violation reviewed in AIEGIS only. It does not notify the employee or trigger any external system. All notifications and escalations must be done manually.

Chapter 07

IT Actions Explained

Each action button logs a response against the violation record. Actions are cumulative — you can take multiple on the same violation. All actions appear as tags in the row so you can see at a glance what has already been done.

Notify

Logs that you notified the employee about the violation. Does not send a notification automatically — you still need to contact them directly via your normal channel.

Note

Opens a text field for a free-form investigator note. Notes are stored with the violation record and visible when you revisit it later.

Escalate

Logs that the violation has been escalated to incident response. Use for violations that represent a genuine security concern beyond IT review.

Training

Logs a training recommendation. Use when a block appears to be a policy misunderstanding — the employee needs guidance on what AIEGIS allows and why.

✓ Done

Marks the violation as reviewed. The row dims and leaves the Pending queue. Always click Done when finished reviewing, even if you took no other action.

Chapter 08

Adding Notes

Notes are your investigator's log. Use them to capture context that is not obvious from the raw violation data.

1

Click "Note" on any violation row A modal window appears with a text field.

2

Type your note Include what you found, what action you took outside AIEGIS, or what follow-up is needed. Example: "Employee confirmed this was testing a new workflow — approved pattern, not a policy violation."

3

Click Save The note is stored with the violation. An "add_note" tag appears in the IT Actions column confirming it was logged.

Good Practice

Notes are part of your audit trail. Write them as if a colleague will read them in six months — because they might. Avoid abbreviations that only make sense in the moment.

Chapter 09

Escalation Workflow

Not all violations are IT-resolvable. Use this guidance when a violation suggests a genuine security incident.

When to Escalate

Signal	Recommended Action
Multiple BLOCK violations from the same agent in a short window	Escalate — may indicate a rogue or compromised agent
Threat tags reference data exfiltration (L8, L12)	Escalate + notify employee immediately
Agent ID is unknown or not registered in your organisation	Escalate — unauthorised agent accessing AI infrastructure
Single isolated block from a known agent doing routine work	Note + Done — likely false positive
Repeated warnings from same agent, boundary being tested	Training recommendation + monitor

AIEGIS Does Not Escalate Automatically

Clicking "Escalate" logs the action in the dashboard only. Your organisation is responsible for the actual escalation process — email to your security team, incident management ticket, or your defined IR procedure. AIEGIS gives you the evidence; you drive the response.

Chapter 10

What Each Decision Means

Every violation carries one of two decisions. Understanding the difference shapes how urgently you respond.

Decision	What Happened	Employee Experience	IT Priority
BLOCK	AIEGIS intercepted the request before it reached the AI vendor. The request never left the device.	Browser extension: fetch call returns a synthetic 403. Mac agent: request is silently dropped. The employee's tool may show an error or timeout.	High — review within the working day
WARN	AIEGIS flagged the request but allowed it through. The AI vendor received the request and responded normally.	No visible change. The interaction completed normally.	Medium — clear within the week
REVIEWED	An IT administrator took an action on this violation and marked it done.	No employee impact	Closed — audit trail preserved

Chapter 11

Threat Categories

AIEGIS runs 15 security layers. Threat tags in the violations table show which layers flagged a request. Each layer number maps to a specific threat category.

Layer	Category	What It Catches
L1	Agent Identity	Unregistered or spoofed agent identities
L2	Language Baseline	Communication outside expected language patterns
L3	Transport Security	Unencrypted or invalid certificate connections
L4	Prompt Injection	Attempts to hijack or redirect AI instructions
L5	Data Leakage	PII, credentials, or sensitive data in outbound requests
L6	Authorisation	Requests outside the agent's permitted scope
L7	Rate & Quota	Abnormal request volumes or quota abuse
L8	Exfiltration	Data moving to unexpected external destinations
L9	Meta-Security	Requests about the security system itself
L10	Behavioural	Unusual patterns in agent behaviour over time
L11	Payload Analysis	Malicious or policy-violating content in the request body
L12	Governance	EU AI Act and compliance framework violations
L13	MCP Registry	Unregistered or unauthorised tool use in MCP contexts
L14	Session Integrity	Replayed, forged, or tampered sessions
L15	Audit	Events that bypass or interfere with the audit trail

Multiple Layers Can Flag One Request

A single violation can be flagged by more than one layer. A request containing PII sent over an unencrypted channel shows both L3 and L5 threat tags. The decision (BLOCK or WARN) is determined by the most severe layer that triggered.

Chapter 12

Troubleshooting

Common issues IT administrators encounter and how to resolve them.

Authentication Error in the Table

Symptom

"Authentication required — add ?key=YOUR_ADMIN_KEY to the URL" appears in the table body.

You are viewing the dashboard without a valid admin key. Add ?key=YOUR_KEY to the URL. If you do not know the key, contact your AIEGIS deployment owner.

Stats Bar Shows Dashes

The stats API returned an error. This can happen when the AIEGIS service is restarting or the admin key is invalid. Wait 30 seconds and refresh. If it persists, verify the service status with your deployment owner.

Table Shows No Violations

Either no violations have occurred (normal for a new deployment), or the current filter is too narrow. Clear all filters and click Refresh. If you expect violations but see none, verify that employees have the browser extension installed and active.

Action Buttons Are Unresponsive

Check your browser console for JavaScript errors. Ensure your admin key is still in the URL — navigating within the page can lose it. Reload the full URL including the key.

Further Support

Technical documentation at /developer. For deployment issues, contact your AIEGIS deployment owner or support@aiegis.ie.