Dashboards:
– tuned soup (app)
– things that got in (waf bypass, rasp)
– things that might be getting out (exfil, PCI-dss?)
– stuff that bounced off (e.g. public scanners)
– stuff AV / IPS is pretty sure it destroyed (but you might want to check)
– Honeypots / IDS (booby traps)