Admin Dashboard

Manage users, registrations, and platform settings

Analytics Platform Logs

Total Users

Pending Approval

Approved Users

Today's Registrations

CVE elaborations stored

Elab. refresh quota (UTC)

CVE public elaboration

User-triggered refreshes share a global daily cap (see env CVE_ELABORATED_REFRESH_DAILY_CAP).

Time (UTC)	CVE	Kind	Triggered by
Loading…

Pending Registrations

User	Organization	Team Size	Source	Tier	Submitted	Actions
Loading...

Active Users

in selected period

Total Page Views

CVE pages visited

Avg Session Time

per page view

Monthly Active Sessions

distinct user–month pairs

All Users

Time period:

	User	Organization	Tier	Status	Source	Registered	Actions
Loading...

Create New User

Create a new user account. The user will be able to log in immediately with the provided credentials.

Email *

Password *

Send Cognito invitation email (user signs in with this password and is asked to change it)

Full Name

Organization

Industry

Role *

Regular admins can only create User and Admin roles.

Tier

Reset User Password

Reset a user's password. Enter their user ID or search by email.

User ID *

New Password *

Email the user a Cognito reset code so they can choose their own password

Admin Audit Log

Timestamp	Admin	Action	Target User	Details
Loading...

AIE Web Scraping Settings

Configure default WSP pipeline, upload credential JSON via secure placeholder reference, and monitor pipeline usage.

Default Pipeline Effective default when request selection is global_default.

WSP-2 Daily Budget (USD) Budget guard placeholder for WSP-2 serving.

Credential JSON (Reference Upload)

Raw JSON is never returned by API responses; only credential_ref and metadata are shown.

Label (optional)

Credential JSON

Usage Summary

No usage data loaded.

Slack Workspaces

Connect one or more Slack workspaces for your internal admin organisations. Each workspace authenticates via OAuth 2 and can be assigned to specific event types.

Checking connected workspaces...

Event Routing

Map each alert type to a Slack channel. The default channel applies globally; surface-level overrides (e.g. MPI Pipeline) take precedence.

Event	Enabled	Workspace	Default Channel	Interactive	Test	Last Delivery
Loading event config...

Outbound Webhooks

Generic webhook delivery for non-Slack integrations (Zapier, custom endpoints).

Add New Webhook

Name

Type

Webhook URL

Events

New Registration Approved Rejected Revoked Role Changed

Name	Type	URL	Events	Triggers	Actions
Loading...

Slack Delivery Log

Time	Event	Organisation	Channel	Status	Error
Loading...

API Key Management

Generate New API Key

Warning: API keys are shown only once when created. Copy it immediately!

Scope

Expires In

Name (Optional)

Vertex Gemini Validation

Configure admin-managed Vertex Gemini validation profile and budget guardrails for AIE actions.

Project

Location

Model

Daily Budget (USD)

Enable Vertex Gemini validation profile

Credential JSON Secrets are submitted only to backend routes. This UI never echoes raw credentials back.

Usage: -

Spend: -

Credits: -

Last Update: -

PAI (Internal) Key Management

Restricted: Internal-only access for Phoenix Global Admins. MFA enforcement will be added later.

Internal API Docs

API Resources

Public API

Swagger Documentation

PAI (Internal)

Swagger Documentation

Data Shield Guard Telemetry

Total Events: 0

Last Updated: -

Event	Endpoint	IP	Count	TTL (s)
No telemetry yet.

Your API Keys

Name	Key Prefix	Scope	Created	Expires	Usage	Status	Actions
Loading...

Total Feedback

Good Ratings

Bad Ratings

Unique CVEs

AI Feedback Review

CVE ID	Section	Rating	Reasons	Comment	User	AI Source	Submitted
Loading feedback data...

Showing 0 of 0 entries

Page 1

Section Performance

Loading section performance...

0-Day Admin Monitoring

EXPERIMENTAL

Configure organization-wide 0-day monitoring. Recommended repos are scanned using admin LLM credentials and findings are shared with all subscribers. Personal Monitoring allows users to add their own repos with personal keys.

This is an experimental function. Results may not be accurate - please double-check the logic and findings before taking action.

Total Monitors

Active Monitors

Total Findings

Vuln Patches

Recommended Repos

Total Subscribers

Global Settings

Scan Interval (minutes) How often to check for new commits

Max Commits Per Scan Maximum commits to analyze per scan

Default User Daily Budget (USD) Default daily spending limit for users

Allow User Custom Repos

Admin LLM Provider Provider for recommended repo scans

Use Admin Key for Recommended

Slack Alerts Notify when new vulnerabilities are detected Uses the existing Slack bot integration

Slack Channel

Checking Slack configuration...

NPM Malicious Package Scanner

Control which npm packages and patterns are monitored by the malicious package scanner.

Packages (one per line) Format: package-name | reason (optional)

Patterns (regex, one per line) Format: regex | reason (optional)

Last updated: -

Recommended High-Risk Packages

Package	Repository	Ecosystem	Risk Score	Vulns	Subscribers	Actions
Loading recommended packages...

Vuln Weekly Pipeline

Cost Summary $0.00

This Month $0.00 / 0 jobs

All Time $0.00 / 0 jobs

Monthly Budget

$0.00 / $50.00

Queued 0

In Progress 0

Completed 0

Failed 0

Error Log

No errors

Pipeline Configuration

Min Source Score

Max Sources / Job

Tier Weight

Novelty Weight

Content Type Weight

Freshness Weight

LLM Provider

LLM Model

Slack Channel

Tip: Paste a channel ID (C0XXXXXXX) or Slack link if channel not listed

Slack Drive

Drive Folder

Monthly Budget ($)

Enable Budget Alert

Integrations

Slack

Checking...

Setup guide

Google Drive

Checking...

Setup guide

NotebookLM MCP

Enabled

Browser-based NotebookLM automation via nlm CLI. Creates notebooks with sources and generates podcasts automatically.

Open NotebookLM

Vertex AI Optional: Veo video, Imagen images, Deep Search (requires GCP credentials)

GCP Project ID (Vertex AI)

Alphanumeric ID for Veo/Imagen. How to find?

Enterprise Media Generation

Optional AI-powered media generation using Vertex AI (Veo for video, Imagen 3 for images)

Deep Search (Gemini research)

Veo Video

Infographics (3 versions, Imagen 3)

Blog Images (16:9 + square, Imagen 3)

NotebookLM MCP (auto-create via CLI)

Media generation requires roles/aiplatform.user role. See "Grant Vertex AI API Access" below. Prompts saved to prompts_used.json

Vertex AI Console

Click "Test Connection" to check all features

How to Grant User Access

1. Grant Cloud NotebookLM User Role

Go to Google Cloud Console → IAM
Select your NotebookLM Enterprise project
Click Grant Access
Enter user email in "New principals"
Select role: Cloud NotebookLM User
Click Save

2. Assign NotebookLM Enterprise License

Go to Gemini Enterprise page
Click Manage users under NotebookLM Enterprise
Add user email and assign subscription license
Or enable automatic license assignment

3. Share the UI Link

Go to Gemini Enterprise → Manage under NotebookLM Enterprise
Copy the unique NotebookLM Enterprise URL
Share with users who need access

Required roles: Cloud NotebookLM Admin (for setup) or Project Owner

Grant Vertex AI API Access (Media Generation)

To enable Veo video and Imagen 3 image generation, users need the roles/aiplatform.user role.

gcloud CLI Command

gcloud projects add-iam-policy-binding PROJECT_ID \
  --member='user:user@example.com' \
  --role='roles/aiplatform.user'

Parameters:

PROJECT_ID - Your GCP project ID (e.g., vulndb-486619)
user@example.com - Email of the user to grant access
roles/aiplatform.user - Grants access to deploy models, run predictions, and use Vertex AI services

Alternative: Console UI

Go to IAM & Admin → IAM
Click Grant Access
Enter user email in "New principals"
Select role: Vertex AI User (or search for aiplatform.user)
Click Save

gcloud projects add-iam-policy-binding documentation

GCP Service Account Credentials

Upload a GCP Service Account JSON key to enable Vertex AI and NotebookLM API access.

Upload Service Account JSON

Drop JSON file here or click to browse

Service account key from GCP Console

Or paste JSON contents:

How to create a service account?

Go to GCP Console → IAM → Service Accounts
Click Create Service Account
Name it (e.g., "phoenix-vuln-weekly")
Grant roles: Vertex AI User, Cloud NotebookLM User
Click Done, then click on the service account
Go to Keys tab → Add Key → Create new key → JSON
Download the JSON file and upload it here

Application Default Credentials documentation

Enterprise setup guide

Identifier	Format	Example	Used For
Project ID	Alphanumeric	`vulndb-486619`	Vertex AI (Veo, Imagen)
Project Number	Numeric only	`373696199768`	NotebookLM API (Discovery Engine)

Total Domains

High Trust

Avg ADQE Score

Total References

Domain	Category	ADQE	Final Score	Boost	References	Trust	Actions
Loading source domains...

Recent Audit Log

Time	Domain	Action	Field	Change	Reason
Loading audit log...

ADQE Scoring & Trust Levels Reference

ADQE Score Components

A - Authority 0-40

D - Disclosure Quality 0-25

Q - Data Quality 0-20

E - Exploitation Intel 0-15

Formula: ADQE = A + D + Q + E (max 100)

Reliability Levels

HIGH (60-100) Government, vendors, CNAs

MEDIUM (40-59) Research, community

LOW (0-39) Unverified, unknown

Trust Levels

High Trust: Official vendor PSIRTs, government agencies (CISA, NIST), verified CNAs. Authoritative for their products.

PoC Source: Domains publishing proof-of-concept exploit code (GitHub, Exploit-DB). Valuable for exploitation intel.

Standard: General security research, news, community sources.

Admin Actions

Boost/Downvote: Manually adjust final score (+/- points). Recorded in audit log.

Edit: Change category, trust level, or add notes.

Rebuild: Re-aggregate reference counts from all sources (NVD, Advisory, GitHub, KEV).

Scoring Weights

Adjust PS-HP and PS-OSS scoring weights. Changes apply on the next data rebuild.

Include ADQE reference confidence in popularity scoring (PS-HP + PS-OSS)

PS-HP Weights

Total: 100%

Simulator

Simulated Score: 0.0

Sample CVEs

PS-OSS Weights

Total: 100%

Simulator

Simulated Score: 0.0

Sample Libraries

PS-HP Evidence Model

Enable Exploit Acceleration Index (EAI) likelihood boost

Total: 100%

Exploit+Ransomware Cap

PoC-Only Evidence Cap

CPE Mapping

Associate canonical vendor/product pairs with CPE vendor/product values to improve CVE matching.

Canonical Vendor

Canonical Product

CPE URI (optional)

CPE Vendor

CPE Product

CPE Type

Notes

Active

Total mappings: 0

Canonical	CPE Vendor/Product	CPE URI	Status	Updated	Actions
Loading...

Platform Logs

Search platform, authentication, ops, and security logs (global admin). For data-updater script output (npm rate limits, progress), use the Execution Logs tab.

Timestamp	Category	Source	Level	Action	Actor	Target	Message
Open this tab to load logs.

Data source health

Cache markers and checkpoint-derived freshness (admin ops API).

Healthy

Stale

Failed

Unknown

Total sources

Runs indexed

Last updated: -

Source	Status	Last success	Age (min)	Records	Watermark
Loading data sources…

Recent runs

Recent entries from allowlisted checkpoint files (limit=50).

Last updated: -

Run ID	Domain	Source	Status	Started	Completed	Duration	Error
Loading process logs…

Run execution logs

Select a run above to load detailed execution logs.

Timestamp	Level	Message
—

Live Log Stream (disconnected)

Source Tail

                        Select a source and press Start to open a live SSE stream from the data-updater container.
                    

Streams supervisord logs from the data-updater container via /api/v1/malware-intel/logs/stream. Max 1000 lines buffered. Global admin only.

Historical execution logs

Tail of process_update.log — npm rate limits, script output. Global admin only.

Time (UTC)	Level	Message
Open this tab to load execution logs.

Malware Evidence Moderation Queue

Open this tab to load the moderation queue.

Flag	Global	Override
Loading...

Authentication Required

Admin Dashboard

CVE public elaboration

Pending Registrations

All Users

Create New User

Reset User Password

Admin Audit Log

AIE Web Scraping Settings

Credential JSON (Reference Upload)

Usage Summary

Slack Workspaces

Event Routing

Outbound Webhooks

Add New Webhook

Slack Delivery Log

API Key Management

Generate New API Key

API Key Generated!

Vertex Gemini Validation

PAI (Internal) Key Management

PAI Key Generated!

API Resources

Data Shield Guard Telemetry

Your API Keys

AI Feedback Review

Section Performance

0-Day Admin Monitoring

Global Settings

NPM Malicious Package Scanner

Recommended High-Risk Packages

Vuln Weekly Pipeline

Select Pipeline Steps

Google Drive Browser

Finding GCP Project ID & Number

ADQE Score Components

Reliability Levels

Trust Levels

Admin Actions

Scoring Weights

PS-HP Weights

PS-OSS Weights

PS-HP Evidence Model

CPE Mapping

Platform Logs

Data source health

Recent runs

Run execution logs

Live Log Stream (disconnected)

Historical execution logs

Malware Evidence Moderation Queue

Feature Flags

Reject Registration

Revoke Access

Create New User

Suspend User Access

Reactivate User Access

Send Email

Reset Password