tangate docsDashboard User Guide
The Tangate dashboard is a standalone HTML application that runs in your browser and connects directly to your S3 output bucket using the AWS SDK for JavaScript. No server or Lambda function is required.
Accessing the Dashboard
Download the dashboard HTML from the URL in your CloudFormation stack outputs:
curl -o dashboard.html "$(aws cloudformation describe-stacks \
--stack-name deckard \
--query 'Stacks[0].Outputs[?OutputKey==`DashboardDownloadUrl`].OutputValue' \
--output text)"
Open the file in your browser. You will be prompted for:
- Access Key ID — from the
DashboardAccessKeyIdstack output - Secret Access Key — from the
DashboardSecretAccessKeystack output - Bucket Name — your output bucket (
deckard-out-{instance-id}) - Region — the AWS region your stack is deployed in (default:
us-east-1)
Credentials are stored in your browser's localStorage for session persistence. The IAM user has scoped permissions — it can only read/write the specific S3 keys the dashboard needs.
Overview Page
The Overview page shows a summary of your Tangate deployment at a glance:
- Blocked counts — Number of blocked IPs, CIDRs, user agents, and query patterns in the current blocklist
- Blocklist version — Version hash and generation timestamp of the current blocklist
- Instance ID — Your Deckard instance identifier
- Last analysis run — Timestamp of the most recent analysis pipeline execution
The page auto-refreshes every 60 seconds to keep the data current.
Active Blocks
The Active Blocks page displays all entries in your current blocklist, organized in tabs:
- IPs — Individual blocked IP addresses
- CIDRs — Blocked IP ranges in CIDR notation
- User Agents — Blocked user agent string patterns
- Query Patterns — Blocked query string patterns
Each tab supports search and filter to quickly find specific entries.
Each entry has a one-click whitelist button that adds the entry to your local whitelist. Whitelisted entries will be excluded from blocking on the next analysis run.
My Rules
The My Rules page lets you manage your local rules file (local-rules.json). You can add and remove entries in two categories:
Whitelist
Add entries to prevent them from being blocked, regardless of threat intelligence or AI analysis:
- IPs — Individual IPs or CIDR ranges (e.g.,
203.0.113.42,198.51.100.0/24) - User Agents — Partial string matches (e.g.,
OurMonitor/1.0) - Query Patterns — Partial string matches
Blocklist
Add entries to block immediately, supplementing Tangate's rules:
- IPs — Individual IPs (e.g.,
192.0.2.100) - User Agents — Partial string matches (e.g.,
KnownBadBot/) - Query Patterns — Partial string matches (e.g.,
eval(,UNION SELECT)
Changes take effect on the next hourly analysis run. The analysis Lambda reads local-rules.json from S3 and merges it with the current ruleset.
Decision Log
The Decision Log page lets you browse AI analysis decisions from the last 7 days.
- Decision files are grouped by date
- Click any file to view the full JSON with syntax highlighting
- Each decision includes the action (BLOCK/ALLOW), reason, source (AI analysis or rule match), and confidence score
Decision log files are stored at s3://{bucket}/deckard/decisions/{date}/{timestamp}.json.
Settings
The Settings page provides controls for:
Sampling Rate
Adjust the AI analysis sampling rate using a dropdown with these presets:
| Setting | Effect |
|---|---|
| 100% | Analyze all suspicious IPs (default) |
| 75% | Analyze 75% of candidates |
| 50% | Analyze 50% of candidates |
| 25% | Analyze 25% of candidates |
| 10% | Analyze only the top 10% of candidates |
| 0% | Disable AI analysis entirely (rule-based only) |
Selecting 0% displays a confirmation dialog warning that AI analysis will be disabled entirely. At 0%, Tangate operates in rule-only mode using threat intelligence and your local rules.
Candidates are sorted by request count before sampling, so at lower sampling rates, the highest-traffic (most suspicious) IPs are still analyzed first. See AI Configuration for details.
The sampling rate change takes effect on the next analysis run — no redeployment needed.
API Key Rotation
The Settings page includes guidance on rotating your AI API key. Because the key is stored in AWS Secrets Manager, rotation is done through the AWS console or CLI:
- Generate a new key from your AI provider's dashboard
- Update the secret in AWS Secrets Manager (
deckard/ai-api-key) - The analysis Lambda picks up the new key on the next run
The dashboard does not have access to Secrets Manager. This is by design — the dashboard IAM user has only the minimum S3 permissions needed.
How It Works
The dashboard is a single HTML file that uses the AWS SDK for JavaScript (loaded from the AWS CDN) to read and write S3 objects directly. There is no server, no Lambda, and no API Gateway involved. All operations are S3 GetObject, PutObject, and ListObjectsV2 calls authenticated with the scoped IAM credentials.
Next Steps
- Rules and Blocklists — Understand the rules system in depth
- AI Configuration — Configure AI providers and sampling
- Troubleshooting — Common issues and solutions