The console module provides invaluable resources to an analyst for acting on threats to an organization and is structured to allow the analyst to make quick and informed decisions based on information available to the system. An example of a console module (dashboard) is shown in FIG. 22. In FIG. 22, the dashboard 1000 may display a chart 1010 of all clusters 1015 from the cluster module. Each cluster 1015 may be plotted according to the days since the last report, as well as the average credibility score of all users in the cluster, though other graph dimensions are contemplated. The clusters 1015 displayed in the chart 1010 may be limited based on size and age, as defined by the user. For example, the chart 1010 may only display clusters 1015 that are larger than 1 report and that are active within the last month. Each cluster 1015 may also be presented as a shape having dimensions that correlate to additional cluster information. For example, each cluster 1015 may be a circle having a relative size based on the number of messages assigned to the cluster, and a color associated with a severity. In this respect, an analyst may quickly glean which clusters pose the biggest threat. For example, a larger cluster with a higher average credibility rating may take precedence over a smaller cluster with a lower average credibility rating. Each cluster 1015 may also be clickable, such that when clicked additional information about the messages assigned to the cluster is displayed in a cluster summary. Each cluster 1015 may also present additional information to the user upon hovering over the cluster 1015. This information may include the highest priority of any matched rule, the number of reports in the cluster, the average Reporter Reputation Score (averaged over all reporter scores in that cluster), whether the reports contain any URLs or attachments, reputation score, and age of the cluster.
