# Track Remediation Progress ## Workflow Tracking a remediation in progress can be accomplished in multiple areas. In this workflow example we'll focus on two areas: the [Dashboard](/technical-documentation/epiphany-workflows/technical-analysis/create-an-analysis-focused-dashboard/example-analyst-dashboard.md) and the [Risk Explorer](/technical-documentation/epiphany-workflows/technical-analysis/attack-path-management/select-a-remediation-recommendation.md). For this Epiphany-specific process we'll use the following workflow: 1. View a dashboard in Epiphany. 2. Check the Status and Modified information on the dashboard components. 3. Confirm the change within the attack path. ### The Dashboard Epiphany's dashboards include multiple components that track changes in the environment. The most common one is the Attack Path component called [Top Recommendations](/technical-documentation/epiphany-workflows/technical-analysis/create-an-analysis-focused-dashboard/attack-path-widgets.md). This component is the easiest way to track changes to attack paths as they represent the relationships that are causing the most risk to your organization. ![The Top Recommendation component.](/files/CY4Sqi5rqN2AeJISqM9h) The Top Recommendations component will adjust over time depending on what happens to the relationship as your environment changes. The key statistics you will want to observe are: * **Modified.** This is when a change last occurred to this relationship across your organization. With identities this can be more frequent than a patch being applied to a vulnerability. * **Status.** This is the ticketed status of the recommendation. By default a status of *Open* is used to indicate that it is an open issue waiting resolution or acceptance. * **Paths Broken.** This represents the current number of paths that can be broken by taking this action. This number can change each time Epiphany ingests data. * **Footholds Resolved.** This only appears if this change is the last recommendation to completely remove a device from exposure. For example, the last vulnerability exploitable by an attacker on a device or a change to a firewall rule that breaks access to the device completely. ### The Risk Explorer In the Risk Explorer, you can track changes to both the recommendations as well as the relationships within the specific attack path. The best location is in the [Top Recommendations](/technical-documentation/epiphany-workflows/technical-analysis/attack-path-management/select-a-remediation-recommendation.md#toprecommendationsselection) component on the path canvas. ![The Top Recommendations tool. ](/files/WedDyQd90yCb6Eka6Al9) Like the dashboard component, the path-based recommendation engine tracks changes to relationships. The only difference is that these changes are focused solely on this specific attack path. ### Threat Check Report The last place you can confirm a change to your attack paths is by looking at the output of your latest Threat Check report. On its Executive Summary, you can look at your key metrics to see the changes from the last time the report was generated. ![Key Metrics in the Threat Check Report. ](/files/pO27J30U4RSnkEi2mPqc) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/epiphany-workflows/technical-analysis/attack-path-management/track-remediation-progress.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.