Interactive Deep Lab: AI Incident Intelligence Dashboard

Information System Management Interactive Lab

AI Incident Intelligence Dashboard Studio

Students act as a crisis analytics cell for a national digital-service outage. They convert fragmented reports, event logs, source credibility scores, and recovery decisions into a management-ready incident intelligence dashboard.

Duration: 120–150 minutesNative Python runnable labTest with Wireshark / Postman / n8n

Auto-start Worker Lab Runtime

When this page loads, it automatically calls the Cloudflare Worker runtime for this topic. Students can immediately test the online API in the browser, Postman, or n8n. The downloadable native Python version remains available for local execution and Wireshark loopback capture.

Live runtime status

Starting Worker runtime…

Running endpoint diagnostics…

Start / health API Open live data endpointWorks with Postman + n8n HTTP Request

Native Python Testing Kit

Run the lab locally with Python only, then validate it using Postman requests, n8n automation, and Wireshark traffic evidence.

README / run guide Local Postman collection Online Worker Postman Local n8n workflow Online Worker n8n Wireshark filters

Learning outcomes

Outcome 1:Separate operational facts, uncertain claims, and executive assumptions during an incident.Outcome 2:Map incident evidence to service impact, ownership, risk, and response priority.Outcome 3:Design dashboard widgets that support management decisions rather than visual decoration.Outcome 4:Apply AI-assisted summarisation with traceability, source scoring, and human approval gates.

0% checked

Instructor toolkit

Roles

Incident commander, service owner, evidence analyst, dashboard designer, communications reviewer.

Free tools

Google Sheets/LibreOffice, Looker Studio/Metabase, Mermaid, browser research, optional local LLM.

Core artifacts

Evidence register, service impact matrix, timeline, dashboard storyboard, executive summary.

Management lens

Prioritisation, accountability, communication quality, risk acceptance, auditability.

Hands-on station board

Run in teams

25 min

1. Crisis intake and source triage

Station 1

Build the first evidence register from noisy public and internal claims.

Classify each claim as confirmed, likely, disputed, or unknown.
Assign source type: government, vendor, media, social, internal operations, or academic.
Score credibility from 1–5 using authority, recency, specificity, and corroboration.
Write one AI prompt that asks for a summary but forces citation of claim IDs.

Evidence:Evidence register with at least 10 claims, credibility score, and decision status.

30 min

2. Service impact model

Station 2

Translate technical symptoms into affected service, citizen/business impact, and owner accountability.

Create a service map: service, users, data sensitivity, owner, dependencies.
Estimate impact severity using population affected, legal exposure, and recovery complexity.
Mark dashboard KPIs that an executive should see every 15 minutes.
Identify which KPI could be misleading without context.

Evidence:Impact matrix and dashboard KPI rationale.

35 min

3. AI-assisted timeline reconstruction

Station 3

Use event fragments to reconstruct a defensible incident timeline.

Normalize all timestamps and identify missing intervals.
Group events by detection, containment, eradication, recovery, and communication.
Add confidence labels to each timeline entry.
Draft an executive incident narrative with unsupported claims removed.

Evidence:Timeline with confidence labels and a one-page incident narrative.

30 min

4. Dashboard decision review

Station 4

Defend the dashboard before a mock steering committee.

Explain which decisions the dashboard enables: allocate budget, prioritize recovery, communicate risk, or escalate.
Show three widgets: service health, evidence confidence, and response backlog.
Document what humans must approve before AI-generated text is used externally.
Record two dashboard failure modes and mitigations.

Evidence:Dashboard storyboard, governance notes, and steering-committee defense.

Mini incident dataset for classroom simulation

ID	Signal	Service	Confidence	Management action
E01	Authentication latency rises above baseline	Citizen portal	High	Prioritize identity dependency check
E02	Media reports immigration service disruption	Immigration	Medium	Verify with internal owner before public statement
E03	Backup restore estimate changes twice	Core infrastructure	Low	Escalate uncertainty and request recovery evidence
E04	Vendor advisory mentions ransomware pattern	Data center	Medium	Map to containment checklist
E05	Manual workaround created at airport desk	Border service	High	Track business continuity capacity

Copy-ready lab assets

Dashboard metric formula

Priority Score = (Impact x 0.4) + (Urgency x 0.3) + (Confidence Gap x 0.2) + (Public Exposure x 0.1)

AI prompt pattern

Summarize claims C01-C10 for an executive. Use only provided claim IDs. Mark unsupported statements as UNKNOWN. Output: risk, evidence, decision needed.

Self-check quiz

1. Which dashboard widget best supports executive decision-making?

Management dashboards should connect evidence to ownership and action.

2. What is the biggest risk of AI summarisation during an incident?

The lab requires confidence labels and human approval to prevent false certainty.

Assessment rubric

Evidence discipline

25%

Claims are traceable, scored, and uncertainty is visible.

Dashboard usefulness

30%

Every widget supports a named management decision.

Incident reasoning

25%

Timeline, service impact, and recommendations are coherent.

Governance

20%

AI use has approval gates, limitations, and audit notes.

Student deliverables

✓Interactive dashboard or storyboard
✓Evidence register spreadsheet
✓Executive incident brief
✓AI prompt and validation log
✓Peer-review notes

Deep lab purpose

This is no longer a short reading activity. It is a full studio-style hands-on lab. Students do the work of an incident intelligence team: collect evidence, challenge weak sources, model business impact, build dashboard logic, and defend decisions to management.

Scenario

A major public digital-service outage affects identity, immigration, education, and citizen-facing services. Information arrives from operational logs, media reports, vendor statements, internal updates, and social channels. Some claims are true, some are incomplete, and some are repeated without evidence.

Students must design an AI-supported incident intelligence dashboard that helps leaders answer four questions:

What is affected?
What evidence supports that conclusion?
What decision is needed now?
What should not be said publicly yet?

Native Python + tool testing requirement

Students must run the provided native Python dashboard API, test the endpoints in Postman, automate a health/KPI check in n8n, and capture HTTP evidence in Wireshark. The lab is considered complete only when the team can show API output, dashboard logic, Postman responses, and packet-level request/response evidence.

Required student artifacts

Evidence register with source credibility scoring.
Service impact matrix with owner, users, severity, and dependencies.
Timeline reconstructed from uncertain and confirmed signals.
Dashboard storyboard or working prototype.
AI prompt log showing how generated summaries were checked.
Executive incident brief with recommendations and limitations.

Lab depth extension

For a 3-hour session, require each team to add:

a risk heat map,
a backlog of incident-response actions,
an executive communication approval workflow,
a post-incident improvement plan,
and a short audit trail explaining why each dashboard metric exists.

Instructor facilitation notes

Push students away from decorative dashboards. Every chart must answer a management decision. If a widget does not change a decision, students must remove it or justify it.

Ask these challenge questions during review:

Which metric could create panic if misunderstood?
Which claim has the highest impact but weakest evidence?
Which recovery update requires human approval before publication?
Which service owner should be called first, and why?
What would the dashboard hide from executives if it only used technical logs?

Assessment emphasis

Strong submissions show disciplined source handling, clear decision logic, and honest uncertainty. Weak submissions look visually polished but fail to connect evidence to action.