Control Review — before/after for an applied control

Control Review — policy-bot-block-1 · www.example.com · window ending 2026-04-01 → 2026-04-08

Effectiveness review across 1 metric for policy-bot-block-1, comparing the after-window against the expected baseline.

Comparison window
2026-04-01 00:00 → 2026-04-08 00:00 UTC
vs 2026-03-25 00:00 → 2026-04-01 00:00 UTC
Executive summary

What this report says

Overshoot vs expected on SIEM blocked requests for policy-bot-block-1 (absolute delta +180.00 vs expected; +180.00% vs expected).

Movement compared against the expected baseline. Per-metric direction and magnitude appear in the effects table below. Expected basis: explicit target. Side-effect checks: 1 collateral check moved and 1 displacement check moved.

Recommended action Investigate the magnitude before letting the control ride; consider rolling back or tightening if side effects are material.

Movement is descriptive, not causal — concurrent changes can confound the read. Collateral or displacement deltas are unavailable; side-effect magnitude cannot be quantified from this evidence alone.

Target of this control

policy-bot-block-1

Before
2026-03-25 00:00 → 2026-04-01 00:00 UTC
After
2026-04-01 00:00 → 2026-04-08 00:00 UTC
Expected basis window
2026-03-25 00:00 → 2026-04-01 00:00 UTC
Expected basis
Explicit target
Effect detail

Control before / after / expected

SIEM blocked requests before 90 after 280 expected 100 status Increased · confidence high
Target effects

Before / after / expected by metric

Metric Before After Expected Δ vs expected % vs expected Status Confidence
SIEM blocked requests 90.0 280.0 100.0 +180.00 +180.00% Increased high
Collateral checks

Adjacent populations

Metric Before After Δ % change Status Confidence
429 rate 0.4 2.1 Increased
Displacement checks

Displacement to substitute paths

Metric Before After Δ % change Status Confidence
Total requests 1200000.0 1100000.0 Decreased
Method & caveats

What this report is and isn't

Rule-based scorecard for Www.example.com · , built from mechanical features only, compared against post change vs expected. It reports what was measured, not why. Missing feature inputs are reported as such — they are not scored as safe.

Schema, source table, and constraints
Schema
bot_control_review.v1
Comparison
Post change vs expected
Tenant / database
Www.example.com ·
Table
bi_siem_policy_summary_day
Constraints
Control effectiveness review; No causal claim without external change evidence; LLM may summarize structured evidence only
Confidence reasons
Baseline window has enough rows; Comparable windows available; Current window has enough rows; Granularity matches comparison; Dimensions fit retained schema; Summary table used
Orientation — what this report measures
What this measures

Compares the after-control window against an explicit before window (or external baseline) for the entities targeted by the control.

How to read the score

Per-metric direction and effect size, plus collateral and displacement checks for adjacent populations.

  • escalate · 0–40
  • monitor · 40–70
  • observe · 70–100
What this can't say

Cannot claim the control caused the movement without external change evidence. Concurrent changes can confound the result.