In my head, and im a newbie at this - the dashboard would be your SIEM or event correlator (like Splunk) - assuming the dashboard is just info gathered from each fleet. The fleet runs query packs, or the clients run local packs and send to fleets, whom then aggregate up to a central "something" that can take the data