Report Components
Last updated
Was this helpful?
Last updated
Was this helpful?
Individual reports can be accessed from either the Clients or Reports module. Once a report is selected, users can manage and update it using several tabs: Readout, Details, Narrative, Findings, Assets, Procedures, Artifacts, and Attack Path.
The Readout tab provides access to the Report Narrative, Report Readout column, Findings Overview summary box, and Findings Status box. The Report Readout column has a convenient scrolling feature, making it simple for users to move through the list of findings.
Report narratives can be edited by clicking Edit/Comment or on the Narrative tab.
To view a finding narrative, click the corresponding box in the "Report Readout" column. To edit the finding content, click Edit/Comment.
Click Report Narrative to return to the default report readout view.
The Details tab offers an interface to view and modify the information entered when the report was created. For more detailed guidance on each field and its significance, refer to the Creating a Report page.
The Narrative tab provides an interface for viewing and modifying existing rich-text fields (RTFs), adding new custom sections, or importing from NarrativesDB.
The existing narrative sections can be expanded or collapsed using the arrow at the right of the box.
Visit the Collaborative Editing page for more information about track changes and commenting functionality within the RTFs.
The Findings tab lists all findings associated with a report. It allows users to view a finding and manage and configure it further.
Clicking a finding row launches the findings details side drawer, which provides a snapshot view of the finding and all associated content, assets, and tags.
Bulk action options appear after one or more findings are selected by clicking the checkbox to the far left of the finding row or by clicking the box next to the column header.
Click Actions to see a list of options, such as adding a tag or linking to a priority.
The table view can be customized by clicking the column view icon to the right of the search bar.
Once clicked, a modal appears that lists all fields. To remove a column, click X within the bar.
Fields that are required do not have an X available.
When fields are removed, an "Add Column" pulldown menu is added at the bottom left of the modal to store the field. Any removed fields can be added later by clicking Add Column and selecting the field to add.
This modal represents the sequence of fields provided in the table, meaning the bar on top will be the column on the table's far left.
The order of the columns can be adjusted in this modal by clicking the six dots on the left side of a field's bar and dragging it to the preferred sequence position.
Click Save when finished.
The Assets tab displays all assets in the report that are linked via a finding. Assets are not added to a report directly; they only exist within a report when they are part of a finding that has been added to the report.
Visit Adding Assets for more information.
Bulk action options appear after selecting one or more assets by clicking the checkbox to the far left of the asset row or by clicking the box next to the column header.
Click Actions to see the options available, such as adding a tag to an asset or linking to a priority.
The table view can be customized by clicking the column view icon to the right of the search bar.
This tab streamlines the creation and management of procedures within reports, offering greater flexibility and efficiency. Users can view and create procedures on the fly directly from a report and add existing procedures from any repository, including their runbooks database.
A side drawer feature also enables quick procedure review, enhancing workflow efficiency.
The Tactics coverage tab allows users to review tactics coverage, providing a more holistic view of security posture.
The table view can be customized by clicking the column view icon to the right of the search bar.
The Artifacts tab provides a dedicated space to load and associate additional information with a report. This functionality allows for the inclusion of various artifacts, such as registry keys, files, time stamps, and event logs, which can provide context and support the findings and conclusions presented in the report.
The Attack Path tab visually represents the tactics, techniques, and procedures (TTPs) employed in a simulated attack, as discussed in the report. This tab offers a flexible and interactive interface that allows users to manipulate and sequence the attack path as desired.
This visual representation helps stakeholders understand the attack methodology and visualize how an attacker could exploit system vulnerabilities.
More information about a finding can be accessed by clicking the eye icon within a box to pull up the Finding Details page as a side drawer.
The report log documents when a report was last imported and what new findings were added.
Step 1: From the Reports module home page, click the row of the report to view or Readout.
Step 2: From the Findings tab, click Report Logs.
Step 3: A dialog box asks to select the import date and time. Select the desired time recorded in Universal Time (UTC).
Step 4: A list of findings added is displayed.
