Purpose

This document describes how to generate and download reports in the new portal interface.

Introduction

After scanning your environment, Vulnerability Reports can be exported for one or more assets. The reporting tools gather all the relevant findings and lets you export them in various formats.

Requirements

It is assumed that the reader has basic access to the OUTSCAN/HIAB account. 

Reports

Vulnerability Reports

Vulnerability Reports can be exported for one or more assets from two places:

  • Assets
  • Findings → Vulnerabilities

These reports contain all vulnerability findings associated with the selected assets.

Compliance Reports

Compliance reports can be exported for one or more assets from two places:

  • Assets
  • Findings → Compliance

These reports contain compliance requirements and their status for the selected assets.

View Templates

View Templates are saved views which includes applications, filters, grouping, and columns. Reports uses View Templates to filter the reports by predefined templates. There are some built in templates but more can be customized by the user. 

For more information, see  View Templates.

Generate Report

From the Assets view:

  1. Select one or more assets.
  2. Click on the Generate report icon located at the bottom right of the view.

    Generate Report


From the Findings→Vulnerabilities view:

You can generate a report by selecting one or more assets in the left Assets pane of the view.

  1. Select one or more assets.
  2. Click on the Generate report icon located at the bottom right of the respective column.

    Generate Report


From the Findings→ Compliance view:

  1. Select one or more assets.
  2. Click on the Generate report icon located at the bottom right of the respective column.

    Generate Report


In any of the above cases, you are prompted with the Generate Report window.

  1. Select the type of the report to be generated and click NEXT

    Note

    Note the optional template for filtering the report.

  2. Here you can re-check the scope for the report. After confirming the scope, click NEXT.


  3. Choose the report format and the level of details and click NEXT

    1. Select how detailed the generated report should be. See Report Levels for more information.

    2. A report can be exported in the most commonly and widely used document formats. 

      The available reporting formats are:

      PDF - This is the most commonly used reporting format.
      Excel - The reports generated using excel format, have a lot of tabular information, which can be useful when reporting information to IT/Security department or similar divisions.
      XML - This format is the default industry standard used for data exchange and integration. The reports generated in XML format are typically used for integration and automation.


      Select if the report should be compressed or if it should be password protected and NEXT.

  4. Choose the report delivery type:

    1. Select  Download to generate a report to be available under the All Downloads button in the right corner of the toolbar. See Download Report for more information.

      Note

      If you select Download, you cannot configure the report schedule.

    2. Select Send by email and enter one or more users to send the generated report by email. 
    3. Select Send to Report Library and enter a name and a tag for the report to save the generated report in the Report Library

  5. Reports can be scheduled for reoccurring delivery by linking a report to an existing schedule or add a new schedule.
    The available options are:

    OptionDescription
    Scheduled report name Provide a name for the Scheduled report.

    Schedule name

    Provide a name for the schedule.

    Time

    Set a time with a timezone when the schedule must be triggered. The time value is saved in UTC (Coordinated Universal Time) and the offset corresponds to the system time in the user web browser and therefore might differ for users accessing the schedule options in different time zones.

    Example: A schedule time set to 10:00 in July (summer time) by a user located in Copenhagen (UTC+2) appears as 09:00 to a user located in London (UTC+1) at the same time.

    Recurrence / Every

    Determines the frequency of the schedule. Select one of the available options in the menu:

    Option       Description
    None
    OnceThe schedule is set to run only once on a select start date. 
    HourSet the recurrence window by providing the Number of Hours.
    Day

    Set the recurrence window by providing the Number of Days in this field. 

    Example: If set to 2, it means that the schedule runs once in every 2 days.

    WeekSelect the days of the week for the schedule.
    MonthSelect the occurrence of days, weekday, day of the month for the schedule.
    YearSelect the day of year for the schedule.
    On these days

    Determines what days of the week the schedule should run. Select one of the available options in the menu.

    Occurrence of the weekday

    Determines occurrence of the selected weekday the schedule should run.

    2,3 - will schedule 2nd and 3rd selected weekday in the month

    Day of the month

    Determines what day of the month the schedule should run.

    4,8,10 - will schedule 4th, 8th, and 10th day of the month

    Starts onSet the start date for the schedule. 
    Ends onSet an end date for the schedule. The schedule becomes inactive after this date.
    Ends after_occurrencesSet the number of occurrences the schedule must be triggered before it becomes inactive.
    Never endsIf set, the schedule never becomes inactive.

    Click NEXT to create the scheduled report. The scheduled reports can be viewed under Automation in the task bar.

  6. Set the time frame for the report.


    The time frame chosen indicates that the report should cover the findings within the selected time frame.

    Example

    When you select Last month, all findings seen in the last month is then included in the report. 


    Choose Custom to select the dates to include the findings found during that period in the exported report.

  7. Click on GENERATE button.


Download Report

The Download Report view presents the list of generated reports that are ready to be downloaded:

To download a report:

  1. Click the All Downloads icon to the upper right of the window.
  2. Select the report you want to download in the list and click the Download icon.

    Download Report

Report Levels

The detail level can be adjusted based on the target recipient of the report. The amount of information varies in each type, thus making each report exclusive depending on the functionality and audience. There are three report levels available:

  • Management
  • Summary
  • Detailed

All Appsec reports contain the following sections:

  • Title page
  • Report information
  • Executive summary


Additionally, depending on the selected report level, the following sections will be included:

Report Type / Report LevelManagementSummaryDetailed
Technical details(no additional sections)Web application summary

Web application summary
Web application details

Title Page

This is the first page of each report with the title and the date when the report was generated:

Report Information

This section contains the generic information about the report:

Executive Summary

The Executive Summary shows the trend information, risk families and solutions. It provides a highly visual overview which is informative and useful to report findings to the top management:

Executive Summary

Trend

Top 10 Findings

OWASP 2017 Top 10

Risk Summary

This section provides the information like, number of findings and their severity, number of virtual hosts discovered, and scanning interval.



Risk Details

This section provides a complete and comprehensive overview of the findings. The reported findings are explained with the help of risk factor, CVSS score, port, description of the vulnerability and information fields:


 Risk Details

Report Library


Note

Report Library view is only available on OUTSCAN. When Send to Report Library option is selected on HIAB, the report is uploaded to your OUTSCAN Report Library.

Click on Report Library on the task bar to open the library, where the generated reports are saved.


Report Library

  • Tags can be added while generating the report. For more information about adding or removing Tags, refer to Common Settings.
  • Click on a report to view its details on the right panel of the window.
  • Click on Table View icon located on top right of the window to switch to table view. Re-click to view grid view.
  • Click on the Upload icon to upload the downloaded reports. You can also drag and drop the reports to upload. 
  • Click on the Download icon on the report to download a saved report.




Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.