Skip to content

Reports — Overview

Reports are summaries of findings in a format suitable for:

  • CISO and leadership — security posture.
  • Compliance audits — evidence for auditors.
  • Customer-facing communication (for MSSPs) — reports to clients.
  • Regulators — for GDPR / SOC2 / ISO27001.

Report types

Type Contents Audience
Executive summary Metrics, trends, top risks — no technical detail Board, CEO, CISO
Technical report All findings with details, recommendations, evidence Security team, IR
Compliance report Evidence-based report for a specific standard (GDPR, SOC2) Auditor, compliance
Customer report (MSSP) White-label report to a client with your branding MSSP customers

Report lifecycle

  1. Created — generated but not yet "frozen" (data may update).
  2. Published — fixed: report contents no longer change, even if new findings arrive.
  3. Exported — exported to a file (PDF/DOCX/CSV).
  4. Archived — old reports move to archive after 1 year.

Scope

Every report has a scope defining what to include:

  • Date — e.g., "last 30 days", "Q2 2026", "specific date range".
  • Severity — e.g., only Critical + High.
  • Detection sources — report on HIBP only, or all.
  • DataSources — by a specific domain or all.
  • Statuses — only new, or include resolved.

One report = one fixed scope. If you need a different scope — create a new report.

How to create

Manually (ad-hoc)

  1. Reports → New Report.
  2. Pick a template (Executive / Technical / Compliance / Custom).
  3. Set the scope.
  4. Click Generate.
  5. The report is ready within seconds — view online or export.

On schedule

See Scheduled Reports.

What's next