scoutPRIME - Reports
B
Written by Benjamin Dewey
Updated over a week ago


Reports Overview

scoutPRIME has the ability to generate reports that you can use or share with others.

Report types:

  • Collection Health Summary - Provides a window into the health of selected Collections. This report displays top-level metrics such as the count of critical/elevated Collections and risk categories represented in each Collection.

  • Association Daily Activity (formerly "Threat Association Daily") - Provides a detailed activity log of added and removed threat associations occurring in 24 hours. You can use this as a baseline data source to review significant threats to your system.

  • Collection Scorecard - Provides an aggregate score for a collection based on several key risk categories.

You can schedule, run, and view report history using the Reports menu. When you click Reports, these options appear on the left: Scheduled Reports, Run Report, and Report History.

  • Scheduled Report - This shows a list of scheduled reports. You can edit the report schedule by clicking the Edit icon. You can schedule a new report by clicking Schedule New Report on the right under the Reports menu.

  • Run Reports - Enables you to run the report once.

Report History - Displays a list of generated reports. You can view a report by clicking it. You can run a report on current data by clicking the Refresh icon. This creates a new report. You can delete a report by clicking the Trash icon. Note: You cannot undo deleting the report. It is permanently deleted.


Running Reports

To run ad-hoc reports, follow these steps:


1. From the navigation bar, click Reports.

2. Select Run Report from the left-hand navigation.

3. You can run various types of reports, including:

  • Collection Health Summary

  • Threat Associations Daily Activity

  • Collection Scorecard

Each type of report will require you to select different settings.

4. After you have made the respective selections for the type report you want, click Run Report.

To learn more about each of the report types, see: Managing Reports

5. A screen will confirm that the system is processing your request for creating a report.

6. After a few seconds, a PDF of the report will display on the screen. You can choose to download or email the report from the icon on the top right.

NOTE: Threat Association Daily Activity reports are emailed when ready because of the file size.


Scheduling Reports

You can set up a report to run on a daily, weekly, monthly, or custom schedule. Scheduled reports also appear in the Report History after they have run.


1. From the navigation bar, click Reports.

2. Click Scheduled Reports from the left-hand navigation.

  • Enter a Schedule Name (mandatory)

  • Select the Report Type

  • Set the Frequency

  • Specify an End Date

  • Choose Recipients to receive the report

  • Finally, click Schedule Report

    NOTE: The newly scheduled report appears on the Scheduled Reports page. You can edit the Report Schedule by clicking it in the Scheduled Reports list and clicking the Edit icon.


Managing Reports

Collection Health Summary Report

The Collection Summary report provides a window into the health of selected Collections.

You can schedule, run, and view report history using the Reports menu.

The Collection Health Summary report displays top-level metrics such as the count of critical/elevated Collections and risk categories represented in each Collection.

Severity and Risk Categories


A Collection becomes elevated or critical (TIC score ranging from 50-100) when threats are associated with Elements in the Collection. Each threat association falls into one of twelve risk categories.

Compare the health of selected Collections by viewing the number of threats associations in each risk category via the Risk Category table.

Running the Collection Health Summary Report Manually


1. From the menu bar, click Reports.


2. From the left-hand navigation, select Run Report. The Run Report screen appears.

3. Select Collection Health Summary from the Select a report type drop-down menu.

4. Select one of the following options under Select collections to include in this report:

  • Collections by TIC - Includes collections by TIC in descending order.

  • Collections by Threat Association Count -Includes collections in descending order by threat association count.

  • Assigned - Includes collections assigned to the current user in TIC descending order. Custom - Choose specific collections from this workspace.


5. Under Collection Severity, check the Only Include critical and elevated collections option to limit the report to collections that have Critical or Elevated status.

The report is limited to 250 Collections.


6. Click the RUN REPORT button to run the report. A PDF of the report will be generated for review and download.

Association Daily Activity Report (formerly "Threat Association Daily Activity")

The Associations Daily Activity report is a detailed log of added and removed threat associations occurring in 24 hours.

You can use this as a baseline data source to review significant threats to your system. You can schedule, run, and view report history using the Reports menu. The Association Daily Activity report is generated as a comma-separated values (CSV) file that you can view using any spreadsheet or other appropriate application.


The report has the following fields:

  • ASN: The autonomous system number (ASN) for the IP address

  • Collection: The Collection to which the threat association belongs

  • ASN Owner: The owner of the ASN

  • CIDRv4/CIDRv6: The classless inter-domain routing (CIDR) number

  • CIDR Owner: The owner of the CIDR

  • Element: The Element number

  • Type: Possible values are IPv4/IPV6, FQDN, or CIDRv4/CIDRv6

  • Status Change: Possible values are Active or Inactive

  • Latitude: The latitude of the threat

  • Longitude: The longitude of the threat

  • Threat: The Threat description


Running the Association Daily Activity Report Manually


1. From the navigation, click Reports.


2. From the left-hand navigation, select Run Report.

3. Select Association Daily Activity from the Select a report type drop-down menu.

4. Select one of the following options under Select collections to include in this report:

  • All - Includes all collections in this workspace.

  • Assigned - Includes collections assigned to the current user.

  • Custom - Choose specific collections from this workspace.

5. Click the Run Report button to generate the report. Then, click OK on the confirmation window to have the report emailed to you.

Scheduling to Run Automatically

You can use Schedule Reports to run Threat Association Daily Activity Reports automatically at regular intervals.

Collection Scorecard Report

The Collection Scorecard report provides detailed information about a single specified collection based on several key risk categories.


Running the Collection Scorecard Report Manually


1. From the navigation, click Reports.


2. From the left-hand navigation, select Run Report.

3. Select Collection Scorecard from the Select a report type drop-down menu.

4. Select the collection that you want to appear in the report from the Select Collection drop-down menu.

5. Click the Run Report button. You will be prompted to download the report in PDF form.


Scheduling to Run Automatically

You can use Schedule Reports to run Collection Scorecard Reports automatically at regular intervals.


Related Content


Did this answer your question?