Reports are the collection of data based on the specific Query, Group By, and Columns configured.
Overview
A report within the NopSec platform is the specific combination of a Query, Group By, and Columns. It's output is a Report Table, visualized in the User Interface or provided as CSV (Comma Separated Values) file.
Use Case
Each report is the set of data you would like to view in a table format. It sets the specific query to find the specific data you are looking for, then based on the Group By determines which columns are available for you to view, and finally the user decides which columns to keep in the report table.
This is the primary way of finding data within the platform. Create a query, explore the data set, update the query by adding or removing filters, switch between Targets, Vulnerability, or Vuln Instances and add or remove columns. Once you find and configure the specific view you like to analyze the data you have found you can save that configuration as a Report.
Query
We go into querying in depth in a different article but the basic principles are that all queries require a set of filters to be applied that will then be queried against all of your client's database. Based on your data access driven by your membership in Teams the results will be filtered to only show you the data you can see based on your query filters.
For example, the simplest query is:
- instance.status = "Open"
This returns all vuln instances that have a status of Open, filtered to only the vuln instances found on Targets you have access to.
Group By
A Report Group By within NopSec drives the columns available for use within your report. In truth, it is the specific backend data source being queried. What this means is that the Target Group By will mostly only have Target related columns available. Similarly the Vulnerability, or Vuln for short, Group By will mostly have vulnerability level (abstracted Vuln) data provided by Scanners. That means that if you'd like your report table to include BOTH target and vulnerability data you will want to use the Vuln Instance Group By.
More importantly, the use of these Group Bys within the User Interface allow for users to quickly pivot their analysis between these three layers. A typical workflow may be:
- What are all of the open vuln instances found within my network?
- Interesting, of those items, what are the vulnerabilities?
- Hmm, what are the targets seen across both?
Columns
Report Tables now allow you to view more columns than previously available. This is a big improvement for those looking to get details quickly without having to click open a details pane. This is also a big improvement for those that needed to create very specific CSV output files but couldn't before. You can now resize columns and reorder them.
As of 9/07, we do not yet support the ability to add or remove columns and then save that configuration, but that is coming by the end of October 23. Once available you'll be able to truly customize your Reports the way you need them to view by saving your configuration into Column Presets. You'll then be able to choose and switch between your presets as needed.
Saving
Saving a report consists of the three items above plus a name.
Example:
- Name: Instances to review first
- Query: instance.status = "Open" and instance.severity = "Critical" and instance.in_plan = false
- Group By: Vuln Instance
- Column: Vuln Instance Preset
By default, all saved reports are only viewable by the creator of that report.
Sharing
As of 9/07/23, we do not support the ability to share your reports. This feature is coming by end of Q4 2023. Users will be able to share their reports with specific users, Teams, or All users.
Exporting Reports
Users may export their reports as a CSV. The CSV will include all columns visible within the Report Table (or set within the Column Preset).
We may support other export formats in the future if there is enough demand.