Generate a report
- Go to the Inventory.
- Click on Export.
Pick the report of your choice. Several types of reports can be generated, depending on your needs:
- the PDF dashboard provides executive information;
- CSV reports provide detailed information.
The exports are generated on the filtered perimeter displayed in the Inventory view: if you enable filters, the exports will be generated on the assets matching the filters.
The exports are generated in a background task, and trigger an alert when their generation is complete. You can download their result by viewing the alerts with the bell icon on the top right corner of every page, or from the Exports history accessible from the lateral bar in section Reports.
Export configuration
In the Export Settings section in Administration/Customization, it is possible to configure exports:
Send exports by email
: This option allows you to define whether an email is sent during the generation of a new export. This sending requires configuring an SMTP server in Cyberwatch. The default behavior is sending an email.Authenticate access to exports from an email
: This option allows to require authentication of the user to be able to access an export whose link is sent by email. The default behavior is to be able to access exports without authentication.
Format of the CSV exports
By default, CSV exports are tuned for maximum compatibility with Microsoft Excel: they are encoded in UTF-16LE and have a metadata line for explicitly specifying the separator, so that Excel open them correctly independently of its region.
The Excel compatibility mode however has a few drawbacks: UTF-16LE roughly doubles the size of exports and is unusual outside the Windows world, and the metadata line is undesirable for CSV readers other than Excel.
To generate CSV exports encoded in UTF-8 and without metadata, you can disable the Excel compatibility mode from the administration console, menu Configurations, tab Customization. This format is more suitable for consumption by data processing scripts, but may require manual settings when opened from Microsoft Excel.
Format of the JSON exports
The JSON exports provide an alternative output for the data feed used for constructing the Elasticsearch indexes. This data is mainly meant for computing statistics and generating reports or dashboards.
The generated files contain one JSON document per line, as is commonly used for importing data into data lakes such as Google BigQuery.
Schedule a periodic export
The creation of a scheduled export requires the Administrator role. This allows you to select the e-mail address of a Cyberwatch user, or to select an external e-mail address (or mailing list) following the creation of a robot accounts.
Any export can be made periodic from the Exports history by clicking button Make recurrent at the right of every row in the history.
The start date specifies the day the export should be first generated on, and is the basis for computing the next occurrences: if the start date is on a Monday and the export is weekly, then the export will be triggered every Monday.
Automatic exports are downloadable by the same means as manual exports: from the alerts, from the exports history, or by e-mail when SMTP is configured. By default, the e-mail sent contains a link to the export, it is however possible to choose to receive it as an attachment (if its size does not exceed 5 MB) by checking the appropriate option.
Scheduled exports are generated every planned day at around 5 a.m. UTC (this may change in the future).
Scheduled exports can be modified or canceled from page Scheduled exports, accessible by clicking Scheduled exports at the top right corner of the exports history. The export generation parameters, including the filters, are not editable: you need to delete the scheduled export, manually generate a new one, and make it recurrent. Note that deleting a scheduled export does not delete its past exports in the history.
MITRE ATT&CK matrix
Exporting the MITRE ATT&CK matrix will open a new tab.
This tab will contain the MITRE ATT&CK matrix, colored according to the attack techniques and patterns present in the CVEs of the assets defined by the filter chosen in the inventory. The CAPECs (Common Attack Pattern Enumeration and Classification) present will influence the level of coloring of the matrix according to their presence.
The matrix displays the different categories (“Tactics”) of the “Enterprise” layout available at this link.
The matrix generated is interactive, meaning that changing the filter on the Cyberwatch interface (e.g., by selecting another group) will directly modify the matrix without the need to refresh the page or regenerate the export.