Reporting
This doc applies only to the Vulnerability Management engine, released April 20, 2022. Make sure you are using the correct documentation: Which Scanning Engine to Use
Introduction
Use the Vulnerability Reporting interface to schedule asynchronous reports about detected runtime vulnerabilities along with package and image data.
Here you can:
- Create a report definition
- Schedule its frequency
- Define notification channel(s) in which to receive the reports (email, Slack, or webhook)
- Preview how the data will appear (optional)
- Download the resulting reports in
.csv
,.json
, or.ndjson
Create a Report Definition
Log in to Sysdig Secure with Advanced User or higher permissions, and select
Vulnerabilities > Reporting
.The Vulnerabilities Reporting list page is displayed. If you have previously created report definitions, you can click one to see the details.
Click
Add Report
. The New Report page is displayed.Define the report basic info:
- Name
- Description
- Export format: .csv, .json, or .ndjson
- Scope: Entire infrastructure or subset from the drop-down menu
Optional: Add Conditions from the drop-down if you want to filter the items reported on.
For example, you might want a report of all vulnerabilites with a
Severity >= High
, and for which aFix
isAvailable
.The available conditions include:
- Vulnerability ID
- Image name
- Package name
- Package version
- Package type
- Severity
- CVSS score
- CVSS vector
- Vuln publish date
- Vuln fix date
- Fix available
- OS name
Define the Schedule (frequency and time of day) that the report should be run.
Note: The schedule determines when the report data collection begins. As soon as evaluation is complete, you will receive a notification in the configured notification channels.
Notification Channel: If you have configured them, you can use
email
,Slack
, orwebhook
notification channels, and they will appear in the drop-down. Since reports are typically large, the actual data is not sent to the notification channel; you receive a link to download it. You must be a valid Sysdig Secure user (Advanced User+) to access the link.Data Preview: Click
Refresh
to apply the configuration you’ve chosen and pull up on the center bar of the Data Preview panel to see sample results.Click
Save
.
Manage Reports
View and Edit Report Definition
Select an entry in the Reporting list to see the detail panel.
Click
Edit
to change the report definition parameters. You can also access this panel from the kebab (3-dot) menu.Make your edits, click
Refresh
to see the Data Preview, andSave
.
Download Reports
From the Reporting list, the latest report download link appears in the Download column.
To see older reports, select an entry in the Reports list to open the detail panel and select from the report download list.
The report will be downloaded in the format you defined; the file is zipped (.gz) – double-click to unzip and view.
Generate Report Manually
- Select an entry in the Reporting list to see the detail panel.
- Click
Generate Now
. A Scheduled entry will appear. Within 15 minutes or so it will change to Completed and you can download the manually generated report.
Duplicate a Report Definition
- Choose the kebab (3-dot) menu for a scheduled report.
- Click
Duplicate
.
Report Definition Retention
The scheduled and manually created reports are retained for 14 days.
Delete a Report Definition
Be sure to download any needed reports before deleting the definition.
Choose the kebab (3-dot) menu for a scheduled report.
Click
Delete
, clickYes
when prompted.The report definition and all associated reports are deleted.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.