Exporting asset reports

Strobes allows you to export assets reports in various formats. To export a report, navigate to the Asset Management page and click on the Actions button in the toolbar. Once you have exported the report, it will be available for download under the 'Reports' section.



You can export the report in the following formats:

  • Assets CSV Report
  • Assets Risk Report
  • Assets Overview Report

Assets CSV Report : Using the 'Export Assets CSV' option, you can download your assets in a CSV format. By default all your assets will get downloaded, but if you only need to download a select few assets (e.x Network Assets only), you can apply filters and then download only the assets that you require. More about how to apply filters here. The downloaded file will have the following information:

  • The 'Asset Id' which was assigned by Strobes when the asset was onboarded onto the platform.
  • The 'Name' of the asset which was given while onboarding the asset onto Strobes. More about onboarding assets here.
  • If the asset is exposed or not.
  • The type of asset. More about 'Assets Terminology' here.
  • The 'IP Address' associated with the asset (incase of a network asset).
  • The 'Hostname' if it was provided while onboarding the asset onto Strobes.
  • The 'MAC Address' if it was provided while onboarding the asset onto Strobes.
  • The 'Operating System Information' if it was provided while onboarding the asset onto Strobes.
  • The 'Target' information. 'Target' in terms of Strobes means the web/mobile/network/code or the cloud asset against which scanning will be done.
  • The 'Organization Id' which has been assigned to your organization by Strobes. 

An exported 'Assert CSV' report looks as follows:

mceclip2.png

Assets Risk Report : Strobes assigns a 'Risk Score' to the assets onboarded based on several factors. 'Risk Score' can range anywhere between 0 to 100. Using the 'Export Assets Risk Report' option, you can download the risk report for your assets as a CSV report. By default the risk report will include all your assets, but if you need the report for a select few assets (e.x Network Assets only), you can apply filters and then download the risk report for the assets that you require. More about how to apply filters here. The downloaded file will have the following information:

  • The 'Asset Id' which was assigned by Strobes when the asset was onboarded onto the platform.
  • The 'Name' of the asset which was given while onboarding the asset onto Strobes.
  • The 'Current Risk Score', meaning how much risk does the said asset carry at the time of exporting the Risk report.
  • The 'Highest Risk Score', meaning what was the most risk that the said asset has carried so far since it got onboarded onto Strobes and vulnerabilities have been logged against it.
  • The 'Lowest Risk Score', meaning what was the least risk that the said asset has carried so far since it got onboarded onto Strobes and vulnerabilities have been logged against it.

An exported 'Asset Risk Report' looks as follows:

mceclip3.png

Assets Overview Report : The 'Assets Overview Report' contains the number of vulnerabilities and their prioritization score against the assets in your organization. Strobes assigns a 'Prioritization Score' for every vulnerability that has been logged against your assets. Prioritization score can range anywhere between 0 to 1000. Usually it goes as follows:

  • A Prioritization score between 900 and 1000 means that the vulnerability needs to be fixed on top priority and the 'SLA' for these kinds of issues is usually 1-2 days which is widely accepted in the industry. More about how to configure the 'SLA Policy' for your organization here.
  • A Prioritization score between 750 and 900 means that the vulnerability carries a high risk and the SLA for these kinds of issues is usually between 1-2 weeks which is widely accepted in the industry.
  • A Prioritization score between 550 and 749 means that the vulnerability does not carry much risk on its own but has the potential to lead to any unforeseen problems when chained with any other vulnerabilities. The SLA for these kinds of issues is usually between 1-3 months or usually they are picked up to be patched during a sprint.
  • A Prioritization score of less than 550 means that the vulnerability carries very little to no risk to the application. It usually indicates missing security best practices.

Using the 'Export Assets Overview Report' option, you can download the overview report for your assets in a CSV format. The overview report will only contain the assets against which vulnerabilities have been logged. If you need the report for a select few assets (e.x Network assets only), you can apply filters and then download the report for only the assets that you require. More about how to apply filters here. The downloaded file will have the following information:

  • The 'Asset Id' which was assigned by Strobes when the asset was onboarded onto the platform.
  • The 'Name' of the asset which was given while onboarding the asset onto Strobes.
  • The number of 'Critical', 'High', 'Medium', 'Low' and 'Info' level issues reported against each asset.
  • The number of vulnerabilities which have a priority score greater than 900.
  • The number of vulnerabilities which have a priority score greater than 800.
  • The number of vulnerabilities which have a priority score greater than 700.

An exported 'Asset Overview Report' looks as follows:

mceclip4.png

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more