Reports#

What Reports Are#

Reports are the deliverable output of SilentBolt scans. They package scan findings, risk summaries, and technical evidence into structured documents that can be shared with stakeholders, clients, auditors, and technical teams.

SilentBolt generates reports automatically at the end of each completed scan. Two formats are available:

  • PDF — formatted for human consumption, presentations, and client delivery.
  • JSON — structured data for programmatic consumption, integration with other tools, or archival.

Why Reports Exist#

Security scanning generates data. Reports turn that data into communication — they answer questions like "What did we find?", "How bad is it?", and "What should we do about it?" for audiences with different technical backgrounds and decision-making roles.

Who Uses This#

Audience Format What They Look For
Executives / management PDF Executive summary, overall risk level, trend direction
Security analysts PDF or JSON Detailed findings, evidence, remediation guidance
Developers PDF Specific findings relevant to their code, reproduction steps
Compliance / auditors PDF Scan scope, methodology, timestamped evidence
External tools / pipelines JSON Structured finding data for ingestion into SIEM, ticketing, or dashboards
Client delivery (MSSPs) PDF Professional, client-ready security assessment report

What's in a Report#

PDF Report#

The PDF report is designed to be readable end-to-end and includes:

  1. Executive Summary — high-level risk overview, total findings by severity, key statistics.
  2. Scan Metadata — domain scanned, scan date and duration, scan profile used, template (if any).
  3. Risk Summary — aggregate counts: critical, high, medium, low, info. New/changed/escalated finding counts.
  4. Findings Section — each finding listed with:
    • Title and description.
    • Severity badge.
    • Matched URL, host, port, and path.
    • Template ID (for template-based findings).
    • Evidence / raw payload.
    • Remediation guidance (where available).
  5. Hosts and Endpoints — summary of discovered attack surface.
  6. Scan Scope — what was scanned, which tools were used.

JSON Report#

The JSON report contains the same data in a structured format:

  • Machine-parsable finding records with all fields.
  • Risk summary object.
  • Host and endpoint arrays.
  • Scan metadata.

JSON reports are useful for:

  • Importing findings into a SIEM or security data lake.
  • Feeding into CI/CD pipelines for automated quality gates.
  • Generating custom reports or visualizations in your own tools.

Typical Reporting Workflow#

For a Security Analyst#

  1. Run or review a completed scan.
  2. Triage findings — update governance statuses as needed. (Reports reflect the governance state at generation time.)
  3. Navigate to the scan detail page → Reports section.
  4. Download the PDF report.
  5. Review the PDF for accuracy and completeness before sharing.
  6. Distribute to relevant stakeholders.

For an MSSP Delivering to a Client#

  1. Complete scanning and triage for the client domain.
  2. Download the PDF report.
  3. Optionally, customize the cover page or add a client-specific summary (manual step until template customization is available).
  4. Deliver the PDF along with a summary email or meeting debrief.

For a Developer Receiving a Report#

  1. Receive the PDF from the security team.
  2. Search for findings relevant to your services or endpoints.
  3. Review the evidence and remediation hints.
  4. Implement fixes and request a re-scan to verify remediation.

How to Export Reports#

From the Scan Detail Page#

  1. Navigate to Scans → select the completed scan.
  2. Scroll to the Reports section.
  3. Click Download PDF or Download JSON.
  4. The file is downloaded to your local machine.

Report files are served via authenticated API endpoints. The download URLs require a valid JWT token (passed as a query parameter or Authorization header).

Common Actions#

Action How
Download PDF report Scan detail → Reports → Download PDF
Download JSON report Scan detail → Reports → Download JSON
View report generation status Scan detail → check if scan status is done
Share report Download → distribute via email, Slack, or your delivery channel

Best Practices#

  • Triage findings before sharing reports. The report reflects governance statuses at generation time. Marking false positives before export produces a cleaner report for stakeholders.
  • Use PDF for human audiences, JSON for machines. Don't send JSON to executives; don't parse PDFs in scripts.
  • Review the executive summary before client delivery. Ensure the risk assessment aligns with your professional assessment.
  • Archive JSON exports for historical compliance records and trend analysis.
  • Include scan context when sharing. A report without context (scan scope, date, profile) can be misinterpreted.

Edge Cases and Warnings#

  • Reports require a completed scan. Reports are generated during the post-processing phase when the scan status transitions to done. Failed or canceled scans may not have complete reports.
  • Report content is a point-in-time snapshot. If you change governance statuses after the scan completes, the existing report is not regenerated. The report reflects the state at scan completion.
  • Large findings sets. Scans with hundreds of findings produce large PDFs. Consider filtering or summarizing for executive audiences.
  • File storage. Reports are stored on the server filesystem under ./data/. Ensure adequate disk space for report retention.

Related Pages

ScansFindingsDashboardWorkflow: Exporting Reports
PreviousFindings
NextAttack Orchestration