⇤ Reports
Overview
This report shows Diligence event details, including evidence, grade, start date, end date, and risk vector specific information.
Generating this Report
- Open the Reports page in the SPM app.
- Locate the Diligence card.
- Mouseover the card and select Create.
- Select the checkbox to indicate whether or not to limit the report to events that impact risk vector grades.
- Select a company from the list. You can use the available filters or the search field to quickly find a specific company.
- Select risk vectors or tags to include in the report.
- Select View to generate the report.
Once generated, you can edit, save, schedule, or download the report.
You must download this report to view it. If you select multiple risk vectors while creating the report, a report is generated for each risk vector as a separate .csv file. The group of .csv files is downloaded in a .zip folder.
Reading this Report
This report generates a .csv of event details for each risk vector selected.
All Diligence reports include the following columns:
Column Name |
Description |
Risk Vector |
The risk vector associated with the event. |
First Seen |
The date of the first observation. |
Last Seen |
The date of the most recent observation. |
Host |
The host IP where the event was observed. |
Impacts Grade |
Indicates whether the event impacts the risk vector grade. |
Grade |
The risk vector grade assigned to the event. |
Details |
Details of the event. |
Remediation Instructions |
The recommended remediation instructions. |
Tags |
Tags assigned to the IP address associated with the event. |
Comments |
A thread of comments about the event. |
Reports for some risk vectors include columns specific to that risk vector. These are listed in the tables below.
Desktop Software
Column Name |
Description |
OS |
The detected OS. |
OS Version |
The current version of the detected OS. |
OS Grade |
An assessment of the detected OS based on the version’s support status. |
OS Support |
The support status of the current OS version. |
Browser |
The detected browser. |
Browser Version |
The current version of the detected browser. |
Browser Grade |
An assessment of the detected browser based on the version’s support status. |
Browser Support |
The support status of the current browser version. |
Estimation of Users |
The estimated number of users based on visible web activity. |
Host IPs |
Origin of the request(s). Sample of the host IPs detected using this combination of Operating System and Browser. |
Mobile Software
Column Name |
Description |
OS |
The detected OS. |
OS Version |
The current version of the detected OS. |
OS Grade |
An assessment of the detected OS based on the version’s support status. |
OS Support |
The support status of the current OS version. |
Browser |
The detected browser. |
Browser Version |
The current version of the detected browser. |
Browser Grade |
An assessment of the detected browser based on the version’s support status. |
Browser Support |
The support status of the current browser version. |
Host IPs |
Origin of the request(s). Sample of the host IPs detected using this combination of Operating System and Browser. |
Open Ports
Column Name |
Description |
Ports |
The number of the destination port identified in the finding. In Open Ports, it is the port associated with the service observed. |
Product |
The product or service observed on the port. |
Transport Method |
The transmission protocol (TCP or UDP) used in the connection. |
Patching Cadence
Server Software
Column Name |
Description |
Ports |
Ports where the server software was detected. |
Type |
The type of server software package. |
Version |
The current version of the server software package. |
SSL Certificates
Column Name |
Description |
Key Evidence |
The hostname or IP address associated with the certificate. |
Certificate start date |
The date when the certificate’s validity begins. |
Certificate end date |
The date when the certificate’s validity expires. |
Key Length (bits) |
The length of the key used to sign this certificate. |
Key Algorithm |
The cryptographic algorithm used to generate the key. |
Signing Algorithm |
The cryptographic algorithm used to sign this certificate. |
Issuer |
The certificate authority that issued this certificate. |
Subject |
Information describing the host secured by this certificate. |
Subject Alternate Names |
The domain names secured by this certificate. |
Serial Number |
The serial number of this certificate in decimal format. |
SSL Certificate Source |
IP addresses where the certificate was seen on the most recent day. |
SSL Configurations
Column Name |
Description |
Belongs to service provider?* |
The IP in this finding belongs to a service provider, but is being used by the organization with the finding. |
Diffie-Hellman Prime Name |
Named Diffie-Hellman primes are published values, sourced from software libraries or other publications, used during key exchange. |
Diffie-Hellman Prime |
The Diffie-Hellman prime (start and end) used for key negotiation. |
Diffie-Hellman Prime Length |
The number of bits in the Diffie-Hellman prime. |
Name |
The distinguished name of the owner (host) of the certificate. |
Subject |
Information describing the host secured by this certificate. |
Issuer |
The certificate authority that issued this certificate. |
Serial Number |
The serial number of this certificate in decimal format. |
Web Application Headers
Column Name |
Description |
Final Location |
URL where headers were observed. |
Cache-Control |
Indicates if the Cache-Control header is missing. |
Content-Security-Policy |
Indicates if the Content-Security-Policy header is missing. |
Strict-Transport-Security |
Indicates whether the Strict-Transport-Security header is missing. |
X-Content-Type-Options |
Indicates if the X-Content-Type-Options header is missing. |
Sample IP Addresses |
IP addresses associated with the event. |
Web Application Security
Column Name |
Description |
Assessment Name |
Name of the assessment. |
Failed Evidence |
The amount of failed evidence associated with the finding. |
Total Evidence |
The total amount of evidence associated with the finding. |
August 15, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.