🛡️ GuardFoxCopilot Documentation

Reports Center

Generate, schedule, and export security reports across all 17 platform modules. 8 export formats including PDF, Excel, STIX, and MISP.

Route: /reports

How the Reports Center works

Overview

How the Reports Center Works

The Reports Center is a unified reporting layer that sits on top of all 17 GuardFoxCopilot modules. It has four main parts:

Templates — 8 pre-built report templates covering every common use case:

  • Weekly Executive Security Brief (SIEM + Alerts + Dark Web + Compliance + Vuln)
  • Daily SOC Operations Report (Alerts + SIEM + EDR + AI Triage + SOAR)
  • Monthly Compliance Report (Compliance + Alerts + EDR + Vuln)
  • Board-Level Risk Report (Alerts + Compliance + Dark Web + Vuln + Red Team)
  • Threat Intelligence Weekly, Vulnerability Status, BAS Detection Coverage, Endpoint Security

Report Builder — 4-step wizard: pick modules → configure sections and audience → choose formats → download. Multiple formats can be exported in a single run.

Report History — every report is saved with page count, file size, and recipients. Rerun any past report with one click.

Schedules — set reports to run automatically on a frequency (daily/weekly/monthly/real-time) and email to a recipient list.

Audience types

AudienceLanguage styleTypical recipients
Executive / CISOHigh-level, risk-focusedCISO, CEO
SOC / TechnicalFull detail, IOCs, raw dataSOC analysts
Compliance / LegalControl mapping, evidenceLegal, auditors
Board / LeadershipBusiness risk, no jargonBoard members

Export formats explained

How to use

Export Formats

FormatBest forNotes
PDFExecutive briefings, stakeholder deliveryPrint-ready, non-editable
CSVRaw data analysis, Excel importFlat table, one row per finding
JSONSIEM/SOAR webhook integrationMachine-readable, full structure
HTMLWeb-viewable interactive reportSelf-contained, shareable link
Word (DOCX)Board reporting, editable docsFormatted with tables and headers
Excel (XLSX)Spreadsheet analysis, chartsMulti-tab, formula-ready
STIX 2.1Threat sharing with partnersCompatible with Splunk, OpenCTI
MISPMISP threat intel platformDirect event import

Selecting multiple formats

In the Report Builder Step 3, all 8 formats are shown as checkboxes. Select as many as you need — all are generated in a single run and available for download simultaneously.

STIX export

STIX reports include: threat indicators as indicator objects, alerts as observed-data objects, and MITRE techniques as attack-pattern objects with uses relationships. Import directly into Splunk Enterprise Security or OpenCTI.

Scheduling recurring reports

Setup

Scheduling Recurring Reports

  1. Go to Reports → 📅 Schedules → Add Schedule
  2. Choose a base template (or build a custom one first)
  3. Set frequency: Real-time | Daily | Weekly | Monthly
  4. Choose format and audience
  5. Enter email recipients (comma-separated)
  6. Click Create Schedule

Recommended schedule set

ScheduleFrequencyFormatRecipients
Daily SOC BriefDaily 07:00PDFsoc@company.com
Weekly Executive BriefMonday 08:00PDFciso@company.com
Monthly Compliance1st of monthDOCXlegal@company.com
Threat Intel FeedWeeklySTIXSplunk webhook
Board ReportQuarterlyDOCXboard@company.com

Real-time reports

Real-time frequency fires immediately when a new Critical alert is created — ideal for a JSON webhook to your SIEM or PagerDuty. Configure the recipient as a webhook URL in your email field.

Delivery

Reports are emailed via Resend (configured in Settings → Integrations). The PDF is attached directly to the email, not a link. For large reports (>10MB), a download link is sent instead.

All 17 reportable modules

Overview

Reportable Modules

Every module in GuardFoxCopilot contributes metrics to reports. Here's what each one provides:

ModuleKey MetricsReport Types
SIEM / EventsEvents ingested, by source/severity, volume trendEvent Summary, Source Distribution, Timeline
AlertsCreated, closure rate, MTTD, MTTC, AI-triagedAlert Summary, Triage Efficiency, SLA
EDR / EndpointsOnline/offline agents, detections, quarantinesEndpoint Health, Threat Detections
Threat IntelIOC count, feed health, VT lookupsIOC Report, Feed Health, Intel Coverage
Vulnerability MgmtCVEs tracked, KEV matches, patch complianceVuln Summary, KEV Report, Patch Gap
AI Auto-TriageAlerts triaged, avg score, false positive rateTriage Summary, Model Performance
SOAR PlaybooksExecutions, success rate, actions takenPlaybook Summary, Response Efficiency
Deception EngineAssets deployed, interactions, attacker IPsDeception Activity, Attacker Analysis
Dark Web MonitorFindings, credential leaks, records exposedDark Web Summary, Credential Exposure
Attack SurfaceAssets discovered, exposures, expiring certsSurface Summary, Exposure Report
ComplianceControls met %, framework gapsCompliance Summary, Evidence Report
Red Team / BASDetection coverage %, gaps by tacticBAS Summary, Detection Gap, MITRE
UEBAAnomalies detected, flagged usersUEBA Summary, User Risk Report
DNS MonitorDGA detections, tunneling alertsDNS Summary, DGA Report
Cloud PostureMisconfigs, compliance scoreCloud Posture Summary
Bot ManagementBot traffic %, blocked requestsBot Traffic Summary
Shift ReportsAlerts/shift, closure rate, SLA breachesShift Summary, Trend Analysis