Skip to content

Reporting

The Reporting module produces structured exports of your security metrics for use in board reports, compliance evidence, or external analytics tooling. Reports can be generated on demand from the UI or scheduled to deliver automatically.

💡 Reporting vs. Dashboards vs. Reveal: Use Dashboards for at-a-glance, in-platform metrics. Use Reveal for interactive data exploration. Use Reporting when you need a structured CSV or JSON export with a stable schema suitable for ingestion by external systems.

Accessing Reporting

Navigate to Settings > Reporting. The feature is available to users with the Manager or Admin role.

Report Metric Groups

A report can include any combination of the following metric groups. Select the groups relevant to your audience when generating the report.

1. Metadata

High-level information about the report itself:

  • Organisation identifier
  • Report time range
  • Generated-at timestamp
  • Generating user

2. General Value Metrics

Core security KPIs over the selected time range:

  • Total cases opened
  • Cases closed by outcome (True Positive, Benign True Positive, False Positive)
  • Mean Time to Detect (MTTD)
  • Mean Time to Respond (MTTR)
  • Active devices and offline devices

3. Detection Rankings

Ranked lists of the most active detections and threats in your environment:

  • Top 10 detection types by case volume
  • Top 10 hosts by case volume
  • Top 10 users by associated observations

4. MITRE ATT&CK Tactics Analysis

A breakdown of cases and observations by MITRE ATT&CK tactic and technique, useful for measuring coverage and identifying gaps in your detection portfolio.

Generating a Report

  1. Go to Settings > Reporting.
  2. Click Generate Report.
  3. Choose a time range (maximum 31 days per report).
  4. Select the metric groups to include.
  5. Choose the output format (CSV or JSON).
  6. Click Generate.

The report is generated immediately and downloaded to your browser.

💡 Time range limit: A single report covers a maximum of 31 days. For longer-running reports, schedule a recurring monthly report or run multiple consecutive reports and merge them externally.

Output Formats

CSV

Each metric group produces a separate sheet within a ZIP-packaged CSV bundle. The schema for each sheet is stable across releases so that downstream pipelines do not break when new releases ship.

JSON

A single JSON file containing all selected metric groups in a structured tree. Suitable for ingestion by SIEM, BI, or data warehouse tools.

Scheduled Reports

To deliver a report on a recurring schedule:

  1. Go to Settings > Reporting.
  2. Click Schedule Report.
  3. Configure the same time range, metric groups, and format as for a one-off report.
  4. Set the schedule (daily, weekly, or monthly).
  5. Enter one or more recipient email addresses.
  6. Click Save.

Scheduled reports are sent as email attachments. The sender address is noreply@senseon.io — add this address to your mail relay's allow list if reports are not arriving.

Programmatic Access

Report metrics are also available through the SenseOn Connect API. See the API Reference for endpoint details.