Generating AI reports

AI Reports provide automated, intelligent vulnerability analysis and security summaries generated by DeepTraq's AI engine. These reports help you communicate security findings to different audiences, from executives to technical teams.

Key Features:

• Automated report generation
• Multiple report types for different audiences
• Consolidated and individual asset reports
• Custom prompts for tailored analysis
• Export and sharing capabilities

Accessing AI Reports

From Vulnerability Dashboard

1. Navigate to Vulnerability > Vulnerability Dashboard
2. Click the AI Reports tab
3. View all generated reports with details:
   • Report name
   • Tags (if any)
   • Duration (generation time)
   • Age (when generated)
   • Generated timestamp

Report List View

The AI Reports table shows:

• Name: Type of report (e.g., "Asset Exposure", "Executive Summary")
• Tags: Custom tags for organization
• Duration: Time taken to generate the report
• Ago: Relative time since generation (e.g., "1 month ago")
• Generated At: Exact timestamp with timezone

Report Count: Total number of reports is displayed (e.g., "Vulnerabilities AI Reports(8)")

Generating New AI Reports

Starting Report Generation

Click the Generate Report icon (✨) in the AI Reports section to open the report generation dialog.

Report Types Available

1. Executive Summary for Management

Description: High-level overview tailored for executives, highlighting key risks and overall security posture.

Best for:

• Board presentations
• Executive briefings
• Management updates
• Strategic decision-making

Contents:

• Overall risk score
• Critical findings summary
• Business impact analysis
• High-level recommendations
• Compliance status overview

2. Summary of Vulnerabilities

Description: Condensed list of all vulnerabilities found, categorized by severity for quick triage.

Best for:

• Quick security assessments
• Daily/weekly team reviews
• Prioritization meetings
• Status updates

Contents:

• Vulnerability count by severity
• Top critical issues
• Recently detected vulnerabilities
• Severity distribution
• Quick remediation priorities

3. Technical Report of Vulnerabilities

Description: Detailed technical breakdown for IT/security teams including CVEs, affected assets, ports, and scan evidence.

Best for:

• Security operations teams
• Incident response
• Technical remediation
• Detailed vulnerability analysis

Contents:

• Complete CVE details
• Affected assets and versions
• Open ports and services
• Exploit availability
• Technical remediation steps
• Scan evidence and proof

4. Asset Exposure Analysis

Description: Report focusing on exposed assets, accessible services, and potential entry points attackers could exploit.

Best for:

• Attack surface management
• External security reviews
• Penetration testing preparation
• Network security assessment

Contents:

• Internet-facing assets
• Open ports and services
• Exposed applications
• Potential attack vectors
• Network topology insights
• Entry point prioritization

5. Remediation Report

Description: Action-focused report with specific recommendations, patch instructions, and configuration guidance to fix issues.

Best for:

• System administrators
• DevOps teams
• Patch management
• Security remediation tracking

Contents:

• Step-by-step fix instructions
• Patch availability and versions
• Configuration changes needed
• Workarounds for critical issues
• Testing procedures
• Rollback plans

Custom Prompt Option

Using Custom Prompts

Option: "Start from a general-purpose vulnerability assessment and summary prompt (recommended). Customize as needed."

When to Use:

• Need specific analysis not covered by standard reports
• Custom reporting requirements
• Unique compliance needs
• Specialized security assessments

Default Prompt Templates

Template 1: Structured Vulnerability Analysis

You are a cybersecurity assistant tasked with analyzing and summarizing a structured list of 
software vulnerabilities for vulnerability management and reporting purposes.

Each input object represents a vulnerability and may include the following fields:
- `name`, `description`, `cve`, `cwe`, `cvss`, `severity`, `affected`, `mitigation`, `threat`, `impact`,

Use Case: Comprehensive vulnerability breakdown with standard categorization.

Template 2: Grouped Analysis

1. Group related vulnerabilities together (by CVE, description, affected component, or product).
2. For each group, provide:
   - A clear and concise **description of the group**.
   - A **list of affected products or systems** (with versions or IPs if available).
   - Suggested **mitigations or patches** (if known).

Use Case: Organizing vulnerabilities by common factors for easier remediation planning.

Template 3: Risk Prioritization

### Overall Risk Prioritization

1. <Critical issue #1>
2. <Important issue #2>
3. <Moderate issue #3>

Use Case: Executive-level prioritization focusing on business-critical risks.

Creating Custom Prompts

1. Check the custom prompt option checkbox
2. Enter your specific requirements in the text field
3. Customize based on:
   • Your organization's needs
   • Specific compliance frameworks
   • Audience requirements
   • Reporting standards
4. Click Save to generate the report

Tips for Effective Custom Prompts:

• Be specific about what you want included
• Specify the audience (technical, executive, etc.)
• Include any required formatting or structure
• Mention specific compliance frameworks if needed
• Request specific metrics or KPIs

Report Generation Process

Consolidated vs. Individual Reports

Consolidated Reports (Default):

• Analyzes all assets together
• Provides organization-wide view
• Shows overall security posture
• Identifies common patterns
• Recommended for most use cases

Individual Reports:

• Separate report for each asset
• Asset-specific findings
• Detailed per-system analysis
• Useful for large environments

Generation Time

Report generation time varies based on:

• Number of vulnerabilities: More findings = longer generation
• Report complexity: Technical reports take longer than summaries
• Asset count: More assets = longer processing
• Custom prompts: Complex prompts may take additional time

Typical Generation Times:

• Executive Summary: 20-30 seconds
• Summary of Vulnerabilities: 30-60 seconds
• Technical Report: 1-3 minutes
• Asset Exposure Analysis: 2-3 minutes
• Remediation Report: 1-2 minutes

Working with Generated Reports

Viewing Reports

Click on any report name to expand and view the full content.

Report Display:

• Full report text with formatting
• Structured sections and headers
• Bullet points and lists
• Code blocks for technical details
• Tables for data comparison

Example Report Preview:

Executive Summary: High-Risk Asset Exposure Analysis

Overview
Three assets (172.188.28.178, 48.217.249.14, 57.155.9.75) are at high exposure risk, 
each hosting 41-43 vulnerabilities, with the highest severity rated at 9.6. All assets 
share identical critical vulnerabilities in Apache HTTP Server, OpenSSH, and Lighttpd...

Key Findings by Category

1. Apache HTTP Server Vulnerabilities (Multiple CVEs, Severity 5.0-9.8)
   • Includes critical issues: authentication bypass, buffer overflows, HTTP request/response 
     smuggling, denial of service (DoS), and memory corruption.
   • Affected versions range from 2.4.0 to 2.4.59; requires upgrade to 2.4.64 or later...

Report Actions

Copy Report

Click the Copy icon to copy the entire report content to clipboard for:

• Pasting into documents
• Sharing via email
• Adding to presentations
• Documentation purposes

Download Report

Click the Download icon to save the report as a file:

• Format: PDF, DOCX, or TXT
• Naming: Auto-named with report type and timestamp
• Location: Downloads to your default folder

File naming convention: [Report_Type]_[Date]_[Time].pdf Example: Executive_Summary_2025-10-15_14-30.pdf

Expand/Collapse

• Click the expand arrow (▶) to view full report
• Click the collapse arrow (▼) to minimize report
• Useful for browsing multiple reports quickly

Delete Report

Click the delete icon (🗑️) to permanently remove a report from the list.

Report Management

Searching Reports

Use the Search Result box to find specific reports by:

• Report name
• Tags
• Keywords in report content
• Generation date

Filtering Reports

By Time Period:

• Use the date filter to show reports from specific timeframes
• Options: Today, Last 7 days, Last 30 days, Custom range

By Report Type:

• Filter by report category
• Show only specific report types

Organizing Reports

Tagging:

• Add custom tags to reports for organization
• Tag by project, team, compliance requirement, etc.
• Filter by tags for quick access

Pagination:

• Adjust rows per page (20, 50, 100)
• Navigate through pages of reports
• View report count (e.g., "1-8 of 8 rows")

Report Types in Detail

Asset Exposure Report Example

Report Name: "Asset Exposure" or "Consolidated Asset Exposure"

Duration: ~183 seconds (3 minutes)

Contents:

• List of exposed assets with IP addresses
• Vulnerability count per asset
• Highest severity rating
• Critical vulnerabilities shared across assets
• Service-specific findings (Apache, OpenSSH, etc.)
• Version information
• Recommended upgrades

Technical Vulnerability Report Example

Report Name: "Detailed Technical Vulnerability" or "Consolidated Detailed Technical Vulnerability"

Duration: ~42-146 seconds

Contents:

• Complete CVE listings
• CVSS scores and vectors
• CWE classifications
• Affected software versions
• Exploit availability status
• Proof of vulnerability
• Detailed remediation steps
• References and links

Vulnerability Scan Summary Example

Report Name: "Vulnerability Scan Summary" or "Consolidated Vulnerability Scan Summary"

Duration: ~29-63 seconds

Contents:

• Total vulnerability count
• Severity distribution
• Top 10 critical findings
• Newly detected vulnerabilities
• Remediated issues since last scan
• Scan coverage statistics
• Overall risk trend

Executive Summary Example

Report Name: "Executive Summary for Management"

Duration: ~28 seconds

Contents:

• Security score and trend
• Top 3-5 critical risks
• Business impact assessment
• Compliance status
• Resource requirements
• Recommended investments
• Timeline for remediation

Remediation Report Example

Report Name: "Vulnerability Remediation"

Duration: ~46 seconds

Contents:

• Prioritized remediation plan
• Patch availability
• Step-by-step fix instructions
• Configuration changes
• Testing procedures
• Estimated time to fix
• Rollback procedures

Best Practices

When to Generate Reports

Regular Intervals:

• Executive Summary: Monthly or quarterly
• Technical Reports: After each scan
• Remediation Reports: Weekly for active remediation
• Asset Exposure: Monthly or after infrastructure changes

Triggered Events:

• After discovering critical vulnerabilities
• Before security audits
• For incident response
• When requesting budget approvals

Choosing the Right Report Type

For Executives and Management: ✓ Executive Summary for Management ✓ Summary of Vulnerabilities

For Security Teams: ✓ Technical Report of Vulnerabilities ✓ Remediation Report

For Network Teams: ✓ Asset Exposure Analysis ✓ Technical Report of Vulnerabilities

For Compliance: ✓ Executive Summary (with compliance focus) ✓ Technical Report ✓ Custom prompt with compliance framework

Custom Prompt Guidelines

Effective Custom Prompts Should:

• Specify the target audience
• Define required sections
• Include specific frameworks (PCI-DSS, ISO 27001, etc.)
• Request specific metrics
• Define the level of technical detail
• Specify formatting preferences

Example Custom Prompt:

Generate a PCI-DSS compliance report focusing on:
1. All vulnerabilities affecting cardholder data environment
2. Critical and high severity issues only
3. Specific PCI-DSS requirement mappings
4. Remediation timeline estimates
5. Compensating controls where applicable

Format as an executive summary suitable for QSA review.

Understanding Report Metrics

Duration

Time taken to generate the report in seconds. Factors affecting duration:

• Complexity of analysis
• Number of vulnerabilities
• Asset count
• Custom prompt complexity

Age

Relative time since report generation:

• "1 month ago"
• "2 weeks ago"
• "3 days ago"
• "2 hours ago"

Note: Older reports may not reflect current security posture. Regenerate reports regularly for updated analysis.

Generated At

Exact timestamp when report was created:

• Format: Month Day, Year at HH:MM:SS (Timezone)
• Example: "August 29, 2025 at 21:09:28 (UTC+05:30)"

AI Reports are continuously improved based on latest security intelligence and user feedback to provide the most relevant and actionable security insights.