Reporting
This area provides available reports that help you monitor and share the state of your assets, vulnerabilities, and compliance with security requirements. These report types are availlable:
- "Compliance report on asset vulnerabilities": all data neccessary to evaluate compliance with the Cyber Resilience Act (CRA) - see also Compliance report on asset vulnerability
- "Implemented tasks": lists all tasks that have been marked as implemented by this customer in this system via 'Mark as implemented' since the system was set up for this customer
| Number | Description |
|---|---|
| ① | Button to select all report types of Detailed data |
| ② | Button to select the respective single report |
| ③ | Display of the number of selected reports |
| ④ | Button to download all selected reports |
Compliance Report on asset vulnerability
The Compliance Report on asset vulnerability according to the Cyber Resilience Act (CRA) provides detailed information about the state changes of asset vulnerabilities in the system over time. This report is designed to help machine builders meet CRA compliance requirements by providing a comprehensive log of asset vulnerability events.
Events Logged
The following events are included in the log:
- Asset created
- Asset Vulnerability matched
- Task created
- Task published
- Task implemented
- Asset Vulnerability status changed (e.g., "Risk accepted", "closed", "reopened", "obsolete", "not relevant")
- Asset deleted
Exported Fields
The following fields are included in the exported .CSV file:
| Field Name | Description |
|---|---|
product |
Asset product at the time the log is created |
asset_name |
External ID of the asset (device_instance_id/csv_import_id) |
ip |
First IP address of the asset |
vendor |
Asset vendor |
serial_number |
Serial number of the asset |
firmware_version |
Firmware version of the asset |
article_number |
Article number of the asset |
vulnerability |
CVE (Common Vulnerabilities and Exposures) identifier |
publisher |
Publisher of the vulnerability |
date |
Timestamp of the event in YYYY-MM-DD HH:MM:SS format UTC time |
changed_by |
Indicates whether the change was made by a "user" or the "system" |
vulnerability_status |
Current status of the vulnerability (e.g., "open", "planned", "risk accepted", etc.) |
action_type |
Type of action performed (e.g., "vulnerability matched", "mitigation added", etc.) |
task_type |
Type of task created (e.g., "vendor fix", "workaround or mitigation", "custom") |
details |
Details of the task (e.g., "firmware update to {value}", text of the mitigation task, etc.) |
zone |
Zone name of the asset at the time of the log |