Reports Guide¶
Smailander's reporting system allows you to generate comprehensive security reports for analysis, compliance, and stakeholder communication.
Report Overview¶
Report Types¶
Smailander provides several pre-configured report types:
| Report Type | Frequency | Audience | Purpose |
|---|---|---|---|
| Daily Digest | Daily | Security Team | Daily activity summary |
| Weekly Summary | Weekly | Security Team | Weekly trends and analysis |
| Monthly Analysis | Monthly | Management | Monthly comprehensive review |
| Executive Summary | Monthly | Executives | High-level overview |
| Compliance Report | Quarterly | Compliance | Regulatory compliance |
| Incident Report | On-demand | Security Teams | Incident documentation |
| Custom Report | As needed | Any | Tailored reports |
Report Generation Flow¶
graph TD
A[Select Report Type] --> B{Report Type?}
B -->|Standard| C[Configure Parameters]
B -->|Custom| D[Build Custom Report]
C --> E[Generate Report]
D --> E
E --> F{Format?}
F -->|PDF| G[Download PDF]
F -->|CSV| H[Download CSV]
F -->|JSON| I[Download JSON]
F -->|Email| J[Send via Email]
Standard Reports¶
Daily Digest Report¶
Daily summary of email honeypot activity.
Report Contents¶
# Daily Digest - March 12, 2026
## Executive Summary
- Total Emails: 428
- Threats Detected: 287 (67%)
- Detection Rate: 92%
- Critical Threats: 45
## Threat Breakdown
- Malware: 98 (34%)
- Spam: 189 (66%)
- Phishing: 67 (23%)
## Top Threats
1. spam@bad1.com - 45 emails
2. phishing@evil.com - 34 emails
3. malware@bad2.com - 28 emails
## Geographic Distribution
1. Russia: 89 (31%)
2. China: 56 (19%)
3. Brazil: 34 (12%)
## New Threats
- New malware: Ransom.NewVariant.001
- New phishing campaign: Holiday Gift Scam
## Anomalies
- Volume spike detected at 14:30 UTC
- Unusual geographic activity from Antarctica
## Recommendations
- Review 12 critical threats
- Block 3 new malicious domains
- Update firewall rules for 2 new IPs
Scheduling¶
{
"report_id": "daily_digest",
"name": "Daily Digest",
"frequency": "daily",
"time": "09:00",
"timezone": "UTC",
"format": "pdf",
"recipients": ["security@company.com"]
}
Weekly Summary Report¶
Comprehensive weekly analysis.
Report Sections¶
- Executive Summary
- Key metrics
- Week-over-week comparison
-
Critical incidents
-
Email Volume Analysis
- Daily breakdown
- Volume trends
-
Peak times
-
Threat Analysis
- Threat type distribution
- Threat score trends
-
Top threats
-
Geographic Analysis
- Top countries
- Geographic trends
-
Anomalies
-
Malware Analysis
- Malware types
- New malware families
-
Malware trends
-
Honeypot Performance
- Honeypot comparison
- Effectiveness metrics
-
Recommendations
-
Sender Analysis
- Top threat senders
- Sender reputation
-
Blacklist updates
-
Trends and Patterns
- Weekly patterns
- Recurring campaigns
-
Anomaly detection
-
Recommendations
- Security improvements
- Configuration changes
- Action items
Scheduling¶
{
"report_id": "weekly_summary",
"name": "Weekly Summary",
"frequency": "weekly",
"day": "monday",
"time": "09:00",
"timezone": "UTC",
"format": "pdf",
"recipients": [
"security@company.com",
"security-lead@company.com"
]
}
Monthly Analysis Report¶
In-depth monthly review for management.
Report Structure¶
# Monthly Security Report - March 2026
## Executive Dashboard
┌─────────────┬───────────┬──────────┬─────────┐
│ Metric │ Current │ Previous │ Change │
├─────────────┼───────────┼──────────┼─────────┤
│ Emails │ 12,847 │ 11,172 │ ↑ 15% │
│ Threats │ 8,590 │ 7,661 │ ↑ 12% │
│ Detection % │ 92% │ 91% │ ↑ 1% │
└─────────────┴───────────┴──────────┴─────────┘
## Monthly Trends
[Detailed charts and analysis]
## Threat Intelligence
- New malware families detected: 5
- New phishing campaigns: 3
- Major security incidents: 2
## Honeypot Performance
[Performance metrics by honeypot]
## Geographic Analysis
[Detailed geographic breakdown]
## Compliance Status
- GDPR: ✅ Compliant
- Data retention: ✅ 180-day policy maintained
- Audit logs: ✅ Complete
## Recommendations
1. Increase honeypot coverage in Asia region
2. Update detection thresholds for ransomware
3. Review and update custom detection rules
4. Schedule additional security awareness training
## Appendix
- Detailed data tables
- Charts and graphs
- Raw data exports
Scheduling¶
{
"report_id": "monthly_analysis",
"name": "Monthly Analysis",
"frequency": "monthly",
"day_of_month": 1,
"time": "09:00",
"timezone": "UTC",
"format": "pdf",
"recipients": [
"security@company.com",
"security-lead@company.com",
"cto@company.com",
"compliance@company.com"
]
}
Executive Summary Report¶
High-level overview for executives.
Report Contents¶
# Executive Security Summary - Q1 2026
## Security Posture
Overall Threat Level: MODERATE ↗
## Key Metrics (Last Quarter)
- Total Emails: 38,541
- Threats Blocked: 35,234 (91%)
- Critical Incidents: 3
- Zero-Day Threats: 2
## Security Improvements
✅ Detection rate increased 5%
✅ False positive rate decreased 3%
✅ New honeypots deployed: 12
✅ Security awareness training completed
## Risk Assessment
- High: Sophisticated phishing campaigns
- Medium: Ransomware evolution
- Low: Spam volume (stable)
## Budget Impact
- Current utilization: 75%
- Recommended: Scale infrastructure by 20%
- Estimated cost: $2,000/month
## Strategic Recommendations
1. Invest in AI-powered threat detection
2. Expand honeypot coverage globally
3. Implement SOAR integration
4. Conduct quarterly security assessments
Compliance Report¶
Regulatory compliance documentation.
Report Sections¶
- GDPR Compliance
- Legal basis: Legitimate Interest (Article 6(1)f)
- Data minimization: ✅
- Purpose limitation: ✅
- Data retention: 180 days ✅
- User rights: ✅
-
Security measures: ✅
-
Data Handling
- Data collection methods
- Processing activities
- Third-party disclosures
-
Data transfers
-
Security Controls
- Encryption at rest
- Encryption in transit
- Access controls
-
Audit logging
-
Incident Response
- Incident detection
- Response procedures
- Notification processes
-
Documentation
-
Audit Trail
- Data access logs
- Modification logs
- Deletion logs
- Retention compliance
Scheduling¶
{
"report_id": "compliance_report",
"name": "Compliance Report",
"frequency": "quarterly",
"schedule": "quarter_end",
"time": "09:00",
"timezone": "UTC",
"format": "pdf",
"recipients": [
"compliance@company.com",
"legal@company.com",
"dpo@company.com"
]
}
Incident Report¶
Documentation of security incidents.
Report Template¶
# Security Incident Report - INC-2026-001
## Incident Details
- Incident ID: INC-2026-001
- Date/Time: 2026-03-12T14:30:15Z
- Severity: HIGH
- Status: RESOLVED
## Description
A coordinated phishing campaign targeting executive honeypots was detected.
## Impact
- Emails received: 234
- Executives targeted: 5
- Malware detected: 12
- Data compromised: None (honeypots)
## Timeline
- 14:30 UTC: First email detected
- 14:35 UTC: Pattern identified
- 14:40 UTC: Alert triggered
- 14:45 UTC: Security team notified
- 15:00 UTC: Incident response initiated
- 16:00 UTC: Mitigation completed
## Root Cause
Phishing campaign using brand impersonation and urgency tactics.
## Actions Taken
1. Blocked 12 malicious domains
2. Updated firewall rules for 5 IP addresses
3. Notified targeted executives
4. Added custom detection rules
5. Documented indicators of compromise
## Lessons Learned
- Need faster detection of brand impersonation
- Executive honeypots require higher monitoring frequency
- Consider implementing brand protection service
## Recommendations
1. Implement brand protection monitoring
2. Increase executive honeypot monitoring frequency
3. Conduct phishing awareness training for executives
4. Review and update incident response procedures
## References
- Related emails: 234
- Threat intelligence: Updated
- Compliance: GDPR compliant
Custom Reports¶
Report Builder¶
Create custom reports with the report builder:
Step 1: Basic Information¶
{
"report": {
"name": "Vendor Security Assessment",
"description": "Assess security of third-party vendors",
"owner": "security@company.com",
"category": "vendor_security"
}
}
Step 2: Data Source¶
Select data sources:
{
"data_sources": {
"emails": true,
"honeypots": ["vendor-leak@company.com"],
"threats": true,
"senders": true,
"domains": true,
"geographic": false,
"malware": true
}
}
Step 3: Filters¶
Apply filters:
{
"filters": {
"date_range": {
"start": "2026-03-01",
"end": "2026-03-31"
},
"honeypots": ["vendor-leak@company.com"],
"threat_score": {
"min": 60
},
"include_clean": false
}
}
Step 4: Sections¶
Select report sections:
{
"sections": [
"executive_summary",
"email_analysis",
"threat_breakdown",
"top_threats",
"recommendations"
]
}
Step 5: Formatting¶
Choose formatting options:
{
"formatting": {
"format": "pdf",
"include_charts": true,
"include_tables": true,
"logo": "company-logo.png",
"theme": "corporate",
"page_numbers": true
}
}
Step 6: Delivery¶
Configure delivery:
{
"delivery": {
"method": "email",
"recipients": [
"security@company.com",
"vendor-relations@company.com"
],
"schedule": {
"frequency": "monthly",
"day_of_month": 15,
"time": "09:00",
"timezone": "UTC"
}
}
}
Custom Report Templates¶
Save frequently used custom reports as templates:
{
"template": {
"id": "vendor_assessment",
"name": "Vendor Security Assessment",
"description": "Standard vendor security assessment",
"is_public": false,
"created_by": "security@company.com"
}
}
Report Formatting¶
PDF Reports¶
Features: - Professional formatting - Charts and visualizations - Tables and lists - Custom branding - Page navigation
Branding Options:
{
"branding": {
"logo": "company-logo.png",
"primary_color": "#0066cc",
"secondary_color": "#004499",
"font": "Arial",
"header": "Company Security Report",
"footer": "Confidential - Internal Use Only"
}
}
CSV Reports¶
Features: - Spreadsheet compatible - Raw data export - Filters applied - Comma-separated values - UTF-8 encoding
CSV Structure:
email_id,honeypot,from,to,subject,threat_score,threat_type,received_at
email_001,test@company.com,spam@bad.com,test@company.com,Subject,85,THREAT,2026-03-12T14:30:15Z
email_002,monitor@company.com,phish@evil.com,monitor@company.com,Urgent,92,CRITICAL,2026-03-12T14:35:22Z
JSON Reports¶
Features: - Structured data - Programmatic access - API-compatible - Nested objects - Data types preserved
JSON Structure:
{
"report": {
"id": "report_001",
"name": "Custom Report",
"generated_at": "2026-03-12T14:30:15Z",
"data": {
"emails": [...],
"threats": [...],
"analytics": {...}
}
}
}
Excel Reports¶
Features: - Multiple sheets - Formulas - Conditional formatting - Pivot tables - Charts
Sheet Structure: - Summary: Key metrics and charts - Emails: Detailed email data - Threats: Threat analysis - Senders: Sender information - Analytics: Statistical analysis
Report Scheduling¶
Scheduling Options¶
| Frequency | Scheduling | Example |
|---|---|---|
| Hourly | Every X hours | Every 6 hours |
| Daily | Specific time | Daily at 09:00 UTC |
| Weekly | Day of week | Every Monday |
| Monthly | Day of month | 1st of every month |
| Quarterly | Quarter end | At end of Q1, Q2, Q3, Q4 |
| Yearly | Specific date | January 1st |
| Custom | Cron expression | 0 9 * * 1 (9 AM on Monday) |
Schedule Configuration¶
{
"schedule": {
"report_id": "monthly_analysis",
"frequency": "monthly",
"day_of_month": 1,
"time": "09:00",
"timezone": "UTC",
"end_date": "2026-12-31",
"retry_policy": {
"max_attempts": 3,
"retry_interval": "1h"
}
}
}
Schedule Management¶
View Scheduled Reports¶
Scheduled Reports
Report ID │ Name │ Frequency │ Next Run │ Status
─────────────────┼────────────────┼───────────┼───────────────────┼────────
daily_digest │ Daily Digest │ Daily │ 2026-03-13 09:00 │ Active
weekly_summary │ Weekly Summary │ Weekly │ 2026-03-18 09:00 │ Active
monthly_analysis │ Monthly Anal. │ Monthly │ 2026-04-01 09:00 │ Active
Pause/Resume Schedule¶
# Pause schedule
PUT /api/reports/{report_id}/pause
# Resume schedule
PUT /api/reports/{report_id}/resume
Delete Schedule¶
Report Delivery¶
Email Delivery¶
Send reports via email:
{
"delivery": {
"method": "email",
"recipients": [
{
"email": "security@company.com",
"name": "Security Team"
},
{
"email": "cto@company.com",
"name": "CTO"
}
],
"subject": "Monthly Security Report - March 2026",
"body": "Please find attached the monthly security report.",
"attachments": [
{
"filename": "monthly-report-march-2026.pdf",
"format": "pdf"
}
]
}
}
Webhook Delivery¶
Send reports to webhook endpoint:
{
"delivery": {
"method": "webhook",
"url": "https://your-server.com/reports",
"secret": "webhook-secret-key",
"format": "json"
}
}
Webhook Payload:
{
"event": "report.generated",
"report_id": "report_001",
"report_name": "Monthly Analysis",
"generated_at": "2026-03-12T14:30:15Z",
"format": "pdf",
"download_url": "https://smailander.com/download/report_001.pdf",
"signature": "sha256=abc123..."
}
FTP/SFTP Delivery¶
Upload reports to FTP/SFTP server:
{
"delivery": {
"method": "sftp",
"host": "ftp.company.com",
"port": 22,
"username": "reports",
"password": "encrypted_password",
"directory": "/reports/security",
"filename_pattern": "{report_name}_{date}.{ext}"
}
}
Download Link¶
Generate temporary download link:
{
"delivery": {
"method": "download_link",
"expires_at": "2026-03-13T14:30:15Z",
"password_protected": false
}
}
Response:
{
"download_url": "https://smailander.com/download/report_001?token=abc123",
"expires_at": "2026-03-13T14:30:15Z",
"format": "pdf",
"size": "2.5MB"
}
Report Distribution¶
Recipient Management¶
Add and manage report recipients:
{
"recipients": [
{
"id": "recipient_001",
"email": "security@company.com",
"name": "Security Team",
"role": "security",
"reports": ["daily_digest", "weekly_summary"],
"preferences": {
"format": "pdf",
"frequency": "as_scheduled"
}
}
]
}
Recipient Groups¶
Create recipient groups for easy management:
{
"group": {
"id": "executive_team",
"name": "Executive Team",
"description": "C-level executives",
"members": [
"cto@company.com",
"cio@company.com",
"ciso@company.com",
"ceo@company.com"
],
"reports": ["executive_summary", "monthly_analysis"]
}
}
Report Templates¶
Standard Templates¶
| Template | Description | Sections |
|---|---|---|
| Standard | Balanced report | All standard sections |
| Executive | High-level overview | Summary, key metrics, recommendations |
| Technical | Detailed technical | All sections with technical details |
| Compliance | Regulatory focus | Compliance, audit, data handling |
| Incident | Incident-focused | Timeline, impact, actions, lessons |
Custom Templates¶
Create custom templates:
{
"template": {
"id": "custom_vendor",
"name": "Vendor Security Template",
"description": "Custom template for vendor security assessments",
"sections": [
{
"id": "executive_summary",
"order": 1,
"required": true
},
{
"id": "vendor_overview",
"order": 2,
"required": true
},
{
"id": "threat_analysis",
"order": 3,
"required": true
},
{
"id": "recommendations",
"order": 4,
"required": true
}
],
"formatting": {
"format": "pdf",
"theme": "corporate",
"include_logo": true
}
}
}
Best Practices¶
1. Report Design¶
- Know your audience: Tailor content to recipients
- Keep it concise: Include only relevant information
- Use visuals: Charts and graphs improve comprehension
- Be consistent: Use consistent formatting and terminology
2. Scheduling¶
- Set appropriate frequency: Daily for ops, monthly for execs
- Choose optimal times: Send when recipients are available
- Consider time zones: Schedule for recipient's time zone
- Test schedules: Verify reports are sent as expected
3. Distribution¶
- Use recipient groups: Simplify distribution management
- Verify email addresses: Ensure delivery
- Monitor delivery failures: Address issues promptly
- Provide alternative access: Allow on-demand downloads
4. Content Management¶
- Review templates periodically: Update as needs change
- Archive old reports: Maintain historical records
- Document custom reports: Keep record of report purpose
- Standardize where possible: Use templates for consistency
Troubleshooting¶
Report Not Generating¶
Symptom: Scheduled report not generated
Solutions: 1. Verify schedule is active 2. Check report configuration 3. Review error logs 4. Check system status 5. Contact support if persistent
Report Not Delivered¶
Symptom: Report generated but not delivered
Solutions: 1. Verify recipient email addresses 2. Check email service status 3. Review delivery logs 4. Check spam folder 5. Test email delivery manually
Report Formatting Issues¶
Symptom: Report formatting is incorrect
Solutions: 1. Verify template configuration 2. Check branding settings 3. Review data sources 4. Try different format 5. Contact support for complex issues
Large Report Generation Fails¶
Symptom: Large reports fail to generate
Solutions: 1. Reduce date range 2. Apply more filters 3. Exclude unnecessary sections 4. Increase system resources 5. Use on-demand generation for large reports
Next Steps¶
- Analytics - Advanced analytics
- API: Reports - Programmatic report access
- Technical Guide - System architecture
Need Help?¶
- FAQ - Common questions
- Troubleshooting - Solve issues
- API Documentation - API reference
- Contact - Get support