4. Generating Reports¶
Once your analysis is complete, you can generate a report to share with others. There are four types of reports supported by Cyber Triage®: HTML, JSON, CSV, and Extract Source Files. All of these can be created from the Dashboard.
4.1. HTML Report¶
HTML Reports are useful to share with other groups who want a human readable report. It contains the list of Bad and Suspicious items that were found on the system.
The report provides both a summary and a detailed view. The summary view provides basic information about each item and is organized into two tables: Bad and Suspicious. Selecting any item brings you to the detailed view that contains information such as MD5 hashes and time stamps.
Any comments that you added during the investigation will be shown in the report.
You can generate a PDF report based on the HTML report by using the Print feature in your web browser.
To add your company or agency logo to the report, use the Reporting Options tab within the Options Panel.
4.2. JSON Report¶
The JSON report is useful for importing the results into another system, such as a SIEM. It is a JSON array with each element being a data item that was collected by Cyber Triage®. For example, the first entry could be for a Startup Item or a Program Run entry.
4.3. CSV Report¶
The CSV report contains timeline data. It has one row for each event and this report can then be imported into other timeline tools, such as Excel.
4.4. Extract Source Files¶
The Extract Source Files report option will export all collected source files (registy hives, logs, etc.) to a directory of your choice. They will be saved at the same relative path as they were in the original system. For example, registry hives will be stored in a “windows” folder.