In this article:
Design your own Custom Report to tell a specific story to your board, organization leadership, or peers about important cybersecurity issues and how your team is responding to them.
Start building your report
Building a Custom Report involves assembling data widgets that are used our other reports and then filtering the data they contain.
- Go to the Reporting Center and then click Create a Custom Report.
- On the Custom Report landing page, click Add Widget.
- To select a widget, scroll through down the widgets panel that appears, or start typing key words in the search bar. Click Add widget for the one you want.
- Click into the grey space where the widget appears to show the filter panel.
- Select filters to extract the data you want as in the following examples.
Note: The filters in the following screenshots are available in the Most prevalent CVEs widget. Different widgets include different filters. See Use best practices with filters for more information.
- Select the Portfolios you want to report on.
- To select date ranges, click the start and end date fields to bring up a calendar, and then click dates.
- Select vulnerability severity levels...
- ...or select specific vulnerabilities.
- Select the Portfolios you want to report on.
- After setting your filters, click Apply Filters.
Tip: If you do not see any data or the data you want, see Use best practices with filters to help with adjustments. - Add more widgets and apply filters as desired.
- Name the report.
- Click Save.
The report appears in the Reporting Center. Click the report any time to edit it, adding or removing or moving widgets or changing filters.
Note: Remember to save the report again after making any changes.
Change widget appearance
While building or updating your report you can change the size or position of widgets, or delete them. This is especially useful for improving the appearance of a report with multiple widgets, where you might want to visually emphasize certain widgets.
To change a widget's size, click the arrow in the lower-right corner and drag the corner in any direction.
To change a widget's position, click the cluster of grey dots in the upper-left corner and then drag the widget to a new location.
To delete a widget, hover over the three horizontal dots in the upper-right corner and select Delete when it appears.
Create a new report based on a clone
You can clone a report and then modify it to create a new report based on the original.
This is helpful when you want to create multiple variants of a report without having to completely create new custom reports. For example, you may want to report on the most prevalent issues for different Scorecards within the same time period.
To clone a report:
- Click the report in the Reporting Center to open it.
- Click Clone above the filter panel.
- Modify widgets and filters as desired.
Note: Remember to click Apply Filters if you change them.
- Rename the clone and click Save.
The cloned report appears in the Reporting Center.
Understand what widgets provide
We continually provide new widgets and update this table accordingly.
Use this widget... | ...to show... |
CVE Severity |
Percentages of severity levels for all common vulnerability enumerations (CVEs) found in Portfolios |
Invitation Status By Grade | Letter grades for Portfolio partners who accept your invitations to join SecurityScorecard compared to those who decline |
Issues By Resolution Status |
Tallies of new, active, resolved, and decayed issue findings for Scorecards in your Portfolios |
Issues By Severity |
Tallies of issue findings by severity level for Scorecards in your Portfolios |
Issue Types With Biggest Impact on Ransomware Score |
Which issues discovered on domains in your Portfolios make organizations most statistically susceptible to ransomware attacks |
Most Prevalent CVEs |
Most frequently discovered vulnerabilities, by percentage, in your Portfolios |
Most Prevalent Findings Over Time |
Which issue types have had the highest numbers of findings for Scorecards in your Portfolios over a given time frame |
Most Prevalent Issues |
Tallies of most frequently discovered vulnerabilities in your Portfolios |
Ransomware Score | A score reflecting organizations' overall statistical likelihood of ransomware attack, based on issue types flagged on Scorecards that were present in other organizations that have had ransomware eventsNote: The ransomware score is not related to the Scorecard rating and does not directly affect it. However, issue types that affect the ransomware score may also impact the Scorecard score. Learn about the Ransomware Analytics report. |
Score Over Time By Invitation Status |
Score trends for Portfolio partners who accept your invitations to join SecurityScorecard compared to those who decline |
Score Trends |
How scores change over tame for Scorecards in your Portfolios |
Understand how filters work
To help you get the data you want from Customer Reports, be aware of some characteristics of how filters work.
Data must match all filter criteria
All filters in a report have an and relationship, meaning the results must match all the criteria if there is no data that matches all filter criteria, no data appears.
For example, in the Most Prevalent CVEs widget, you can either filter by CVE severity, or you can select specific CVEs. If you attempt to filter by both, your results must match both criteria, resulting either in a very limited dataset or no data.
Widgets may share some filters, and others are unique
As you add each widget to a report, the list of filters may expand with any filters that are unique to that widget. However, filters that are common to all selected widgets only appear once and apply to all widgets.
For example, see a filter comparison for two widgets:
Filter | Most Prevalent CVEs | Most Prevalent Issues |
Portfolios | X | X |
Scorecards | X | |
Start Date |
X | X |
End Date | X | X |
Severity Levels | X | |
Vulnerabilities | X | |
Issue Types | X | |
Resolution Status | X |
CVE filter values are not specific to any Portfolios or Scorecards
The list of CVEs in the CVE filter is a comprehensive list of all CVEs that we detect, independent of any Portfolios or Scorecards you want to report on. In other words, the Portfolios or Scorecards you include in a report does not determine which CVEs appear in that filter.
So, if you select CVEs that are not in your selected Scorecards or Portfolios, no data will appear for those CVEs.
New Portfolios need 24 hours to show data
If you do not see data for a new Portfolio, make sure to allow 24 hours for data to populate after creating that Portfolio.
Data varies at different points in time
If you do not see data, try changing start and end dates to capture different time windows. For example, increasing the time range can increase the likelihood of data appearing.