Reporting
RhythmX provides built-in report generation to export investigation findings for documentation, escalation, or compliance purposes.
Generating a Report
From any Security Timeline Analysis view, click the Generate Report button in the top-right toolbar. A dropdown menu allows you to select the time range for the report:
| Time Range | Use Case |
|---|---|
| Last 7 Days | Recent activity review, weekly status updates |
| Last 14 Days | Bi-weekly threat summaries |
| Last 30 Days | Monthly security reports, compliance reviews |
| Last 60 Days | Extended investigation timelines |
| Last 90 Days | Quarterly assessments, audit documentation |
| Custom Date Range | Targeted investigation periods, incident-specific reporting |
Report Contents
Each generated report compiles all relevant data for the selected entity and time range:
| Section | What It Includes |
|---|---|
| Entity Summary | The investigated entity (user or system), severity breakdown, and total event count |
| Detection Timeline | All Sigma rule detections ordered chronologically with severity levels |
| MITRE ATT&CK Mapping | Tactics and techniques observed during the reporting period |
| ML Anomaly Analysis | Alerts flagged by the ML engine as anomalous behavior |
| Event Details | Individual alert occurrences with timestamps, users, systems, and classification |
When to Generate Reports
| Scenario | Recommended Action |
|---|---|
| Escalating to management | Generate a 30-day report to show the full scope of activity |
| Creating a case | Generate a 7-day report focused on the active incident window |
| Compliance audit | Generate a 90-day or custom date range report for the audit period |
| Handoff to another analyst | Generate a report covering the investigation period so the next analyst has full context |
| Post-incident review | Use a custom date range matching the incident timeline for root cause analysis |