Reporting
RhythmX provides built-in report generation to export investigation findings for documentation, escalation, or compliance purposes.
Generating a Report
From any Security Timeline Analysis view, click the Generate Report button in the top-right toolbar. A dropdown menu allows you to select the time range for the report:
| Time Range | Use Case |
|---|---|
| Last 7 Days | Recent activity review, weekly status updates |
| Last 14 Days | Bi-weekly threat summaries |
| Last 30 Days | Monthly security reports, compliance reviews |
| Last 60 Days | Extended investigation timelines |
| Last 90 Days | Quarterly assessments, audit documentation |
| Custom Date Range | Targeted investigation periods, incident-specific reporting |
Report Contents
Each generated report compiles all relevant data for the selected entity and time range:
| Section | What It Includes |
|---|---|
| Entity Summary | The investigated entity (user or system), severity breakdown, and total event count |
| Detection Timeline | All RhythmX rule detections ordered chronologically with severity levels |
| MITRE ATT&CK Mapping | Tactics and techniques observed during the reporting period |
| ML Anomaly Analysis | Alerts flagged by the ML engine as anomalous behavior |
| Event Details | Individual alert occurrences with timestamps, users, systems, and classification |
When to Generate Reports
| Scenario | Recommended Action |
|---|---|
| Escalating to management | Generate a 30-day report to show the full scope of activity |
| Creating a case | Generate a 7-day report focused on the active incident window |
| Compliance audit | Generate a 90-day or custom date range report for the audit period |
| Handoff to another analyst | Generate a report covering the investigation period so the next analyst has full context |
| Post-incident review | Use a custom date range matching the incident timeline for root cause analysis |
Additional Report Surfaces
Reports can be generated from multiple locations across the platform:
MSSP Dashboard Reports
The MSSP Dashboard provides two report types via the Generate Reports dropdown:
| Report Type | Options | Description |
|---|---|---|
| Executive Summary | 7 / 14 / 30 days | High-level overview for management — key metrics, risk trends, and recommendations |
| Detailed Report | 7 / 14 / 30 days | Comprehensive technical report with full alert details, MITRE mappings, and case analysis |
Reports can be scoped to a specific entity or generated across all entities.
Case Management Reports
From the Case Management view, generate case-specific reports that include:
- Case details and severity
- Correlated alert timeline
- MITRE ATT&CK mapping
- AI triage analysis (if enabled)
RhythmX Investigator Reports
From the Investigator module, generate investigation reports covering:
- Entity investigation summary
- Detection timeline with ML annotations
- MITRE ATT&CK coverage for the investigation period
ES Analytics Scheduled Reports
The Analytics Center supports scheduled report generation for recurring analytics queries. Configure a query, set the schedule, and reports are generated automatically and available for download.
Report Format
All reports are generated as PDF documents with professional formatting, charts, and executive summaries suitable for management review and compliance documentation.