Reporting
AME Vulnerability Intelligence provides two powerful reporting capabilities:
-
Interactive Overview Dashboard
Real-time, filterable, visual exploration of vulnerability posture, trends, remediation performance, and exceptions.
Located under the main Splunk Reports menu → Vulnerability Intelligence - Overview. -
Automated Scheduled Reports
Customizable, branded HTML/PDF reports delivered via email on a recurring schedule.
Configured per tenant under Vulnerability Intelligence → Reporting.
Use the interactive dashboard for daily operations, investigations, and team discussions.
Use scheduled reports for formal stakeholder communication, compliance evidence, and recurring executive summaries.
Interactive Overview Dashboard
Location: Main Splunk menu → Reports → Vulnerability Intelligence - Overview
This tenant-aware dashboard provides a comprehensive, real-time view of your vulnerability management program.
Select the desired tenant from the dropdown at the top. Global filters (time range, observable group, severity, aggregation type, status…) apply across most panels.
The dashboard is divided into five tabs:
Summary Tab
High-level KPIs and quick posture snapshot — ideal for leadership briefings and daily status checks.
Key panels:
- Open Vulnerabilities by Asset Criticality — donut chart showing distribution across low/medium/high criticality assets
- Open Critical & High Realizations — large number highlighting immediate exposure on high- and critical-severity assets
- Active Exception Rules — count of currently active exclusion/acceptance rules
- Remediation Cadence — current remediation volume compared to the 6-month historical average (with trend arrow and delta)
Posture Tab
Current-state analysis of all open vulnerabilities — the primary view for understanding "where we stand today".
Key visualizations:
- Open Vulnerabilities by Severity — cards with counts for Unknown / Low / Medium / High / Critical
- Open Vulnerabilities by Observable Group — segmented pie charts per department/business unit/PCI zone
- Open Vulnerabilities by Asset Criticality — donut chart emphasizing high-criticality exposure
- Open Vulnerabilities by Observable Group and Severity — stacked bar chart for cross-group severity comparison
Trends Tab
Time-series evolution of vulnerability counts and statuses — perfect for identifying patterns and measuring progress.
Main panel:
- Vulnerability Trends — timechart showing new vs. fixed realizations over time (daily/weekly)
Supports filtering by time range, observable group, severity, and status.
Remediation Tab
Focuses on remediation velocity, effectiveness, and prioritization.
Key metrics & visuals:
- Time to Resolve (TTR) by Severity — median days to remediation per severity bucket
- TTR by Observable Group — line chart tracking median TTR trends per group
- Remediation Cadence — gauge charts comparing current vs. previous period remediation volume
- Remediation Focus — scatter/bubble plot of CVE score vs. asset criticality (high-risk/high-value items stand out)
Exceptions Tab
Full transparency into risk acceptances, exclusions, and governance.
Panels:
- Active Exception Rules — total count of active rules
- Exception Rules State — active vs. inactive breakdown (donut chart)
- Exceptions by Severity and Exception Rule — bar chart showing severity distribution per rule
- Exception Audit History (Last 6 months) — table with timestamp, rule name, action, user, description, and age metrics
Dashboard-wide features:
- Tenant selector
- Global filters (time range, observable group, severity…)
- Export (PNG/CSV), display options, actions, edit mode
- Real-time refresh
Automated Scheduled Reports
Scheduled reports are tenant-specific and configured under Vulnerability Intelligence → Reporting.
They are designed for formal, recurring distribution to stakeholders, compliance teams, and risk committees.
Creating and Configuring a Report
- Navigate to Vulnerability Intelligence → Reporting (tenant context)
- Click Add Vulnerability Report
Base configuration modal:
Key base settings:
- Name, Title, Recipients (emails or Reporting Groups)
- Schedule (cron expression)
- Branding (base64 logo + accent color)
- Filters (status, time field, lookback days)
- Active toggle
After saving, configure the report content by adding sections:
Report Section Types
Four section types are available:
Markdown Content
Free-form text using Markdown.
Purpose: Introductions, executive summaries, contextual explanations, disclaimers.
Configuration: Title + Markdown editor.
Following Elements are supported:
Paragraphs → <p>
Code blocks (fenced \`\`\` or 4-space indented) → <pre><code>; inline code (like this) → <code>
Blockquotes (> ...) → <blockquote>
Emphasis (*em* / _em_) → <em>; strong (**strong** / __strong__) → <strong>
Lists: unordered (- item) → <ul><li>; ordered (1. item) → <ol><li>
Links ([text](url) or reference links) → <a>
Images () → <img>
Page Break
Inserts a forced page break for better printable/PDF output.
Purpose: Clean separation of sections when reports are exported or printed.
Configuration: No additional settings.
Observable Group Summary
Generates a dynamic vulnerability table scoped to selected groups.
Purpose: Core data presentation — detailed vulnerability listings per group.
Configuration:
- Observable Type (Asset/Identity)
- Observable Groups / Reporting Groups
- CVE Fields (cve, title, severity, cvss_score…)
- Observable Fields (hostname, IP, owner…)
- Observable Group Fields (group name, compliance scope…)
- Optional: Use Observable Drilldown (clickable links)
Key Indicators
Displays aggregated KPIs with trend colors.
Purpose: Highlight important metrics (counts, percentages, trends) at a glance.
Configuration:
- Title + Description (Markdown)
- Observable scoping
- Matching condition (filter realizations)
- Multiple indicators (e.g., count of open items, % closed within X days)
- Trend colors (increase/decrease/stable)
Recommendation
A typical high-value report combines:
- Markdown Content (summary/intro)
- Key Indicators (executive KPIs)
- One or more Observable Group Summary sections (detailed tables)
- Page Breaks for clean formatting
Additional Reporting Tools
amevulnintrealizations Command
Analyze daily Realization Engine activity:
| amevulnintrealizations
→ Full reference: amevulnintrealizations Command Reference