Reports & Dashboards
AME Vulnerability Intelligence offers two complementary reporting approaches:
- Interactive dashboards — real-time, filterable, visual exploration of vulnerability posture, trends, and remediation performance
- Scheduled reports — recurring, exportable PDFs or CSVs for compliance, executive summaries, and formal stakeholder communication
Use interactive dashboards for daily operations, investigations, team syncs, and ad-hoc analysis.
Use scheduled reports for recurring executive briefings, audit evidence, and compliance deliverables.
This page covers the interactive dashboards. For scheduled report configuration, see Report Configuration.
Vulnerability Intelligence Overview Dashboard
Location: Splunk main menu → Reports → Vulnerability Intelligence - Overview
This tenant-aware dashboard provides a comprehensive, real-time view of your vulnerability management program.
- Select the desired tenant from the dropdown at the top (multi-tenant environments only)
- Apply global filters (time range, observable group, severity, status, aggregation period, etc.) that affect most panels
The dashboard contains five tabs:
Summary Tab
High-level KPIs and posture-at-a-glance — designed for leadership briefings and daily stand-ups.
Key panels:
- Open Vulnerabilities by Asset Criticality — donut chart showing distribution across Low / Medium / High criticality assets
- Open Critical & High Realizations — prominent number showing current exposure on critical- and high-severity vulnerabilities
- Active Exception Rules — count of currently active risk acceptances / exclusions
- Remediation Cadence — current remediation volume vs. 6-month historical average (with trend arrow and percentage delta)
Posture Tab
Current-state snapshot of all open vulnerabilities — the main view for understanding “where we stand right now”.
Key visualizations:
- Open Vulnerabilities by Severity — count cards for Unknown / Low / Medium / High / Critical
- Open Vulnerabilities by Observable Group — segmented pie charts broken down by department, business unit, PCI zone, etc.
- Open Vulnerabilities by Asset Criticality — donut chart highlighting exposure on high-criticality assets
- Open Vulnerabilities by Observable Group and Severity — stacked bar chart for cross-group severity comparison
Trends Tab
Time-series analysis showing how vulnerability counts and statuses evolve — ideal for spotting patterns and measuring long-term progress.
Main visualization:
- Vulnerability Trends — timechart displaying new realizations vs. fixed realizations (daily or weekly aggregation)
Fully filterable by time range, observable group, severity, and status.
Remediation Tab
Focuses on remediation speed, effectiveness, and prioritization.
Key metrics & visuals:
- Time to Resolve (TTR) by Severity — median days to remediation per severity level
- TTR by Observable Group — line chart tracking median TTR trends per department / unit
- Remediation Cadence — gauge charts comparing current remediation volume against previous periods
- Remediation Focus — scatter / bubble plot of CVE score vs. asset criticality (quickly identifies high-risk / high-value items)
Exceptions Tab
Complete visibility into risk acceptances, false-positive exclusions, and governance decisions.
Key panels:
- Active Exception Rules — total number of currently active rules
- Exception Rules State — active vs. inactive breakdown (donut chart)
- Exceptions by Severity and Rule — bar chart showing severity distribution per exception rule
- Exception Audit History (Last 6 Months) — table containing timestamp, rule name, action, user, description, and rule age
Dashboard Features (All Tabs)
- Tenant selector (multi-tenant environments)
- Global filters (time range, observable group, severity, status, etc.)
- Real-time auto-refresh
- Export options: PNG (whole dashboard or single panel), CSV (panel data)
- Display mode toggle (light/dark)
- Edit mode (for dashboard customization)
- Panel-level actions (drilldown, inspect, export)
Additional Ad-hoc Reporting
amevulnintrealizations Command
Quickly analyze daily activity from the Realization Engine:
| amevulnintrealizations
→ Full reference: amevulnintrealizations Command Reference