Custom Reports

Create tailored security reports with custom metrics, filters, and visualizations for your specific needs.

Custom Report Types

CastellanAI supports multiple report types to meet diverse reporting needs:

Report Type	Description	Best For
Trend Analysis	Track security metrics over time: event volumes, threat types, agent health trends	Executive summaries, monthly reviews
Incident Summary	Detailed breakdown of security incidents, remediation actions, and outcomes	Post-incident reviews, audit trails
Compliance Status	Control effectiveness, gap analysis, and compliance posture assessment	Auditors, compliance officers
Performance Metrics	MTTD, MTTR, SLA compliance, and team response effectiveness	SOC managers, team leads

Creating a Custom Report

Step 1: Navigate to Report Builder

Access the custom report builder from the Reports section.

Navigation Path: Reports → Custom Reports → Create New Report

Step 2: Choose Report Template

Start with a pre-built template or create from scratch:

Blank Report - Start from scratch
Executive Summary Template - High-level metrics for leadership
SOC Performance Template - Team KPIs and response metrics
Incident Review Template - Post-incident documentation

Step 3: Select Data Sources

Choose which security data to include in your report:

Security Events
Threat Intelligence Data
User Activity Logs
Agent Health Metrics
Compliance Status

Step 4: Apply Filters and Date Range

Refine the data scope for your report:

Filter	Options
Date Range	Last 7/30/90 days, custom range
Severity Levels	Critical, High, Medium, Low
Agent Filter	All agents or specific agents

Step 5: Add Visualizations

Include charts and graphs to visualize security trends:

Line Chart - Trends over time
Bar Chart - Comparative analysis
Pie Chart - Distribution breakdowns
Heat Map - Activity patterns

Step 6: Configure Output Settings

Set report name, format, and delivery options:

Report Name - Descriptive title (e.g., "Monthly Security Summary - January 2025")
Output Format - PDF, Excel, or HTML

Scheduling Automated Reports

Set up recurring report generation and delivery:

Schedule Frequency

Choose how often reports should be generated automatically:

Daily
Weekly
Monthly
Quarterly

Delivery Method

Configure how and where reports should be delivered:

Email to recipients - Send to specified email addresses
Save to dashboard - Store in portal for on-demand access
Upload to cloud storage - AWS S3, Azure Blob Storage

Execution Time

Configure when reports should run:

Select day of week (for weekly reports)
Select time of day (default: 6:00 AM)
Select timezone (local or UTC)

Pre-Built Report Templates

Start quickly with these ready-to-use templates:

Executive Security Summary

High-level overview: critical events, trends, security posture score, and key recommendations.

Includes: Security metrics, trend analysis, action items

SOC Performance Dashboard

Team performance metrics: MTTD, MTTR, SLA compliance, incident breakdown by severity.

Includes: Performance KPIs, team metrics, SLA tracking

Threat Intelligence Report

Threat landscape analysis: IOCs detected, threat actor TTPs, vulnerability trends.

Includes: IOC analysis, MITRE ATT&CK mapping, recommendations

Incident Post-Mortem

Detailed incident review: timeline, root cause, impact analysis, lessons learned.

Includes: Incident timeline, root cause analysis, remediation steps

Custom Report Best Practices

Start with Templates - Use pre-built templates as a foundation, then customize to your specific requirements.
Focus on Actionable Insights - Include context, trends, and recommendations - not just raw data. Tell a story.
Use Visualizations Effectively - Choose the right chart type: trends = line charts, comparisons = bar charts, distribution = pie charts.
Tailor to Your Audience - Executives need summaries, analysts need details. Create audience-specific versions.
Schedule Regular Delivery - Automate recurring reports to maintain consistent communication and visibility.
Version and Archive Reports - Maintain historical reports for trend analysis and audit trails.

What's Next?

Exporting Data - Learn how to export security data in multiple formats
Compliance Frameworks - Generate compliance reports for SOC 2, HIPAA, PCI DSS, and more

Custom Report Types​

Creating a Custom Report​

Step 1: Navigate to Report Builder​

Step 2: Choose Report Template​

Step 3: Select Data Sources​

Step 4: Apply Filters and Date Range​

Step 5: Add Visualizations​

Step 6: Configure Output Settings​

Scheduling Automated Reports​

Schedule Frequency​

Delivery Method​

Execution Time​

Pre-Built Report Templates​

Executive Security Summary​

SOC Performance Dashboard​

Threat Intelligence Report​

Incident Post-Mortem​

Custom Report Best Practices​

What's Next?​