Skip to content

Exporting and Sharing Reports

BreachSpider reports can be exported in multiple formats and shared with internal teams, external auditors, vendors, and management. This guide covers all export and sharing options.

Export Formats

HTML (In-Browser)

Every generated report is available as an HTML view directly in BreachSpider:

  1. Navigate to Reports.
  2. Click a completed report.
  3. The report opens in a new browser tab with full formatting, active links, and interactive elements.

HTML reports are best for internal review where the reader has a browser and internet access. Links to CVE detail pages, SAGE analysis, and other BreachSpider resources are clickable.

PDF Download

Click the Download PDF button on any completed report to download a static PDF file.

PDF characteristics:

  • CITED Relevance LLC branded letterhead.
  • Professional layout with headers, page numbers, and table of contents.
  • Static -- no active links, but URLs are printed as text.
  • Suitable for email attachment, printing, and archival.
  • Contains a generation timestamp and the actor who requested the report.

PDF reports are the standard format for:

  • Auditor submissions (NERC CIP, IEC 62443, SOC 2).
  • Board presentations.
  • Client deliverables (MSSP).
  • Insurance documentation.
  • Regulatory filings.

CSV Export (Findings Data)

For reports that contain finding data (Environment Risk Report), you can export the raw finding data as CSV:

curl -H "Authorization: Bearer bs_live_..." \
  "https://breachspider.com/api/v1/reports/42/csv"

The CSV contains one row per finding with all scoring data, asset information, and acknowledgment status. Use this for importing into spreadsheets, databases, or other analysis tools.

Sharing Reports

Internal Sharing

Share a report with team members who have BreachSpider accounts:

  • Send them the direct link to the report in BreachSpider. They can view it if they have access to the relevant environment.
  • Download the PDF and share via email, Teams, or Slack.

External Sharing

For recipients without BreachSpider accounts:

  1. Download the PDF.
  2. Share via email or your preferred secure file transfer method.

Reports contain sensitive vulnerability information about your environment. Share only through secure channels and only with authorized recipients.

Auditor Submissions

For NERC CIP, IEC 62443, or SOC 2 audits:

  1. Generate the appropriate report type for the compliance period.
  2. Download the PDF.
  3. Review the content for accuracy and completeness.
  4. For NERC CIP: have your authorized representative sign the signature page.
  5. Submit to your auditor via their preferred submission method.

Report Scheduling

Professional tier and above supports scheduled report generation:

Navigate to Reports > Schedule.

Configure a schedule:

  • Report type: Executive Summary, Environment Risk, or NERC CIP Evidence Package.
  • Environments: Which environments to include.
  • Frequency: Weekly, Monthly, or Quarterly.
  • Day of week/month: When the report should generate (e.g., first Monday, last day of month).
  • Recipients: Email addresses to receive the completed report automatically.

When the schedule fires, the report is generated and the PDF is emailed to the specified recipients. The report is also available in the Reports section for in-app viewing.

See Scheduled Reports for detailed setup instructions.

Report Retention

Generated reports are retained in BreachSpider for the duration of your subscription:

Tier Report Retention
Professional 90 days
API 90 days
Enterprise 1 year

After the retention period, reports are automatically deleted. Download and archive important reports before they expire. The audit log entry for REPORT_GENERATED persists according to audit log retention policies regardless of report retention.