What are the different types of reports available?

Overview

In vPenTest, we try to present as many reports as possible to help our partners dissect the information that's necessary for them to take action. The deliverables that are available depend on the type of assessment you've run. The following list provides information as to what kinds of reports are available for which type of assessment:

Consolidated Report

All reports

Executive Summary / Technical Report

External Network Penetration Test
External Network Security Assessment
Internal Network Penetration Test
Internal Network Security Assessment

Prospecting Report (for MSPs only)

Internal Network Prospecting Test
External Network Prospecting Test

Supporting Evidence

All reports

Below are brief explanations for each report type.

Consolidated Report

The consolidated report is essentially all of the reports combined into one. Rather than downloading separate PDF documents, it may be more useful for your team to review the report in one single consolidated report.

One thing that you should note, however, is that when using the consolidated report, the number of pages can grow significantly due to the vulnerability assessment results.

Executive Summary

The executive summary report is more of a high-level report that talks about the penetration test findings without getting too technical. Using the executive summary, you can find information about the following:

Overall scope of work
Engagement statistics (e.g. number of compromised users, overall severity rating, number of activities, etc.)
Overall number of penetration test and vulnerability assessment findings by severity rating
Summaries of the penetration test findings
A remediation roadmap

Technical Report

The technical report contains a significant amount of more details than the executive summary. The technical report is broken up into the following components:

Penetration Test Narrative: Details about each step of the penetration test, from start to finish.
MITRE ATT&CK: A list of cross-referenced MITRE TTPs that were executed as part of the penetration test.
Findings: A break down of each finding, including their description, recommendations, references, supporting evidence, etc.
Activity Log: A detailed breakdown of each single activity performed on the penetration test, organized by time stamp.

Prospecting Report

This report evaluates an organization’s network security using our pentest methodology. It includes a Pentest Evaluation Summary report with pentest findings listed by criticality, their business impact, and remediation steps. It is not a full penetration test and cannot be used to meet compliance or cyber insurance requirements.

Supporting Evidence

We try to include as much supporting evidence as possible along with all the assessments that we deliver. This includes vulnerability output files, any outputs from all the tools that we've discovered, and more. This is significantly helpful for teams that are interested in diving deeper into the results to understand how we were able to discover some of the findings that we identified.

For more information on the deliverable formats, please visit these article: What formats are the deliverables in?

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!