Security Operations
Centre (SOC)

This report presents a combined view of risk across the IT infrastructure based upon a number of unique scans performed including, Network, Security, Cloud, Microsoft Exchange, and Microsoft SQL Server scans. It also incorporates charts and graphs from the separate focused Risk Reports. This report is great for initial presentation of overall risks, especially to non-technical stakeholders.

Best Uses : Overall presentation of all identified risks; Executive level deliverable

This report presents an intuitive computer-by-computer view including a grade for overall security health as well as individual grades, including assessment of antivirus, local firewalls, critical patches, and OS support. Use it to get a quick “read” on problem machines.

Best Uses : Report card on computer security; graphical depiction of security posture.

The Cyber Attack Risk Assessment process involves running a security analyzer on a sample number of computers. It then simulates the behavior of malware to assess the security posture of individual computers. This report presents the results of the scan in an executive level presentation used to quickly communicate the security posture of an environment. The process is quick and easy to implement since it runs in a self-serve mode that only requires the sample users to click a link to begin the assessment. It is the most efficient process for assessing and discovering issues in an unknown environment.

Best Uses : Rapid assessment of security posture; assessment of an unknown environment

One pager summarizing criticality of issues in various categories, including network, hardware, software, security, passwords, SQL Server, Microsoft Cloud, Microsoft Teams, and Microsoft Exchange. Also includes the overall Issue Score and potential data breach liability (from personal data scan).

Best Uses : Stakeholder presentation of overall infrastructure risk.

This one pager combines data from Dark Web ID with password change information showing compromised credentials along with remediated risks where passwords have been changed since detected compromises.

Best Uses : Stakeholder presentation of past compromised credentials and analysis of which compromised credentials may still be at risk.

One page presentation of computers with out-of-date malware definitions. Contains references to actual systems in the environment.

Best Uses : Stakeholder presentation of risk of out-of-date malware definitions.

One page infographic showing violation of common best practices for password policies from a sample set of computers in the environment.

Best Uses : Stakeholder presentation of password policies risks; Password policy hardening project justification.

This Risk Report is similar to other Risk Reports such as network, and security except it covers Azure AD and the key Microsoft 365 (formerly Office 365) services. It includes an overall Risk Score, an overall Issues Score, as well as a summary list of issues discovered. The issues come from both the Microsoft controls and other best practices. This Risk Report identifies specific risks that are due to misconfigurations, as well as risks created from turning on or off specific running components.

Best Uses : High level presentation of risks in the Microsoft Cloud and Azure environments for Stakeholders.

The Azure AD Assessment goes through the entire Azure Active Directory environment and documents all organizations, domains, and configuration. This report provides details on the users, devices, cloud applications, contacts, distribution list, proxy addresses, Microsoft service plans and SKUs being used, groups, users, permissions, devices, and more. The report is organized by section with a table of contents to help you locate the specific findings of interest, and problem areas are conveniently highlighted in red, making it easy to spot individual problems to be rectified.

Best Uses : Cloud Assessment, Technical Documentation, Azure AD/Microsoft Entra ID cleanup.

The Outlook Mail Activity Report provides high-level trending on Outlook usage. Trends are broken down by emails sent and received as well as by identifying power users (most active senders and receivers).

Best Uses : Ongoing review of Outlook usage; Power user identification; Identification of defunct/unused mailboxes.

The Microsoft Teams Assessment provides both a summary view listing all Teams, as well as detailed information on individual Teams, including owners, members, channels, tabs, and settings.

Best Uses : Ongoing review of Team use and proliferation; Microsoft Teams cleanup; Insecure and misconfiguration detection.

The Amazon Assessment Change Report mirrors the Amazon Web Services Assessment but focuses on changes. Adds, changes, and deletes are noted by AWS service and configuration.

Best Uses : Ongoing review of AWS services and configuration changes; Change management and documentation.

This report presents risks identified in the network in a single Management Plan. Identified issues are sorted from highest to lowest, providing a prioritized list of issues to remediate. Details on affected devices and users are included allowing remediation. When compared to prior scans, remediated issues are shown with strikethroughs, allowing communication of remediation efforts.

Best Uses : Remediation planning; provided to technicians for remediation; demonstration of remediation efforts.

Use our quick and simple one-button Power Point generation to create a presentation of important network results and findings. Slides also include the Risk and Issue score, specific recommendations, and next steps. Apply any Office theme to the presentation.

Best Uses : Presentation to stakeholders.

This report provides detailed information on each of the individual assets discovered by Network Detective Pro. Details include settings and configurations for individual workstations and servers, including details on Windows, Mac, and Linux devices, as well as printers and network devices.

Best Uses : Technical documentation, Asset review.

This report compares the findings and trends from one assessment to another. While the suggested period is quarterly, other time-frames are also available for comparison (weekly, semi-annually, annually). The report includes key metrics, documentation of changes in assets, addressed issues, current issues, as well as the IT SWOT analysis. A “notes” section is left as a placeholder for proposing an action plan.

Best Uses : Quarterly review with stakeholders, trend and remediation reporting

This report identifies the Windows Services and the computers they are running on attached to both Domain and non-Domain accounts. A common misconfiguration is employing user accounts to run critical Windows Services. When these accounts are disabled or removed, the attached services cease to function. This report identifies account dependencies by Windows Services.

Best Uses : Documentation, risk mitigation, dependency identification.

10-megapixel PNG image of the complete Layer 2/3 diagram. The image can be used for documentation, displayed, or incorporated into other documents.

Best Uses : Documentation

This report shows the results of a BDR needs analysis, an automated evaluation that quickly scopes out the on-premises back-up requirements for any existing or prospective environment. In addition to the standard needs analysis, this report also includes the recommended Datto or Unitrends appliance based on the recommended and minimum storage needs

Best Uses : Backup solution requirements identification, presentation to stakeholders, proposals

This Security Risk Report is similar to other Risk Reports such as the Network Risk Report except that it focuses on security related issues. It includes an overall Risk Score, an overall Issues Score, as well as a summary list of issues discovered. This Risk Report identifies specific risks that are due to misconfigurations and violations of best practices.

Best Uses : High level presentation of security risks in local networks for Stakeholders.

Use our quick and simple one-button Power Point generation to create a presentation containing the results of the Security Assessment. Slides provide general information, the Risk and Issue score, along with specific issue recommendations and next steps. Apply any Office theme to the presentation.

Best Uses : Presentation to stakeholders

An often-missed area of network security relates to protection against egress (data leaving the internal network). This report looks for violations of best practices related to blocking system protocols, insecure protocols, and content filtering related to outbound connections.

Best Uses : Identification of outbound risk allowing for remediation and presentation to stakeholders of outbound risks.

This report is organized by computer and shows all network shares on the computer and shows network and file permissions by user groups. The report is beneficial during security reviews to ensure minimal access rights and to identify misconfigured share permissions.

Best Uses : Identification of misconfigured shares, forensic investigation, documentation.

This report uses the latest in data science to identify suspicious logins using various dimensions. Whether it is identification of users logging into computers they normally don’t log into, or suspicious logins based on normal user behaviour patterns, this report helps prioritise investigations of suspicious logins and can be incorporated as part of a security review process.

This report shows all failed logins by computer within the past 1, 7, and 30 days. It can be used to identify malicious and suspicious behaviour or automated processes where credentials are no longer valid.

Best Uses : Security review, system administration.​

This report is organized by computer and shows all users who access resources on the computer. Logins are organized by interactive (at the keyboard), remote interactive (through remote desktop, remote assistance, or terminal service protocols), and network (through access network shared system resources, such as a shared folder). This report is especially useful in identifying users who rely on a particular system and is used for risk identification, migrations, and other system life cycle activities.

Best Uses : Identification of users for critical resources, association of user to computer resources.

This report provides a priority ordered listing of issues by CVSS that allows technicians to prioritize the issues they are working on. It provides an extremely compact view of detected external networking vulnerabilities. The report is used with the limited external vulnerability scan in Network Detective or used to output results from VulScan’s external vulnerability scans.

Best Uses : Vulnerability Management, remediation planning, presentation to stakeholders.

A more compact version of the External Vulnerability Scan Detail report organized by issues. Devices affected are listed within an issue. For remediation, this report is used when remediating issues on an issue-by-issue basis. This report is useful for technicians that are looking to resolve issues, rather than performing remediation on a particular system.

Best Uses : Vulnerability Management, remediation planning.

This report presents Microsoft Exchange server risks identified in the local on-premise Exchange server or in the Microsoft 365 cloud in a single Management Plan. Identified issues are sorted from highest to lowest, providing a prioritized list of issues to remediate. Details on affected devices and users are included allowing remediation. When compared to prior scans, remediated issues are shown with strikethroughs, allowing communication of remediation efforts.

Best Uses : Remediation planning; provided to technicians for remediation; demonstration of remediation efforts.

Use our quick and simple one-button Power Point generation to create a presentation containing the results of the Exchange Assessment. Slides provide general information, the Risk and Issue score, along with specific issue recommendations and next steps. Apply any Office theme to the presentation.

Best Uses : Presentation to stakeholders.

This report is organized by user and identifies the mobile devices that have connected to the Exchange Server, whether on-premise or in the cloud. It lists the mobile devices along with the last time they synced to the Exchange Server and what mobile policy is applied. The report is used in MDM deployment projects as well as provide a convenient means for review of mobile device usage and policy review.

Best Uses : Mobile policy review and assurance, MDM deployment projects, documentation.

This report shows which users have access to the shared mailboxes. It details all users and groups that can access shared mailboxes along with their access rights and permission inheritance rules. The report is used for access rights review and to assure users and groups that are not meant to have access to shared mailboxes are properly restricted.

Best Uses : Share mailbox access rights review.

This report details the settings and health of the SQL Server as a whole. It looks at settings, configuration, performance, and backup. Detailes by individual databases can be found in the Database Detail report.

Best Uses : Recurring SQL Server health review, Documentation

This report details the settings and health of individual databases that reside on the scanned SQL Server. It lists the database properties, potentially missing indexes, locks, statistics, fragmentation, and existing indexes. This report helps identify opportunities to improve performance and anticipate issues based on trends.

Best Uses : Recurring SQL Server health review, Documentation.

This report details all maintenance plans and their sub-plans. Maintenance plans perform routine tasks on your SQL Server. Not all maintenance plans are active and in-use, and you can use the report to document what is in place, when it was last run, and if it was run successfully. This report is useful for reviewing established plans, detecting errors, and evaluating the need for additional automation.

Best Uses : Recurring SQL Server health review, Documentation.

This report presents a combined view of issues impacting the IT infrastructure based upon scans performed including Network, Security, Cloud, Microsoft Exchange, and Microsoft SQL Server scans. Identified issues are scored and then sorted from highest to lowest to prioritize remediation depending on severity and potential impact to the network. Detailed information on affected devices and users is also included to help with remediation. When compared to prior scans, remediated issues are shown with strikethroughs to show that they are no longer a threat. This also provides confirmation and communication of resolution to other IT stakeholders.

Best Uses : Triage and remediation planning; provided to technicians for remediation; demonstration of remediation efforts.

This highly graphical report shows changes and trends over time with a strong focus on security posture and issue remediation, enabling clear communication of remediation efforts and trends to stakeholders.

Best Uses : Monthly/quarterly reporting; trend reporting

This report presents the Microsoft Secure Score and Control Score issues in a consolidated high-level view, including score trends over time with comparison to scores from similar environments. It also includes the most recent security alerts detected in the Microsoft Cloud.

Best Uses : Presentation to stakeholders, trend reporting.

Utilizing data from Compliance Manager GRC, this one pager graphically depicts compliance with selected compliance regulations and security frameworks.

Best Uses : Stakeholder presentation of current compliance posture.

One pager presentation of the results from personal data and PII scans.

Best Uses : Stakeholder presentation of risks of a data breach.

Single page infographic on risks of out-of-date operating system. Contains references to actual systems in the environment.

Best Uses : Stakeholder presentation of risks of out-of-date operating system; Operating system refresh project justification.

Graphical representation of server and workstation aging depicting potential high-risk computers based on age.

Best Uses : Stakeholder presentation of server and workstation aging risks; Server/workstation refresh project justification.

Presents results from VulScan vulnerability scans in a single page infographic.

Best Uses : Stakeholder presentation of vulnerabilities based on CVSS score and other findings.

The Management Plan takes issues identified in the Risk Report, organizes them by severity, and includes specific recommendations on how to remediate them. The report includes risks related to Microsoft Secure and Control Score as well as from multiple Microsoft 365 services, including SharePoint, OneDrive, Teams, and Azure AD.

Best Uses : Remediation planning; provided to technicians for remediation; demonstration of remediation efforts.

The Configuration Change Report shows recent configuration changes in Microsoft Cloud and cloud applications. This report gives you the ability to look at a group of changes together, as well as see how all the properties have changed for a specific time period. This is useful for change management and for capturing and documenting changes in the event you need to roll back those changes in the user interface.

Best Uses : Ongoing review of configuration changes; Change documentation

The OneDrive Usage Report provides high-level trending on OneDrive usage. Trends are broken down by total files, active file, and storage use.

Best Uses : Ongoing review of One Drive usage; One Drive storage needs projection; Usage spike identification.

The SharePoint Assessment documents the SharePoint collections, sites and usage in the Microsoft Cloud environment.

Best Uses : Ongoing review of SharePoint site proliferation; SharePoint cleanup

The Amazon Web Services Assessment documents enabled services and detailed configuration information from various AWS services, including IAM, VPC, EC2, RDS and S3.

Best Uses : Technical Documentation; AWS configuration and service use review.

"This Risk Report is similar to other Risk Reports such as network and security, except it covers on-premise Active Directory and results from the local area network scan. It includes an overall Risk Score, an overall Issues Score, as well as a summary list of issues discovered. This Risk Report identifies specific risks that are due to misconfigurations and violations of best practices.

Best Uses : High level presentation of risks in local networks and Active Directory for Stakeholders"

The Full Detail Report provides a complete assessment and documentation of Active Directory and Workgroup environments. Every aspect of the network from servers, workstations, users, groups, printers, network shares, applications, patching, to Internet access and speed test are documented in this detailed report.

Best Use For MSP : Selling Network Assessment; Offer “free” network assessment as part of an outbound marketing program.

Best Uses : Network assessment, Technical documentation.

The Full Detail Change Report mirrors the Full Detail Report but instead focuses on changes to the environment. Adds, changes, and deletes are noted per item.

Best Uses : Ongoing review of network and configuration changes; Change management and documentation

Present your findings in an IT SWOT (Strength, Weakness, Opportunity, Threat) Analysis. By using the SWOT feature of our InForm questionnaire, findings can be categorized as strengths, weaknesses, opportunities, or threats. Key findings can also be noted. This report provides an intuitive visual way to present various findings of an assessment.

Best Uses : Stakeholder presentation of overall findings

This report shows missing patches on computers in the network. The report assures the effectiveness of a patch management program or can be used operationally to identify systems that need to be patched.

Best Uses : Patch assurance, patch management.

Layer 2/3 is collected during the network scan and documents network devices connections uses SNMP and other protocols. It collects both connection at Layer 3 (Network) and Layer 2 (Data Link) and allow creation of a diagram showing the interconnections between devices.

This report shows the results of a BDR needs analysis, an automated evaluation that quickly scopes out the on-premises back-up requirements for any existing or prospective environment. The report includes a recovery time calculator, and summary information on servers and workstations.

Best Uses : Backup solution requirements identification, presentation to stakeholders, proposals.

PowerPoint presentation : Use our quick and simple one-button Power Point generation to create a presentation containing the results of the Datto BDCDR or Unitrends BDR Needs Assessment, including appliance recommendations. Apply any Office theme to the presentation.

Best Uses : Presentation to stakeholders, proposals.

This report presents security risks identified in the network in a single Management Plan. Identified issues are sorted from highest to lowest, providing a prioritized list of issues to remediate. Details on affected devices and users are included allowing remediation. When compared to prior scans, remediated issues are shown with strikethroughs, allowing communication of remediation efforts.

Best Uses : Remediation planning; provided to technicians for remediation; demonstration of remediation efforts.

This report presents the results of deep file scans, which scan user and server files looking for instances of personal identifiable information (PII) and cardholder data throughout a computer network. This PII is often the target of hackers and malicious insiders. The report also calculates the potential monetary liability and exposure based upon industry published research.

Best Uses : Presentation to stakeholder of quantifiable risk, identification of sources of PII and cardholder data to allow remediation.

This report, organized by user, shows all network shares the user has access to, including the computer on which the share is hosted and access level (i.e., full versus read-only). The report is beneficial during security reviews to ensure minimal access rights and to identify misconfigured share permissions.

Best Uses : Identification of misconfigured shares, forensic investigation, documentation.

This report compares the local security policy settings of the sampled systems during a security assessment. It helps safeguard that policies are properly configured and consistent. The report provides details on variations of policies in the network and is grouped into large policy categories, including account, password, audit, user rights, and security options.

Best Uses : Local security policy review, documentation.

This report is organized by user and identifies which computers the user has logged into in the past 24 hours, 7 days, and 30 days. Logins are organized by interactive (at the keyboard), remote interactive (through remote desktop, remote assistance, or terminal service protocols), and network (through access network shared system resources, such as a shared folder).

Best Uses : Security review, forensics.

This report analyzes the various Resultant Sets of Policy (RSOP) based on user settings on computers in the environment and helps point out commonalities in the sets and which users / computer combinations have the configurations applied. The report is useful for identifying potential misconfigurations and configuration deviations.

Best Uses : Identification of local security policy deviations from GPO settings, documentation

This report provides detailed vulnerability descriptions, including CVSS scores and remediations, by external IP address. The report is used with the limited external vulnerability scan in Network Detective or used to output results from VulScan’s external vulnerability scans. This report provides a priority ordered listing of issues by CVSS that allows technicians to prioritize the issues they are working on. It also provides an extremely compact view of detected external networking vulnerabilities. For remediation purposes, this report is used when fixing issues on a computer-by-computer basis. The report is used with the limited external vulnerability scan in Network Detective or used to output results from VulScan’s external vulnerability scans.

Best Uses : Vulnerability Management, remediation planning.

This Risk Report is similar to other Risk Reports in Network Detective, except it covers Microsoft Exchange and hosted Microsoft 365 Exchange oriented risks. It includes an overall Risk Score, an overall Issues Score, as well as a summary list of issues discovered. This Risk Report identifies specific risks that are due to misconfigurations and violations of best practices.

Best Uses : High level presentation of risks in local networks and Active Directory for Stakeholders

This report presents details on each identified mailbox during the Microsoft Exchange scan against on-premise Exchange Servers and Microsoft 365 cloud environments. It includes detailed documentation of mailbox properties, user properties, mailbox statistics, Client Access Server settings, as well as listing mailbox folders and utilization. This report is used prior and after migration to ensure configurations are consistent. It can also be used in the event of a disaster to document and ensure mailbox settings are properly configured

Best Uses : Migration, disaster recovery, documentation.

Most organizations routinely create email distribution groups - both for internal communications and for routing incoming emails to multiple individuals at the same time. This report identifies and lists all distribution groups as well as which end-users or other groups are to receive any emails. The report provides a convenient way to review distribution lists on a regular basis, ensuring proper membership. It is also used during migrations to ensure lists are documented pre-migration and compared post migration.

Best Uses : Distribution list maintenance, migration, disaster recovery, documentation.

This report shows usage of mailbox storage versus quota by user, highlighting the top 25 power users. It also contains mailbox retention policy configuration and Outlook Web Access (OWA) usage. The report is useful for identifying users or unmonitored mailboxes that may be approaching capacity, which would prevent successful mail delivery

Best Uses : Mailbox use review, Retention policy review.

This report is similar to the Shared Mailbox Permission report but is organized by users and groups. It details which shared mailboxes the user or group has access to along with their access rights and permission inheritance rules. This report is used for auditing if a group or user should have access to the listed mailboxes.

Best Uses : Share mailbox access rights review.

This report assesses the health of the SQL Server using three major categories. These include settings, file, and resources. Setting health looks for configuration issues that may go against prescribed best practices. File health looks at how the database interacts with the file system, looking for adequate space and compares the current configuration versus best practices. Resource health looks to ensure adequate resources are available to operate the SQL Server optimally and looks for indicators pointing to performance issues. Resource health comprises of three sub-categories – wait health, task health, and memory health. Wait health deals with issues with database processing waits and delays. Task health validates that scheduled tasks and jobs are working optimally. Memory health looks to ensure adequate memory is available to run the SQL Server properly.

Best Uses : Recurring SQL Server health review, Presentation to stakeholders.

This report details SQL Server Agent Jobs used for automation and maintenance. As a part of periodic SQL Server health reviews, the agent job history should be reviewed. Errors are highlighted in RED allowing for quick review and identification of issues. The report also documents the steps and schedules in each agent job.

Best Uses : Recurring SQL Server health review, Documentation.