Reports & Compliance

BleedWatch generates security reports for executive briefings, compliance audits, and ongoing monitoring. Download PDF reports, export findings data, build custom report templates, and generate compliance evidence packs for SOC 2, ISO 27001, and PCI DSS.

Report Types

Type	Purpose	Format
Executive Summary	High-level security posture overview for leadership	PDF
Monthly Report	Month-over-month trend analysis	PDF
Quarterly Report	Quarterly security review	PDF
On-Demand Report	Ad-hoc report generated on request	PDF
Compliance Evidence Pack	Audit-ready documentation bundle	ZIP (multiple PDFs)

Executive Summary

The Executive Summary provides a snapshot of your security posture designed for CISOs and leadership teams. Access it from Reports → Executive Summary.

Key Metrics

Metric	Description
Risk Score	Overall score from 0–100 with trend delta from previous period (color-coded: green = improving, red = declining)
MTTD	Mean Time to Detect — average time between a secret being exposed and BleedWatch finding it
MTTR	Mean Time to Remediate — average time between detection and resolution
FP Rate	False positive rate — percentage of findings marked as false positives

Sections Included

Findings Summary — Breakdown by severity (critical, high, medium, low)
Validity Summary — Active vs. invalid vs. unchecked findings
Top Exposures — Most significant findings ranked by secret type, source, and exposure duration
Remediation Status — This period vs. previous, with average remediation time in hours
Coverage — Total assets monitored, assets scanned, asset types, and last scan timestamp

The Executive Summary supports both monthly and quarterly period views. Toggle the period from the report header.

Generating Reports

On-Demand Generation

Navigate to Reports and click Generate Report
Select the report type and date range
Click Generate

Reports are queued and processed in the background. You'll receive an email notification when the report is ready for download.

Downloading Reports

Click the Download button on any completed report to get the PDF. Reports are retained and available for download from the Reports list.

Compliance Evidence Packs

For organizations undergoing compliance audits, BleedWatch generates comprehensive evidence packs as a single ZIP download.

Supported Frameworks

Framework	Coverage
SOC 2	Continuous monitoring evidence, finding remediation timelines, alert configuration proof
ISO 27001	Asset inventory, vulnerability management records, incident response evidence
PCI DSS	Script integrity (Req 6.4), vulnerability scanning records, remediation evidence

What's Included

Each compliance pack contains six PDF documents:

Executive Summary — Overall security posture and risk score
Scan Coverage — Proof of continuous monitoring across all asset types
Findings Remediation — Complete finding lifecycle from detection to resolution
Alert Configuration — Evidence that alerting is configured and active
Continuous Monitoring — Scan frequency and asset coverage over the reporting period
MTTR/MTTD Metrics — Detection and remediation performance metrics

Generating a Compliance Pack

Navigate to Reports → Compliance
Select the framework (SOC 2, ISO 27001, or PCI DSS)
Select the reporting period (e.g., "Q1-2026")
Click Generate Pack

The ZIP file is prepared in the background and available for download once complete.

Audit Preparation

Generate compliance packs before your audit window opens. The evidence is timestamped and period-specific — generating it in advance ensures your auditors receive consistent data covering the exact review period.

Data Export

Export raw findings data for custom analysis or SIEM ingestion:

Format	Details
CSV	Spreadsheet-compatible, up to 10,000 rows, formula injection protected
JSON	Machine-readable, up to 10,000 rows

Access exports from the Reports section or from the Findings page filter toolbar.

Report Builder

The Report Builder lets you create custom report templates with a drag-and-drop interface.

Creating a Template

Navigate to Reports → Templates and click New Template
Drag widgets from the palette onto the 12-column grid layout
Configure each widget (data source, date range, visualization type)
Set a schedule (manual or recurring) and distribution list (recipient email addresses)
Click Save Template

Managing Templates

Saved templates appear in the Templates tab. You can:

Edit — Modify layout, widgets, or schedule
Run — Generate a report from the template immediately
Delete — Remove the template

Troubleshooting

Report Generation Stuck

If a report shows "Processing" for more than 15 minutes:

Try generating a new report — the original job may have encountered an error
Check that your account has findings data for the selected date range (empty reports may fail silently)

Compliance Pack Missing Data

If a compliance pack has incomplete sections:

Verify that alerts are configured (the Alert Configuration section reflects your current setup)
Ensure scans have run during the reporting period
Check that findings exist for the selected timeframe

Export Hitting Row Limit

CSV and JSON exports are capped at 10,000 rows. If you need more data:

Narrow the date range or add severity/source filters
Generate multiple exports for different time periods
Use the webhook integration for continuous data streaming to your SIEM

Alerts Configuration — Configure the alerts that appear in compliance evidence
Findings — Understanding the findings that reports summarize
Settings & Integrations — Configure report distribution

Report Types​

Executive Summary​

Key Metrics​

Sections Included​

Generating Reports​

On-Demand Generation​

Downloading Reports​

Compliance Evidence Packs​

Supported Frameworks​

What's Included​

Generating a Compliance Pack​

Data Export​

Report Builder​

Creating a Template​

Managing Templates​

Troubleshooting​

Report Generation Stuck​

Compliance Pack Missing Data​

Export Hitting Row Limit​

Related​