Analytics

You can access reports to track patching progress and identify security gaps. Browse prebuilt reports to analyze your device management data.

Prerequisites: You must have Reports: Read permissions for the organization you want to view analytics reports for. See Roles and Permissions Management.

Viewing and Filtering Analytics Reports

To view analytics reports, go to Insights > Analytics in the console. These reports include data from all organizations that you have permissions to view.

From the Analytics page, choose the type of reports you want to view from the Select Report list. You can currently select from these types:

You can perform the following actions on the different types of reports:

  • Filter: Filter the available reports
  • Download PDF: Download the data as a PDF
  • Present: Present reports for larger, detailed views
  • Hover: Hover over individual reports to view more information
Note: Data is refreshed on a regular schedule. While most updates occur every hour, some intervals are longer.

Tip: If you close the information tiles that initially appear above the reports and would like to access them again, you must clear your browser data.

Filtering Reports

You can apply several filters to refine the data shown in analytics reports.  The available filters depend on the selected report.

analytics filters

Filtering Patch and Impact Performance Reports

The following filters are available for patch and impact performance reports:

  • Organization: Currently, if you are logged into a specific organization, the reports will show data for all organizations you have permissions to view. Use the Organization filter to include or exclude organizations, depending on your permissions and preferences.
  • Group: Select one or more groups to filter by. By default, all groups are selected.
  • Device: Select one or more devices to filter by. By default, all devices are selected.
  • Package Name: Select one or more packages to filter by. By default, all packaged are selected.
  • Policy Name: Select one or more policies to filter by. By default, all policies are selected.
  • Date Last 90 Days: Select a value to filter policy events by. Data beyond 90 days may not be available, even if included in your filter.
  • Change the value of Target MTTP: Use this filter to select a target Mean Time to Patch (MTTP) value 1 and 30.

In addition to the filters, you can select from groups of reports based on these categories.

  • Overview
  • Patching Performance
  • Patching Drilldown

Filtering Risk and Mitigation Reports

These filters include the following:

  • Organization: Currently, if you are logged into a specific organization, the reports will show data for all organizations you have permissions to view. Use the Organization filter to include or exclude organizations, depending on your permissions and preferences.
  • Severity: Use the Severity filter to include or exclude specific CVSS severity levels.
    Note: For more information, see Understanding CVE Scoring and Severity Data.
  • Install Date: Use the Install Date filter to view analytics based on either a rolling install date or a fixed date range. Even though the date filter allows selection of a wider range, the report will only include up to 90 days of data. Data beyond 90 days from the selected end date may not be available, even if included in your filter range.
  • Change value of Target MTTR: Use this filter to select a target Mean Time to Remediate (MTTR) value between 1 and 30.
    See the Glossary section for details.)

Available Actions

In addition to the Download PDF button available from the main Analytics landing page, you can interact with individual reports using the following actions:

  • Explore: Provides access to additional filters and customization options to refine the data further
  • Show Underlying Data: Displays the detailed data that supports the report’s metrics
  • Download: Exports the report in your preferred format: CSV, PDF, XLSX, or PNG
  • Present: Opens the report in a larger, more detailed view for closer inspection

Managing Customized Boards

Any filter modifications you make to the analytics board can be saved in a customized board view. It is possible to add, delete, and manage custom boards for yourself.

  1. When you modify a filter and apply the change, you will see the option Save view along with the filters. You can apply multiple filters to the same view or create individual custom views.
  2. Click Save view and enter a custom name that reflects the new board view.
  3. To switch back to the default view, select Reset Liveboard from the drop-down menu.
  4. Select Manage views to edit custom view names or delete a custom board view.

Note: The option to share views with other users or organizations is currently disabled. They can create their own views and save them individually.

Patch and Performance Reports

The reports associated with patch impact and performance are grouped into three areas. Click the areas for details about each report.

  1. Overview 
    • Mean Time to Patch (MTTP)
    • MTTP Achievement
    • Patch Policy Success Rate
    • Patches Applied by Month - MTTP calculation including outstanding patch instances
    • Adjusted MTTP
    • Devices in Scope for Active Patch Policies
    • Packages Up to Date
    • MTTP Trend by Device Count
    • Policies with Highest Execution Count
    • Applied Packages by Patch Instance Count
    • Applied Packages by Device Count
    • Patching Progress by Device Count
    • Outstanding Packages by Device Count
    • Outstanding Packages by Patch Instance
  2. Patching Performance
    • Overall Policy Success
    • Patch Policy Execution History
    • Applied Patch Instances by OS Family
    • Patching Progress by Outstanding Patch Instance Count
    • Patch Policy Schedule
    • Patch Policy Executions
  3. Patching Drilldown
    • Applied Package History
    • Recently Executed Patching Policies
    • Patching Progress by Outstanding Device Count - Drilldown
    • Outstanding Packages by Device
    • Outstanding Packages by Patch Instance

Risk and Mitigation Reports

The reports associated with risk and mitigation are listed here. You can find detailed descriptions for each in Report Calculation Methodology, select Risk and Mitigation.

  • Mean Time to Remediate in Days (MTTR)
  • MTTR Account Achievement - Comparison against Target MTTR
  • KEV Vulnerability Instances Remediated - Vulnerability Instances Remediated
  • Vulnerability Instances Remediated
  • Remediation Trend by Vulnerability Instance
  • MTTR Trend vs Number of Devices In Scope
  • Projected MTTR
  • Active Policies By Projected MTTR
  • Top Active CVEs By Exposure In Days
  • Vulnerabilities Remediated by Severity
  • MTTR Target Breach by Exposure in Days
  • Outstanding Vulnerability Instances
Note: Additional report types will be introduced over time. As new reports become available, they will appear on the Analytics page without requiring any configuration changes.

Understanding CVE Scoring and Severity Data

Automox Analytics reports include CVE and CVSS Severity information to help you interpret vulnerabilities more effectively.

CVSS Score

The CVSS Score is a numerical value from 0 to 10 that represents a qualitative measure of severity.

Automox Analytics displays the most current score available in this priority order:

  • CVSSv4
  • CVSSv3
  • CVSSv2

If no CVSS score is available, the system displays NULL.

CVSS Severity

The CVSS Severity is a text (string) representation of the numerical CVSS range that reflects the most recent severity available. If no severity is available, the value will be NONE.

Note: For more information about CVSS and severity ratings, visit the National Vulnerability Database.

Report Calculation Methodology

This section explains how analytics calculates metrics for each report using defined formulas and associated variables.

  • Patch Impact and Performance
  • Risk and Mitigation

This describes the calculations for the Patch Impact and Performance reports. There are three tabs to select various reports from: Overview, Patching Performance, and Patching Drilldown. This list provides the calculations used for the patch impact and performance reports.

Overview

Mean Time to Patch (MTTP)

  • Formula MTTP: sum ( Day Diff ) / Package Count
  • Variables: MTTP, Install Date Monthly
  • Description: Displays the average number of days it takes to apply a patch to a device, calculated from the package creation timestamp (when the patch was first available) to the install timestamp (when the patch was successfully applied on a device). This metric currently measures the patch time per patch instance. This answer also compares data to the previous month's data.

MTTP Achievement

  • Variables: MTTP Achievement, Install Date Monthly
  • Description: Compares the current MTTP to the Target MTTP Parameter defined by the end user and displays a percentage rate of achievement. This answer also compares data to the previous month's data.

Overall Policy Success Rate

  • Formula Success Rate: safe_divide ( Policies Succeeded, Total Policy Executions)
  • Variables: Success Rate, Event Time Monthly, Policy Type = Patch
  • Description: Displays the percentage of patch policies that executed successfully (exit code 0) in the environment based on the selected time interval.

Patches Applied By Month

  • Variables: Package Count, Install Date Monthly
  • Description: Displays the number of patch instances successfully applied each month within the selected timeframe. This report compares the current month's performance against the previous month to highlight trends and progress over time

Adjusted MTTP

  • Variables: Adjusted MTTP, Device Package Count, Diff in Days
  • Description: Shows MTTP including outstanding patch instances. Projects MTTP if all outstanding patches were applied today.

Devices in Scope for Active Patch Policies

  • Formula In Scope Policy Devices: safe_divide ( Total Active Patch Policy Devices, Total Devices )
  • Variables: In Scope Policy Devices
  • Description: Displays the number of devices that are currently in scope based on active patch policies, considering any applied device filtering. This helps to distinguish between the total device count and those actively managed by patch policies.

Packages Up-to-Date

  • Formula Fully Patched Percentage: Fully Patched Package Count / Total Package Count
  • Variables: Fully Patched Percentage
  • Description: Shows the percentage of installed software packages that are fully patched across the environment.

MTTP Trend by Device Count

  • Variables: MTTP, count Server ID, Install Date Weekly
  • Description: Displays a weekly trend of MTTP and devices in scope.

Policies with Highest Execution Count

  • Variables: Total Policy Executions, Policy Name, Event Time Monthly
  • Description: Lists patch policies ranked by the number of executions within the selected time interval. This helps identify which policies are most active, either due to a broad device scope or a more aggressive scheduling strategy.

Applied Packages by Patch Instance Count

  • Variables: Package Name, Package Count
  • Description: Shows how often each patch was applied within the selected time interval.

Applied Packages by Device Count

  • Variables: Package Name, count Server ID
  • Description: Shows the number of unique devices that have received a specific package within the selected time interval.

Patching Progress by Device Count

  • Variables: Package Name, Installed Device Count, Outstanding Device Count
  • Description: Sorted by Total Device Count

Outstanding Packages by Device Count

  • Variables: Server Name, Package Count, Installed = False
  • Description: Displays devices with the highest number of outstanding patches.

Patching Performance

Patch Policy Success

  • Variables: count Policy ID, Status Name
  • Description: Displays the success and failure rate of ALL policies (Patch, Worklet, and Required Software) in the environment based on the filtered time interval.

Patch Policy Execution History

  • Variables: count Policy Event ID, Status Name, Policy Type = Patch, Event Time Weekly
  • Description: Tracks successful and failed patch policy executions over the selected time interval.

Applied Patch Instances by OS Family

  • Variables: Package Count, OS Family, Install Date Weekly
  • Description: Displays the count of applied patch instances by operating system family.

Patching Progress by Outstanding Device Count

  • Variables: Package Name, Installed Device Count, Outstanding Device Count
  • Description: Displays the number of devices running the latest version of a package in comparison to those still pending the latest patch.

Patch Policy Schedule

  • Variables: Organization Name, Hour 24, Policy ID Count by Hour
  • Description: Displays the policy schedule based on the hour of day and broken out by organization. This report provides insights into how policies are scheduled and helps determine if adjustments are needed to optimize execution timing.

Patch Policy Executions

  • Variables: count Policy ID, Organization Name, Policy Event Hour hour of day, Policy type = Patch
  • Description: Displays when patch policies have executed, broken down by the hour of day. This report shows the distribution of policy execution times and can help determine if policies are running as scheduled or if adjustments are necessary.

Patching Drilldown

Applied Package History

  • Variables: Package Name, Server Name (Device), Install Date detailed, Is Managed = True
  • Description: Lists packages that have successfully applied over the time interval. Note: This only includes devices that have successfully completed the GetSoftware scan to ensure accuracy in reporting package status.

Recently Executed Patching Policies

  • Variables: Policy Name, Server Name (Device), Status, Policy Name
  • Description: Lists patching policies that have most recently been executed.

Patching Progress by Outstanding Device Count

  • Variables: Package Name, Installed Device Count, Outstanding Device Count
  • Description: Lists the number of devices running the latest version of a package in comparison to those still pending the latest patch.

Outstanding Packages by Device

  • Variables: Package Name, Server Name, Version, Package Count, Installed = False
  • Description: Lists devices with missing patches to highlight patching gaps.

Outstanding Packages by Patch Instance

  • Variables: Package Name, Version, count Server ID, Installed = False
  • Description: Lists patch instances pending installation, showing the version pending per device.

Return to Report Calculation Methodology.

Risk and Mitigation

This describes the calculations for the Risk and Mitigation reports.

Mean Time to Remediate in Days (MTTR)

  • Formula MTTR: SUM ( Day Diff ) / Remediation Count
  • Variables: Average Day Diff, Install Date
  • Description: Displays the average number of days it takes to remediate a vulnerability instance using Created At (Release date of the package) and Install Timestamp (The timestamp of the scan after package was installed). This answer also compares data to the previous month's data.

MTTR Account Achievement

Comparison to Target MTTR

  • Formula MTTR Achievement: Target MTTR / MTTR
  • Variables: MTTR Achievement, Install Date
  • Description: Compares the current MTTR to the Target MTTR Parameter defined by end user and displays a percentage rate of achievement. This answer also compares data to the previous month's data.

KEV Vulnerability Instances Remediated

(KEV) Known Exploitable Vulnerabilities

  • Variables: Unique Count of Vulnerability Instances, Known Exploitable Vulnerabilities, Install Date
  • Description: Displays the number of vulnerability instances with active exploits in the wild that have been remediated this month. This answer also compares data to the previous month's data.

Vulnerability Instances Remediated

  • Variables: Unique Count CVE ID, Install Date
  • Description: Displays the number of vulnerability instances that have been installed during the install date filter. This also provides comparative analytics for current vs previous month's data.

Remediation Trend by Vulnerability Instance

  • Variables: Unique Count Vulnerability Instance, Install Date, CVSS Severity
  • Description: Displays a weekly trend of remediated vulnerability instances by severity.

MTTR Trend vs Number of Devices In Scope

  • Variables: Average Day Diff, Install Date, Unique Count of Devices
  • Description: Displays a weekly trend of MTTR and devices in scope.

Projected MTTR

Anticipated MTTR based on active policy schedule pattern

  • Variables: Average Days Between Active Policy Schedules
  • Description: Provides the projected MTTR based on active patch policy schedules.

Active Policies By Projected MTTR

  • Variables: Policy Name, Average Days Between Schedules
  • Description: Provides a ranked list of patch policies with the largest gap in schedules.

Top Active CVEs By Exposure In Days

  • Formula Days Exposed: CURRENT_DATE - Package Version Created At
  • Variables: Max Days Exposed, CVE ID, CVSS Severity
  • Description: Displays the top 10 CVEs based on active exposure in days. Conditional logic for the colors will be Yellow to Red. Any CVE with a maximum exposure in days greater than 90 days will be red.

Vulnerabilities Remediated by Severity

  • Variables: Unique Count Vulnerability Instances, Severity
  • Description: Displays a total count of installed vulnerability instances based on the Install Date filter.

MTTR Target Breach by Exposure in Days

  • Variables: Package Display Name, Severity, Max Exposure in Days > Target MTTR
  • Description: Provides the top packages in breach of the MTTR Target sorted by exposure in days. Conditional color scheming is based on CVSS Severity.

Outstanding Vulnerability Instances

  • Variables: Unique Count of Vulnerability Instances, CVSS Severity
  • Description: Displays the total number of vulnerability instances that are outstanding in the environment over all time.

Return to Report Calculation Methodology.

Strategies for Improving Metrics

You can use insights from the reports to take targeted actions that reduce risk and improve your organization's performance against key metrics. This section provides a few examples to illustrate how to interpret report data and act on it.

The screenshots in this section highlight how specific reports can uncover actionable trends. Use these examples as guidance for identifying your own areas of improvement.
  • Active Policies By Projected MTTR: This report helps you identify policies with large gaps between scheduled runs. If you notice long intervals for certain policies, consider adjusting their schedules to reduce patching delays. Reducing the time between executions can help you get ahead of vulnerabilities and decrease your overall MTTR.
  • Outstanding Vulnerability Instances: Use this report to determine if there’s a high number of unresolved vulnerabilities—in the following example we show those with High or Medium severity. If your environment shows elevated counts for these severities, you may need to refine your policies to target them more aggressively and close the gap on remediations.
  • MTTR Account Achievement: This report helps you monitor whether your remediation efforts align with the Target MTTR Parameter. If the percentage is low, focus on reducing delays in the patch deployment cycle and consider streamlining approvals or improving device readiness.

Glossary

  • Known Exploitable Vulnerability (KEV): A CVE (Common Vulnerabilities and Exposures) that has documented evidence of active exploitation in the wild. These vulnerabilities are typically listed in authoritative sources such as the CISA KEV catalog and represent higher risk due to confirmed use in real-world attacks.
  • Vulnerability Instance: A specific occurrence of a security vulnerability (CVE) on a device or package. Device, Package, Version, and Install Date (historical trend) are attributes that make up this occurrence
Formula Definition
Day Diff diff_days ( Install Date , Created At )
Days Exposed

diff_days ( CURRENT DATE, Created At )

Remediation Count Unique count ( Vulnerability Instance)
MTTP sum ( Day Diff ) / Package Count
MTTP Achievement Target MTTP / MTTP
MTTR sum ( Day Diff ) / Remediation Count
MTTR Achievement Target MTTR / MTTR
Package Count Count ( Package Version ID )
Success Rate Policies Succeeded / Total Policy Executions
In Scope Policy Devices Total Active Patch Policy Devices / Total Devices
Fully Patched Percentage Fully Patched Package Count / Total Package Count

Related Topics