Analytics

You can access reports to track patching progress and identify security gaps. Browse prebuilt reports to analyze your device management data.

Prerequisites: You must have Reports: Read permissions for the organization you want to view analytics reports for. See Roles and Permissions.

Viewing Analytics Reports

In the console, select Insights > Analytics to access the analytics reports. These reports include data from all organizations that you have permissions to view. See also Types of Reports. From here you can select to do the following:

  • Filter the available reports
  • Download PDF
  • Present
  • Hover over individual reports for more detail

Filtering Reports

The following filters are available from the Analytics page:

  • Organization: Currently, if you are logged into a specific organization, the reports presented here show data for all organizations that you have permissions to view. Use this filter to include or exclude organizations, depending on your permissions and preferences.
  • Severity: Select to include or exclude severity levels. (See also Understanding CVE Scoring and Severity Data).
  • Install Date: Select to view analytics based on a rolling install date or a fixed date range. While the date filter allows you to select a wider range, the report will only include up to 90 days of data. Data beyond 90 days from the selected end date may not be available, even if included in your filter.
  • Change value of Target MTTR: Select between 1 and 30. (See Glossary for details.)
Note: Data is refreshed on a schedule.

Tip: If you close the information tiles that initially appear above the reports, but would like to gain access again, you must clear your browser data.

Coming Soon:

  • Customization options for prebuilt reports
  • Cross-organizational analytics

Types of Reports

Understanding CVE Scoring and Severity Data

Automox Analytics comes with more information about CVE data and CVSS severity information. The following describes the CVE and CVSS Severity data represented in the Analytics reports. For more information about CVSS and severity ratings, see National Vulnerability Database.

CVSS Score

Numerical score (0-‑10) that represents a qualitative measure of severity.

CVSS in Analytics provides one of the following scores with priority for the most current version and score available (CVSSv4, CVSSv3, CVSSv2). If no score is available, NULL is listed.

CVSS Severity

A string representation of the numerical CVSS range providing the most current severity available or NONE if no severity is provided.

Report Calculation Methodology

Understanding how reports are calculated ensures accurate interpretation of the data. The following sections provide formulas and explanations for key report metrics.

Mean Time to Remediate in Days (MTTR) Vulnerabilities

MTTR: SUM( Day Diff) / Remediation Count

  • Variables: Average Day Diff, Install Date
  • The average number of days it takes to remediate a vulnerability instance using Created At (Release date of the package) and Install Timestamp (The timestamp of the scan after package was installed). This answer also compares data to the previous month's data.

MTTR Account Achievement

MTTR Achievement: Target MTTR / MTTR

  • Variables: MTTR Achievement, Install Date
  • Compares the current MTTR against the Target MTTR Parameter set by end user and displays a percentage rate of achievement. This answer also compares data to the previous month's data.

Known Exploitable Vulnerabilities Remediated

  • Variables: Unique Count of Vulnerability Instances, Known Exploitable Vulnerabilities, Install Date
  • Shows how many vulnerability instances with active exploits in the wild that have been remediated this month. This answer also compares data to the previous month's data.

Vulnerability Instances Remediated

  • Variables: Unique Count CVE ID, Install Date
  • Displays the number of vulnerability instances that have been installed during the install date filter. This also provides comparative analytics for current vs previous data.

Remediation Trend by Vulnerability Instance

  • Variables: Unique Count Vulnerability Instance, Install Date, CVSS Severity
  • Displays a weekly trend of remediated vulnerability instances by severity.

MTTR Trend vs Number of Devices In Scope

  • Variables: Average Day Diff, Install Date, Unique Count of Devices
  • Displays a weekly trend of MTTR and devices in scope.

Projected MTTR Anticipated MTTR based on active policy schedule pattern

  • Variables: Average Days Between Active Policy Schedules
  • Provides the projected MTTR based on active patch policy schedules.

Active Policies By Projected MTTR

  • Variables: Policy Name, Average Days Between Schedules
  • Provides a ranked list of patch policies with the largest gap in schedules.

Top Active CVEs By Exposure In Days

Days Exposed: CURRENT_DATE - Package Version Created At

  • Variables: Max Days Exposed, CVE ID, CVSS Severity
  • Displays the top 10 CVEs based on active exposure in days. Conditional logic for the colors will be Yellow to Red. Any CVE with a maximum exposure in days greater than 90 days will be red.

Vulnerabilities Remediated by Severity

  • Variables: Unique Count Vulnerability Instances, Severity
  • Displays a total count of installed vulnerability instances based on the Install Date filter.

MTTR Target Breach by Exposure in Days

  • Variables: Package Display Name, Severity, Max Exposure in Days > Target MTTR
  • Provides the top packages in breach of the MTTR Target sorted by exposure in days. Conditional color scheming is based on CVSS Severity.

Outstanding Vulnerability Instances

  • Variables: Unique Count of Vulnerability Instances, CVSS Severity
  • Displays the total number of vulnerability instances that are outstanding in the environment over all time.

Glossary

Vulnerability Instance: A specific occurrence of a security vulnerability (CVE) on a device or package. Device, Package, Version, and Install Date (historical trend) are attributes that make up this occurrence

Formula Definition
Day Diff diff_days ( Install Date , Created At )
Days Exposed

diff_days ( CURRENT DATE, Created At )

Remediation Count Unique count ( Vulnerability Instance)
MTTR sum ( Day Diff ) / Remediation Count
MTTR Achievement Target MTTR / MTTR

Related Topics