Creating Actionable Reports

1 min read Web Security Fundamentals

Creating Actionable Reports

Raw log data and real-time alerts require synthesis into actionable reports for different audiences. Security teams need technical details for incident response, while management requires executive summaries demonstrating security program effectiveness.

Generate automated security reports:

from jinja2 import Template
import matplotlib.pyplot as plt
from datetime import datetime, timedelta

class FirewallReportGenerator:
    def __init__(self, log_analyzer):
        self.analyzer = log_analyzer
        
    def generate_executive_report(self, period_days=7):
        """Generate high-level security summary"""
        end_date = datetime.now()
        start_date = end_date - timedelta(days=period_days)
        
        # Gather metrics
        metrics = self.analyzer.get_period_metrics(start_date, end_date)
        
        report_data = {
            'period': f"{start_date.strftime('%Y-%m-%d')} to {end_date.strftime('%Y-%m-%d')}",
            'total_connections': metrics['total_connections'],
            'blocked_attempts': metrics['blocked_attempts'],
            'block_percentage': (metrics['blocked_attempts'] / metrics['total_connections'] * 100),
            'unique_attackers': metrics['unique_blocked_ips'],
            'top_attack_types': metrics['top_attack_categories'][:5],
            'geographic_summary': metrics['top_countries'][:10],
            'trend': self.calculate_trend(metrics)
        }
        
        # Generate visualizations
        self.create_trend_chart(metrics['daily_blocks'])
        self.create_geographic_heatmap(metrics['country_distribution'])
        
        # Render report template
        template = Template(open('templates/executive_report.html').read())
        return template.render(**report_data)
    
    def generate_technical_report(self, period_days=1):
        """Generate detailed technical analysis"""
        detailed_logs = self.analyzer.get_detailed_logs(period_days)
        
        # Group by attack patterns
        attack_analysis = self.analyze_attack_patterns(detailed_logs)
        
        # Identify top threats
        top_threats = self.identify_top_threats(detailed_logs)
        
        # Generate recommendations
        recommendations = self.generate_recommendations(attack_analysis, top_threats)
        
        return {
            'attack_patterns': attack_analysis,
            'top_threats': top_threats,
            'recommendations': recommendations,
            'detailed_logs': detailed_logs[:1000]  # Sample for appendix
        }