Reporting and Exports

Overview of reporting and export functionality in the Praetorian Guard Platform

Overview

The Praetorian Guard Platform (PGP) provides multiple ways to extract and share your security data. You can export vulnerabilities, assets, seeds, technologies, and validation gap analysis data in CSV or JSON format directly from the platform. For compliance needs, Guard subscriptions include annual penetration test reports generated by Praetorian operators. For programmatic access, the Guard Platform API and Python SDK support automated data extraction.

Exporting data requires the Analyst or Admin role.

Data Exports

Each data section in Guard — Vulnerabilities, Assets, Seeds, and Technologies — includes an Export button that opens an export modal. The modal lets you:

  • Select specific columns to include in the export

  • Choose the export format (CSV or JSON)

  • Export either all data matching your current filters, or only selected rows

When you export, the current table filters (search, status, severity, source, and any advanced filters) are automatically applied to the export query. Selected rows take precedence over filters. Filter selections on the export modal are saved between sessions for each export type.

Export Formats

  • CSV — Comma-separated values with headers matching the selected column names. Suitable for spreadsheet applications. Assets, seeds, technologies, and vulnerabilities with multiple associations may appear as duplicate rows to reflect underlying relationships.

  • JSON — Structured data format that preserves relationships between entities. Suitable for programmatic use and data pipeline integration.

Important Notes

  • Duplicate rows — Rows may appear duplicated in exports. This is intentional to represent underlying attributes and relationships. For example, if a single DNS asset resolves to multiple IPs, the asset_name column will have duplicate entries with corresponding asset_identifier values for each IP. This reflects the underlying DNS relationships and aligns with how the Assets and Vulnerabilities pages behave in the platform.

  • Relationship data — Exports include relationship data between entities. Vulnerabilities include associated assets, technologies include impacted assets, and seeds include their relationships to discovered assets.

  • Filtered data — Exports only include data matching selected filters. If no filters are selected, all data is exported according to the choices made on the export modal.

Vulnerability Export

Filter options: Status (Triage, Opened, Remediated, Accepted) and Severity (Critical, High, Medium, Low, Info, Exposure).

Available columns:

Column

Description

Title

Name/identifier of the vulnerability (e.g., "CVE-2023-1234: Remote Code Execution in Apache Server")

Severity

Severity level: Critical, High, Medium, Low, Info, or Exposure

Status

Current state: Triaged, Opened, Remediated, or Accepted

Description

Detailed technical explanation of the vulnerability

Impact

Potential consequences if the vulnerability is exploited

Recommendation

Steps to remediate or mitigate the vulnerability

References

External links and documentation about the vulnerability

Evidence

Proof or indicators of the vulnerability's existence

First Seen

Timestamp when the vulnerability was first detected (ISO 8601)

Last Seen

Most recent timestamp when the vulnerability was observed (ISO 8601)

Asset Name

DNS name or identifier of the affected asset

Asset Identifier

Unique identifier for the affected asset

Assets Impacted

List of all assets affected by this vulnerability — may include multiple entries

CVE

Common Vulnerabilities and Exposures identifier

CISA KEV

Whether listed in CISA's Known Exploited Vulnerabilities catalog (true/false)

CVSS Score

Common Vulnerability Scoring System score (0.0–10.0)

EPSS Score

Exploit Prediction Scoring System score (0.0–1.0)

Exploits

Whether known exploits exist (true/false)

MITRE ATT&CK

Associated MITRE ATT&CK techniques (e.g., "T1190: Exploit Public-Facing Application")

MITRE CWE

Common Weakness Enumeration identifier (e.g., "CWE-79: Cross-site Scripting")

Public Exploit

Whether a public exploit is available (true/false)

Threat Actors

Known threat actors associated with this vulnerability

Notes

User-generated comments on the vulnerability

History

Timeline of status changes and updates

Asset Export

Filter options: Status (Active, Inactive, Expiring, Frozen, Frozen Rejected, Deleted) and Source (Account, Seed, PGP).

Available columns:

Column

Description

Asset Name

DNS name or identifier of the asset

Asset Identifier

Unique identifier for the asset

AS Name

Autonomous System name (e.g., "Amazon.com, Inc.")

AS Number

Autonomous System Number (e.g., "AS16509")

Class

Classification of the asset (Domain, Subdomain, IP, etc.)

Status

Current state (Active, Inactive, Expiring, Frozen, Deleted, etc.)

Source

How the asset was discovered (Account, Seed, PGP)

Origination

The discovery source or origin of the asset

Parent

Parent asset if this is a subdomain or related asset

First Seen

Timestamp when the asset was first discovered (ISO 8601)

Last Seen

Most recent timestamp when the asset was observed (ISO 8601)

Notes

User-generated comments on the asset

History

Timeline of status changes and updates

In addition to the export modal, you can also use the Share URLs bulk action on the Assets page to copy shareable links to selected assets to your clipboard.

Seeds Export

Filter options: Status (Approved, Rejected, Frozen, Pending, Deleted) and Type (Domain, IP).

Available columns:

Column

Description

DNS

Domain name or IP address

Name

Name of the seed

Status

Current state (Active, Pending, Rejected, etc.)

Type

Seed type (Domain, IP)

Class

Classification of the seed

Source

How the seed was added (e.g., Manual Entry)

Registrar

Domain registrar information

Email

Contact email associated with the seed

Location

Geographic location of the seed

Created

Timestamp when the seed was created (ISO 8601)

Visited

Most recent timestamp when the seed was checked (ISO 8601)

Notes

User-generated comments on the seed

History

Timeline of status changes and updates

Technologies Export

Available columns:

Column

Description

Vendor

Technology vendor (e.g., "Microsoft")

Product

Product name (e.g., "Windows Server")

Version

Version of the technology

CPE

Common Platform Enumeration identifier

Assets Impacted

List of assets using this technology

Comment

Additional notes about the technology

Created

Timestamp when the technology was first detected (ISO 8601)

Visited

Most recent timestamp when the technology was observed (ISO 8601)

History

Timeline of changes to the technology's details

Gap Analysis Export

The Validations page includes a gap analysis view that maps your security coverage against the MITRE ATT&CK framework. The current filtered view can be exported to CSV or JSON format, capturing whatever filters you have applied (status, technique, tactic, etc.). Filtered views can also be bookmarked or shared via URL since filter state is synchronized with the URL.

Compliance Penetration Test Reports

Guard subscriptions include an annual penetration test conducted by Praetorian operators. These reports are human-written — not automated scan output — and satisfy compliance requirements for SOC 2, PCI DSS, HIPAA, and other frameworks.

A compliance report includes:

  • Executive Summary — High-level assessment of your security posture for non-technical stakeholders

  • Methodology — Description of the testing approach, scope, and tools used

  • Findings — Grouped by severity or engagement phase, each including:

    • Description and business impact

    • Proof of exploitation (screenshots, request/response pairs, command output)

    • Remediation guidance with prioritized steps

    • CVSS score and vector string

  • Appendices — Supporting data including scan results, asset enumeration details, and raw evidence

Report formats include PDF (for compliance auditors and executive distribution) and DOCX (for internal customization before distribution).

Report generation is managed by your Praetorian team — these reports are not self-service. Findings go through a validation step to ensure proper definitions, severity ratings, and remediation guidance before a report is produced.

API and CLI Access

For programmatic access to your data:

  • Guard Platform API — Query and export risks, assets, seeds, and attributes via REST endpoints. See the API Technical User Guide in the documentation for endpoint details and authentication setup.

  • Python SDK (praetorian-cli) — Install via pip install praetorian-cli and use the SDK to script exports and automate data extraction workflows. See the Developer Resources section for code examples and integration patterns.

Best Practices

  • Before exporting — Review and adjust filters to get the desired data set. Select only the columns you need to keep exports focused and manageable.

  • For large data sets — Use filters to reduce export size and consider exporting in smaller batches if needed.

  • For relationship analysis — Use JSON format to preserve relationship data. Include all relevant columns and review duplicate rows to understand entity relationships.

  • Choose the right format — Use CSV for spreadsheet analysis and stakeholder sharing. Use JSON for programmatic consumption and data pipeline integration.

Support

If you need assistance with exports, reports, or have questions about the data included in your exports, contact our support team at support@praetorian.com.