# 2. Reporting
#### ๐ Overview
The **Reporting** module provides structured, exportable security summaries based on email threat data collected across a specified date range. These reports help administrators and SOC analysts gain insight into:
* Phishing and spam trends
* Targeted users
* Source domains and email addresses
* Most attacked countries
* Content policy violations
> ๐ก๏ธ With one click, you can generate a full overview of the email threat landscape across your organization.
***
#### ๐งพ Report Generation
At the top of the interface, select a **Start Date** and **End Date**, then click **Generate Report** to produce a new log-based analysis for that timeframe.
Each generated report includes:
* **Date Range**
* **Threat Score** (letter grade: A to F)
* **Creation Timestamp**
* **View Button** to access full details
> ๐ Reports are securely stored and viewable anytime within the panel.
***
#### ๐ What the Report Includes
**๐ Most Attacked Country Statistics**
* Heatmap and table showing where detected threats originate
* Helps identify geographic targeting trends
* Supports regional threat intelligence decisions
***
**๐ฌ Targeted Recipients**
* **Email addresses most frequently attacked**
* Indicates users at high risk of phishing or impersonation
* **Users receiving the most spam**
* Reveals inboxes under heavy unsolicited email load
***
**โ๏ธ Threat Sources**
* **Top attack-sending email addresses**
* Identifies malicious or spoofed senders
* **Phishing email sender domains**
* Domains used to trick users into entering sensitive data
* **Spam sender domains**
* Domains responsible for the most unwanted or abusive email content
> ๐ These can be quickly added to blocklists from within the platform for immediate mitigation.
***
**๐ System Summary Chart**
* Pie chart visualization of total detected threats, by type:
* Phishing
* Spam
* Content Filter Violations
* Helps prioritize focus areas for remediation and education efforts.
***
**๐ Content Filter Summary**
* Displays **most frequently blocked words** from emails
* Useful for tuning keyword-based content filters (e.g., blocklist for sales, adult terms, scams)
Example:
| Blocked Word | Detection Count |
| ------------ | --------------- |
| `discount` | 1 |
***
#### ๐ Use Cases
| Goal | Reporting Benefit |
| ------------------------------------ | ------------------------------------ |
| Prove security value to stakeholders | Share monthly threat summaries |
| Identify vulnerable inboxes | Focus user awareness training |
| Track threat evolution | Compare report scores over time |
| Export for compliance or audits | Archive PDF or CSV versions |
| Feed data to SIEM or SOC | Export structured intel from reports |
***
#### โ๏ธ Best Practices
* Generate reports on a weekly or monthly basis
* Track score trends to evaluate improvements
* Block repeat sources found in multiple reports
* Cross-reference targeted users with login activity or incidents
***
> ๐ฏ The Reporting module transforms raw email security data into actionable intelligence โ making it easier to detect, prove, and respond to threats across your organization.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.shieldsguard.com/shieldsguard-seg/2.-reporting.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.