Scan Reports

The Scan Reports feature allows administrators to schedule, customize, and manage summary reports that are sent via email. These reports provide an overview of scan activity, threats detected, policy enforcement, and other metrics for each tenant.

Report List

Admins can view and manage existing reports from the Reports section under Settings.

  • Search bar: Allows users to filter reports by report name or subject

  • Report columns:

    • Report name: The internal name assigned to the report.
    • Subject: The subject line used in the sent email.
    • Status: Toggle to activate or deactivate scheduled sending.

  • Report buttons:

    • Delete: Delete icon to permanently remove the report.
    • Clone: Clone the report.

Creating a New Report

Click Add new report in the top-right corner.

Choose Report Type

Select Scan Report.

For other report types, see Quarantine Reports.

Report Settings

Each report includes the following configuration options:

  • Active – Enables or disables the report.
  • Report name – Internal descriptive name.
  • Report subject – Subject line of the email.
  • Email sender – From address for outgoing reports.
  • Select days of the week – Choose which days the report is sent.
  • Use custom start date - Choose a custom start date for the first report. If not selected, emails processed from the report creation date will be included in the first report.
  • Time / Time zone – Schedule delivery time.
  • Recipients – Select users or groups to receive the report.

Editing a Report

Clicking on a report opens the Report Details page, where you can configure general settings and the email content.

Report Settings

  • Report Name: Internal display name for the report.

  • Report subject: Subject line used in the report email.

  • Email Sender: Specifies the sender email address, for example: noreply@mycompany.com.

    • The sender field can also include both display name and email address as follows: "Display name" <noreply@mycompany.com>.

  • Schedule: Choose the days of the week and time for delivery.

  • Time zone: Define the time zone for scheduled delivery.

  • Recipients: Users or groups to receive the report.

Email Content Customization

  • HTML Tab:

    • Provides a rich text editor for formatting email content.
    • Users can insert fields, format text, add tables, and customize the layout.

  • Plain Text Tab:

    • Used for text-based email clients.

When editing HTML content, the plain text version is automatically updated, based on the content provided.

Email Content Preview

  • Shows a sample report email with placeholders replaced by actual data.

Scripting Language

It is also possible to additionally customize report templates using the Handlebars template scripting language. For more information see: https://handlebarsjs.com/guide/

Custom Fields

The following field can be inserted into email report templates:

NameDescription
Created AtTimestamp when the report was generated. Useful for showing when the data snapshot was taken.
Sanitization RatePercentage of emails sanitized vs total emails processed. Calculated as: sanitized / scanned.
Emails ScannedTotal number of emails scanned during the report period (via multiscanning).
Scan RateRate of scanning (emails per minute/hour depending on system config). Useful for performance trends.
Emails BlockedNumber of emails blocked by policies (Threats, encrypted content etc.)
Block RatePercentage of scanned emails that were blocked.
Emails SanitizedNumber of emails that passed through Deep CDR for content sanitization.
Deep CDR Sanitization RatePercentage of sanitized emails vs total emails sanitized by Deep CDR.
Deep CDR Sanitization RateNumber of emails sanitized by Deep CDR.
Threats PreventedNumber of threats removed by Multiscanning.
Total EventsTotal number of events logged during the report window (including all verdicts).
Quarantined EventsNumber of emails placed in quarantine due to policy rules or detected threats.
Sanitized EventsNumber of emails marked as sanitized.
Released EventsNumber of emails that were released from quarantine (via admin/user action).
Deleted EventsNumber of emails that were permanently deleted from quarantine.
Closed EventsNumber of events that reached a final state 'Closed without action'.
Blocked File Types (Array)List of file types that were blocked during the report period.
Blocked Senders (Array)List of sender addresses that were blocked during the period.
Blocked Recipients (Array)List of recipient addresses whose emails were blocked.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Quarantine Reports
On This Page
Scan ReportsReport ListCreating a New ReportChoose Report TypeReport SettingsEditing a ReportReport SettingsEmail Content CustomizationEmail Content PreviewScripting LanguageCustom Fields