Cobalt Strike has several report options to help make sense of your data and convey a story to your clients. You may configure the title, description, and hosts displayed in most reports.

Go to Reporting and choose one of the reports to generate. Cobalt Strike will export your report as an MS Word or PDF document.

Report Types

  • Activity Report (.pdf)
    The activity report provides a timeline of red team activities.
  • Hosts Report (.pdf)
    The hosts report summarizes Cobalt Strike's data model on a per-host basis. Hosts, services, credentials, and sessions are documented here.
  • Indicators of Compromise Report (.pdf)
    This report resembles an Indicators of Compromise appendix from a threat intelligence report. Content includes a generated analysis of your Malleable C2 profile, which domain you used, and MD5 hashes for files you've uploaded.
  • Sessions Report (.pdf)
    This report provides full disclosure of red team activity. It captures each session, the communication path of that session, MD5 hashes of files put on target during that session, and it provides a running log of red team activity.
  • Social Engineering Report (.pdf)
    The social engineering report documents each round of spear phishing emails, who clicked, and what was collected from each user that clicked. This report also shows applications discovered by the system profiler.
  • Tactics, Techniques, and Procedures (.pdf)
    This report maps your Cobalt Strike actions to tactics within MITRE's ATT&CK Matrix. The ATT&CK matrix describes each tactic with detection and mitigation strategies. You may learn more about MITRE's ATT&CK at:

Custom Logo

Cobalt Strike reports display a Cobalt Strike logo at the top of the first page. You may replace this with an image of your choosing. Go to Cobalt Strike -> Preferences -> Reporting and set the image you'd like to use. You may also set an accent color. The accent color is the thick line below your image on the first page of the report.

Report Preferences

Your custom image should be 1192x257px set to 300dpi. The 300dpi setting is necessary for the reporting engine to render your image at the right size.

Custom Reports

Cobalt Strike uses a domain specific language to define its reports. You may load your own reports through the Report Preferences dialog. To learn more about this feature, consult the Custom Reports chapter of the Aggressor Script documentation.