Cobalt Strike has several report options to help make sense of your data and convey a story to your
clients. You may configure the title, description, and hosts displayed in most reports.
Go to Reporting and choose one of the reports to generate. Cobalt Strike will
export your report as an MS Word or PDF document.
- Activity Report (.pdf)
The activity report provides a timeline of red team activities.
- Hosts Report (.pdf)
The hosts report summarizes Cobalt Strike's data model on a per-host basis. Hosts, services, credentials, and sessions are documented here.
- Indicators of Compromise Report (.pdf)
This report resembles an Indicators of Compromise appendix from a threat intelligence report. Content includes a generated analysis of your Malleable C2 profile, which domain you used, and MD5 hashes for files you've uploaded.
- Sessions Report (.pdf)
This report provides full disclosure of red team activity. It captures each session, the communication path of that session, MD5 hashes of files put on target during that session, and it provides a running log of red team activity.
- Social Engineering Report (.pdf)
The social engineering report documents each round of spear phishing emails, who clicked, and what was collected from each user that clicked. This report also shows applications discovered by the system profiler.
- Tactics, Techniques, and Procedures (.pdf)
This report maps your Cobalt Strike actions to tactics within MITRE's ATT&CK Matrix. The ATT&CK matrix describes each tactic with detection and mitigation strategies. You may learn more about MITRE's ATT&CK at: https://attack.mitre.org
Cobalt Strike reports display a Cobalt Strike logo at the top of the first page. You may
replace this with an image of your choosing. Go to Cobalt Strike -> Preferences -> Reporting
and set the image you'd like to use. You may also set an accent color. The accent color is the thick
line below your image on the first page of the report.
Your custom image should be 1192x257px set to 300dpi. The 300dpi setting is
necessary for the reporting engine to render your image at the right size.
Cobalt Strike uses a domain specific language to define its reports. You may load your own reports
through the Report Preferences dialog. To learn more about this feature, consult the
Custom Reports chapter of the Aggressor Script documentation.
ATT&CK and ATT&CK Matrix are trademarks of The MITRE Corporation. The ATT&CK content is © 2017 The MITRE Corporation. The ATT&CK work is distributed and reproduced with permission of The MITRE Corporation