Reporting
The Reporting page provides a built-in reporting engine for building custom queries against your fleet data. Use the visual query builder for simple reports or write SQL directly for advanced analysis.
Reports are read-only queries. They cannot modify data.
Visual Query Builder
The visual query builder provides a filter-based interface for building reports without writing SQL. It generates SQL behind the scenes, so you get the power of custom queries with a guided workflow.
To build a report:
- Select a data source -- choose from Agents, Tasks, History, or Vulnerabilities.
- Add filters -- narrow results by status, date range, operating system, or other fields relevant to the selected data source.
- Choose columns -- select which columns to include in the output. Drag columns to reorder them.
- Sort the results -- pick a column and direction (ascending or descending) to control result ordering.
The builder updates the preview in real time as you adjust your selections.
Start with the Visual Query Builder to explore your data. Switch to the SQL Editor when you need joins, aggregations, or complex filters.
SQL Editor
For advanced analysis, the SQL Editor gives you a full Monaco-based editor with:
- Syntax highlighting for SQL keywords, table names, and column references
- Autocomplete that suggests table names, column names, and SQL functions as you type
- Error detection that highlights syntax errors and invalid references before you run the query
Write custom queries against the available tables for maximum flexibility, including joins across tables, aggregate functions, window functions, and subqueries.
Schema Explorer
The left panel displays all available tables and their columns. Click any table to expand its schema and see column names, types, and descriptions.
Available tables include:
| Table | Description |
|---|---|
| Agents | Registered agents with hostname, OS, version, status, and health score |
| agent_tasks | Tasks dispatched to agents with type, status, and result details |
| agent_history_events | Historical record of all agent events and state changes |
| system_updates | Windows and Linux updates in the catalog |
| vulnerabilities | Known vulnerabilities with severity, CVE identifiers, and affected products |
| compliance_results | Compliance evaluation results per agent and framework |
Saved Reports
Save frequently-used queries for quick access. Saved reports preserve:
- The query (visual builder configuration or raw SQL)
- Display settings (column widths, sort order)
- Applied filters
To save a report, click Save Report after running a query. Give it a descriptive name and an optional description. Saved reports appear in the My Reports section of the sidebar for quick access.
Share saved reports with your team by toggling the Shared option. Shared reports are visible to all users in your organization.
Pre-built Templates
TridentStack Control includes report templates for common use cases. Select a template to load it into the editor, then customize it as needed.
| Template | Description |
|---|---|
| Patch compliance summary | Overview of update compliance across your fleet, broken down by OS and severity |
| Agents missing critical updates | Lists agents that have not installed one or more critical-severity updates |
| Vulnerability exposure by severity | Counts open vulnerabilities grouped by severity level (Critical, High, Medium, Low) |
| Compliance score by framework | Average compliance scores per framework across all agents |
| Agent enrollment history | Timeline of agent enrollments and de-enrollments over a selected period |
| Failed task summary | All failed tasks with error details, grouped by task type and failure reason |
Export
Export report results for use in external tools or compliance audits. Two formats are available:
- CSV -- compatible with spreadsheets and most data tools
- JSON -- structured format for programmatic consumption and integration with other systems
Click the Export button above the results table and select your preferred format. The export includes all rows matching your query, not just the currently visible page.