Skip to main content
After analysing a sample in Agent mode, you can ask DECODA to generate a structured threat intelligence report that captures all findings in a shareable format.

Generating a Report

To create a report, simply ask the agent in your chat:
“Generate a threat intelligence report for this sample”
The agent will compile all findings from the current analysis session, including triage data, tool outputs, and its own conclusions, into a structured document.
For the best reports, run a thorough analysis in Agent mode first. The more tools the agent has run and the more findings it has collected, the richer the report will be.

Report Structure

Every report follows a consistent structure:

Executive Summary

A high-level overview of the sample, its classification, and the assessed threat level. Written for non-technical stakeholders who need to understand the risk without diving into technical details.

Technical Analysis

Detailed findings from the analysis, including:
  • File metadata and classification
  • Code analysis highlights (decompiled functions, suspicious patterns)
  • Behavioural indicators (API calls, string artefacts, embedded resources)
  • Evasion techniques detected (packing, obfuscation, anti-analysis tricks)

Indicators of Compromise (IOCs)

Extracted indicators organised into three categories:
CategoryExamples
NetworkDomains, IP addresses, URLs, C2 endpoints
FileHashes (MD5, SHA1, SHA256), file names, file paths, mutexes
HostRegistry keys, scheduled tasks, service names, process names

MITRE ATT&CK Mapping

Techniques and tactics observed in the sample, mapped to the MITRE ATT&CK framework. Each mapping includes:
  • Technique ID (e.g., T1055 - Process Injection)
  • Tactic category (e.g., Defense Evasion)
  • Evidence from the analysis supporting the mapping

Export Formats

Reports can be downloaded in three formats:

Markdown

Clean, portable text format. Works well for pasting into wikis, tickets, or version-controlled documentation.

PDF

Formatted document ready for sharing with stakeholders, attaching to incident reports, or archiving.

HTML

Self-contained HTML file that can be viewed in any browser or embedded in internal tools.
To download a report, open it from the chat or from your reports list and click the download button.

IOC Export

In addition to full reports, you can export just the IOCs in machine-readable formats:
  • JSON - Structured data for ingestion into SIEMs or threat intel platforms
  • CSV - Spreadsheet-compatible format for manual review or bulk import
  • STIX 2.1 - Standard format for sharing threat intelligence between organisations and tools
To export IOCs, ask the agent:
“Extract all IOCs from this sample and export as STIX”

Managing Reports

All generated reports are saved to your account and accessible from the reports page. Each report is linked to the sample and chat session that produced it, so you can always trace findings back to the original analysis.