Reporting¶
The Zaita platform includes a built-in reporting system that gives operators and administrators visibility into the state of the certificate estate, PKI health, deployment operations, and platform security events. Reports are generated on demand or scheduled for automatic delivery, and draw from the platform's permanent audit and inventory records — ensuring historical accuracy regardless of when they are run.
Reports are tenant-scoped. All data is isolated to your organisation's tenant and no cross-tenant information is ever included.
How Reports Work¶
When a report is requested, the platform generates it using data from within your tenant. For large reports, generation is queued and processed in the background — the report page updates automatically when the result is ready.
Generated reports are retained so they can be re-exported in a different format without regenerating. All report generation activity is recorded in the audit log.
Who Can Access Reports¶
Report access is controlled by the platform's role-based access control model. The following roles have permission to generate and view reports:
| Role | Report Access |
|---|---|
| Super Administrator | All reports |
| PKI Administrator | All reports |
| Deployment Administrator | All reports |
| Policy Administrator | All reports |
| Report Operator | All reports (no administrative access) |
The Report Operator role is designed for users who need reporting and compliance visibility without requiring access to administrative functions. Assign this role to compliance officers, auditors, or security analysts who need regular access to platform data.
Report Categories¶
Reports are grouped into five categories:
| Category | Focus |
|---|---|
| Certificate Lifecycle | Expiry, inventory, issuance, renewal, and revocation |
| Security & Compliance | Authentication events, access violations, user and machine account activity |
| PKI Health | Certificate authority status, cryptographic standards compliance |
| Operational | Discovery results, deployment status, ACME usage |
| Management Summary | High-level metrics and compliance posture for operational and executive review |
Data Retention and Report Accuracy¶
The platform retains all certificate records, audit events, and operational data permanently. Reports run against this complete historical dataset, so results are accurate regardless of when certificates were issued, renewed, revoked, or expired. See the Data Retention Policy for details.
SIEM Integration¶
For organisations that prefer to consume platform data within an external Security Information and Event Management (SIEM) system, the platform supports four integration methods: webhook delivery, cloud storage export, REST API, and syslog forwarding. SIEM integration is complementary to built-in reports and allows correlation of Zaita events with data from other systems. See SIEM Integration for details.
Next Steps¶
- Review the Available Reports to understand what data is accessible.
- See Generating Reports for step-by-step instructions and parameter reference.
- See Scheduled Reports to configure automatic report delivery.
- Assign the Report Operator role to users who need reporting access without administrative permissions.