> ## Documentation Index
> Fetch the complete documentation index at: https://docs.petrasecurity.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Threat Remediation Report

> White-label PDF report.

## Downloading the Threat Remediation Report

1. From the **Homepage**, navigate to the **Incidents** tab located at the top navigation bar.
2. Open the incident.
3. Click the **Download Report** button in the top right corner of the incident page.

<Frame caption="">
  <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/download-incident-report.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=c4894f3604c0f06b9574210b6347bc2e" width="3420" height="1892" data-path="images/download-incident-report.png" />
</Frame>

## Report Contents

<Frame caption="Improved White-label Threat Remediation Report">
  <img src="https://mintcdn.com/petrasecurity-7f411ce9/v2OWWC-gCEvr839N/images/dfir_pdf_export.png?fit=max&auto=format&n=v2OWWC-gCEvr839N&q=85&s=b0b634316f07fb4ee6b0897fcda74e27" alt="Improved White-label Threat Remediation Report" width="3294" height="2062" data-path="images/dfir_pdf_export.png" />
</Frame>

The report includes:

* Executive Summary with a chronological narrative split into **before the compromise** (how the attacker gained access) and **after the compromise** (what the attacker did once inside)
* Incident tags showing the nature and scope of the attack (for example, Phishing, AiTM, Brute Force, Business Email Compromise, Data Exfiltration, Sent Out Emails, Used Inbox Rules). These tags match exactly what appears on the incident page in the web application.
* Impact of the attack, including duration and number of accessed resources
* Attack timeline, including the phishing email and the attacker's activity

## Customizing Report Branding

Threat remediation reports use the same white-label branding as tenant reports. To update the logo, organization name, or contact email that appear in the PDF, go to **Settings → Branding**. See [Customizing Report Branding](/reporting/tenant-report#customizing-report-branding) for details.

## Redacted Incident Reports

A **Redacted PDF Report** strips out all client-identifying information from the incident report so you can share real compromise data with prospects and other clients without exposing sensitive details. It's the same forensic depth as the standard report (attack timeline, blast radius, persistence mechanisms, phishing evidence), with all PII replaced by redaction blocks.

What gets redacted:

* User emails and display names
* Email subjects and body content
* File names and document paths
* App names and IDs
* Inbox rule names and conditions
* IP addresses and location data

What stays visible:

* Incident tags (Phishing, AiTM, Brute Force, BEC, Data Exfiltration, etc.)
* Counts and statistics (emails accessed, documents touched, etc.)
* Dates and timestamps
* Remediation status (Deleted, Disabled badges)
* Section structure and attack narrative

<Frame caption="Redacted Incident PDF">
  <img src="https://mintcdn.com/petrasecurity-7f411ce9/Kd9BJXavT5ZVee5B/images/redacted_incident_pdf.png?fit=max&auto=format&n=Kd9BJXavT5ZVee5B&q=85&s=5c983a44ab9fd61b0d3db2c02711bbef" width="1338" height="1390" data-path="images/redacted_incident_pdf.png" />
</Frame>

### Downloading the Redacted Report

1. Open the incident.
2. Click the **Download Report** button in the top right corner.
3. Select **Redacted PDF Report** from the dropdown.

<Frame caption="Download Redacted PDF Report">
  <img src="https://mintcdn.com/petrasecurity-7f411ce9/zLiMGzuYfWtP2S4x/images/download_redacted_pdf_report.png?fit=max&auto=format&n=zLiMGzuYfWtP2S4x&q=85&s=93261161260bb6735c577e40d4697d77" width="3454" height="1564" data-path="images/download_redacted_pdf_report.png" />
</Frame>

### Using Redacted Reports for Prospecting

Redacted incident reports are one of the most effective prospecting tools available. When pitching to a prospect, you can pull up a real compromise from another client's environment — with every piece of identifying information hidden — and walk through exactly what an attacker did, how long they were active, and what Petra caught. The story is real; the client remains anonymous.

<Tip>
  If you've onboarded a prospect's tenant and have Scan or Autopsy results, pair the redacted report from a similar client with the [Prospecting Report](/reporting/prospecting-report) to show both the threat landscape and a concrete example of Petra catching it in real time.
</Tip>

## Sample Report

If you're curious, here's a sample report: [Sample Threat Remediation Report](https://na2.hubs.ly/y0swGh0)
