Generate findings report in XLS and PDF format

[dechkovanen]

The scripts already create PDF and XLS files with selected baseline. However, these do not include the information about the findings, which has to be presented to other people using other methods.

I'm suggesting a new generate_audit_report script, which would generate the almost same PDF and XLS files - after all, why reinvent the wheel - but include the audit result data. There should also be an optional switch to omit the detection/remediation instructions to make it more "executive friendly".

XLS sheet could only include new column "Finding" with TRUE or FALSE and conditional formatting (true red, false green). This should be located pretty far left in the sheet.

PDF could include a text box below each title with green or red background with text "Finding (dd-mm-yyyy): True/False)".

These would be extremely helpful to present the finding data to customers and clients. Sadly I'm lacking Python skills and the time to learn it so I'm unable to do a PR but I would assume it should not be a massive undertaking to combine the audit results from the plist into the existing XLS/PDF generation code.

[jmahlman]

I don't see the benefit of this as Audit findings would be per device. The purpose of the documentation is to show how you secure the devices. Audit reports need to be completely separate as it relies on the tools you use to collect that information.

[brodjieski]

Hello! There is already a utility script that is included that will generate an XLS and HTML report of the findings on a system. While rather simple, it's an example of what could be done to produce a report of some sort.

https://github.com/usnistgov/macos_security/tree/main/scripts/util

There may be folks in the community who have tackled this as well. I would check in the #macos_security_compliance channel in the MacAdmins Slack to see if someone has built anything like this.