Skip to main content

threat-report

The threat-report is an AI-driven reporting tool that generates a comprehensive cyber threat intelligence report within Canva automated security workflows. It consolidates multiple intelligence domains into a single, executive-ready document covering an executive summary, the incident landscape, threat actor behaviour, attack techniques and malware trends, ransomware activity, and the top trending CVEs for a chosen sector and time window.

Ideal Use Cases & Fit

This tool excels at periodic threat landscape reporting, such as monthly or quarterly briefings tailored to a specific industry sector and aimed at security leadership. It is well suited to producing shareable, presentation-grade deliverables that summarise the threat environment across several domains at once. It is less applicable for real-time alerting or for single-indicator lookups, where a more focused, targeted tool would be appropriate.

Value in Workflows

Integrating threat-report into security workflows adds value at the reporting and post-processing stages, where disparate intelligence findings are synthesised into a coherent narrative. By automatically drafting and assembling each section into a styled report, it allows teams to deliver consistent, repeatable threat briefings on a regular cadence. The tool can produce a polished PDF or HTML document for distribution, or structured JSON for incorporation into downstream pipelines and knowledge bases.

Input Data

The threat-report accepts the following input data:

  • Format: Optional configuration file in JSON
  • Function: Override the report configuration (sector, date range, and candidate count)
  • Required fields: None
  • Example: {"sector": "finance", "from_date": "2026-03-15", "to_date": "2026-04-14", "candidate_count": 12}

When provided, the configuration file takes precedence over the equivalent parameters. The file is optional: if it is absent, empty, or malformed, it is ignored and the report falls back to the parameter values.

Configuration

  • sector: Target sector for the report. Choose from all, finance, government, energy, health, technology, hospitality, telco, or retail. Selecting all applies no sector filtering.
  • from-date: Start of the reporting window.
  • to-date: End of the reporting window.
  • output-format: Final artifact format. Choose pdf for a rendered report, html for a styled web version, or json for the assembled report data without rendering.
  • candidate-count: Maximum number of key-incident timeline entries to include in the report.

This structured approach lets workflow builders tailor the scope, period, and presentation of each briefing to their specific reporting needs. Updated: 2026-06-12