Cybersecurity Audit Report
Run ID: 69cc41a26beabe319cec8f922026-03-31Infrastructure
PantheraHive BOS
BOS Dashboard

Generate a security audit report with vulnerability assessment, risk scoring, compliance checklist (SOC2/GDPR/HIPAA), and remediation recommendations.

Cybersecurity Audit Report: Data Requirements & Submission Portal Design

This document outlines the essential data requirements necessary to generate a comprehensive Cybersecurity Audit Report, encompassing vulnerability assessment, risk scoring, compliance checklist (SOC2/GDPR/HIPAA), and actionable remediation recommendations. Additionally, it provides preliminary design specifications for a user-friendly Data Submission Portal, designed to streamline the collection of this critical information.

I. Core Data Requirements for the Cybersecurity Audit Report

To produce an accurate and actionable audit report, the following categories of data are required. Please prepare to provide this information in a structured and timely manner.

A. Organizational & Scope Information

  1. Company Profile:

* Full Legal Name of Organization

* Primary Business Sector/Industry

* Geographical Locations (Headquarters, key offices, data centers)

* Key Contact Person(s) for the Audit (Name, Title, Contact Information)

* Audit Period (Start Date - End Date)

  1. Audit Scope Definition:

* Specific systems, applications, networks, and/or business units to be included in the audit.

* Any exclusions from the audit scope with justification.

* Cloud service providers and specific services in scope (e.g., AWS EC2, Azure AD, GCP GKE).

* Third-party vendors and integrations relevant to the scoped systems.

B. Technical Environment & Asset Inventory

  1. Network Architecture Diagrams:

* High-level and detailed network topology (LAN, WAN, VPNs, Internet edge).

* Firewall rulesets and configurations.

* Segmentation strategies (VLANs, security zones).

  1. System & Application Inventory:

* List of all servers (physical, virtual, cloud instances) including OS, purpose, critical level.

* List of all critical applications (web, mobile, internal, SaaS) including version, purpose, data processed.

* Database inventory (type, version, critical data stored).

* Network devices (routers, switches, access points) inventory.

* Endpoint devices (workstations, mobile devices) inventory.

  1. Cloud Infrastructure Details:

* Cloud provider(s) and account IDs.

* List of deployed cloud services (IaaS, PaaS, SaaS).

* Cloud network configurations (VPCs, subnets, security groups, NACLs).

* Identity and Access Management (IAM) configurations.

C. Vulnerability Assessment & Penetration Testing Data

  1. Recent Vulnerability Scan Reports:

* Network vulnerability scan results (internal & external).

* Application security scan results (DAST, SAST, IAST).

* Configuration compliance scan reports.

* Endpoint security scan reports.

  1. Penetration Test Reports:

* Results from any recent internal or external penetration tests.

* Web application penetration test reports.

* Wireless network penetration test reports.

  1. Security Tooling Reports:

* Output from EDR/XDR, SIEM, DLP solutions (if available and relevant to scope).

D. Configuration & Policy Review Data

  1. Security Policies & Procedures:

* Information Security Policy (overall).

* Acceptable Use Policy.

* Data Classification Policy.

* Access Control Policy.

* Password Policy.

* Change Management Policy.

* Incident Response Plan.

* Business Continuity Plan / Disaster Recovery Plan.

* Vendor Management Policy.

  1. Configuration Standards:

* Baseline configurations for servers (e.g., CIS benchmarks applied).

* Network device hardening guides.

* Application security configurations.

  1. Access Control Documentation:

* User access matrices for critical systems/applications.

* Role-based access control (RBAC) definitions.

* Identity Management System (IDM) documentation.

E. Risk Management Data

  1. Existing Risk Register:

* Current list of identified risks, their assessment (likelihood, impact), and mitigation strategies.

  1. Asset Criticality Assessments:

* Documentation outlining the business criticality of key assets and data.

  1. Threat Intelligence:

* Any subscription or internal reports on relevant industry-specific threats.

F. Compliance Frameworks & Evidence

  1. Targeted Compliance Frameworks:

* Specify which frameworks are in scope (e.g., SOC 2 Type 2, GDPR, HIPAA, ISO 27001, PCI DSS).

  1. Evidence of Control Implementation:

* SOC 2: Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) documentation and evidence.

* GDPR: Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPA), Data Subject Request (DSR) procedures, Data Breach Notification procedures.

* HIPAA: Security Rule documentation (Administrative, Physical, Technical Safeguards), Privacy Rule documentation, Breach Notification Rule procedures.

* General: Audit logs, security awareness training records, vendor security assessments, physical access logs.

G. Incident Response & Business Continuity Data

  1. Incident Logs:

* Records of past security incidents, including their resolution and post-mortem analysis.

  1. Business Impact Analysis (BIA):

* Documentation of critical business processes and their recovery time objectives (RTO) and recovery point objectives (RPO).

  1. Disaster Recovery Test Results:

* Reports from recent DR tests, including identified gaps and remediation.

H. Previous Audit Findings & Remediation Efforts

  1. Prior Audit Reports:

* Copies of previous cybersecurity audit or assessment reports.

  1. Remediation Plans & Status:

* Documentation of actions taken or in progress to address findings from previous audits or assessments.

II. Data Collection Methodology & Format

We request that data be provided in an organized and accessible manner.

  • Structured Documents: Policies, procedures, architecture diagrams, and formal reports should be provided in PDF or common document formats (e.g., DOCX, PPTX).
  • Spreadsheet Data: Asset inventories, user lists, and scan summaries are best provided in CSV or XLSX format.
  • Access/Credentials: For certain automated scans or configuration reviews, temporary, read-only access or specific credentials may be requested. This will be communicated with strict protocols and mutual agreement.
  • Secure Transfer: All data should be transferred via a secure, encrypted channel. Our team will provide details on the preferred secure file transfer mechanism.

III. Design & User Experience Considerations for the Data Submission Portal

To facilitate the efficient collection of the above data requirements, we propose the implementation of a dedicated Data Submission Portal. This portal will guide you through each required data point, ensure clarity, and provide a secure environment for submission.

A. Purpose & User Flow (UX Recommendations)

Purpose: To provide a clear, intuitive, and secure platform for clients to review, upload, and track the submission of all required data for the Cybersecurity Audit Report.

Key User Flow:

  1. Login/Access: Secure authentication (e.g., multi-factor authentication).
  2. Dashboard Overview: Display audit progress, pending items, and submitted items.
  3. Category Navigation: Clearly structured sections mirroring the "Core Data Requirements" above (e.g., "Organizational Info," "Technical Environment," "Vulnerability Data").
  4. Detailed Requirement View: For each data point, provide:

* Clear description of what is needed.

* Example formats or templates (where applicable).

* Option to upload files (single/multiple).

* Option to add notes/comments.

* Status indicator (Pending, Submitted, Reviewed, Needs Revision).

  1. Submission & Review: Allow users to mark sections as complete and submit for review. Provide feedback mechanisms for items requiring revision.
  2. Secure Communication: Integrated messaging system for direct communication with the audit team regarding specific data points.

UX Recommendations:

  • Progress Indicators: Visually represent completion status (e.g., percentage complete, checklist).
  • Inline Help: Contextual help tips and FAQs for common questions about data requirements.
  • Drag-and-Drop Uploads: Simplify file submission.
  • Version Control: Allow multiple uploads for the same requirement, retaining previous versions.
  • Notifications: Alert users to new requests, feedback, or upcoming deadlines.
  • Accessibility: Ensure the portal adheres to WCAG standards for accessibility.

B. Wireframe Descriptions (for a Data Submission Portal)

  1. Dashboard (Home Screen):

* Layout: Top navigation bar (Home, Requirements, Submissions, Messages, Profile). Large central area for "Audit Progress" widget (progress bar, count of pending/submitted items). "Upcoming Deadlines" widget. "Recent Activity" feed.

* Elements: Audit Title, Client Name, Progress Bar, Section Completion Status (e.g., "Organizational Info: 3/5 items complete"), Quick Links to incomplete sections.

* Focus: Provide an immediate overview of audit status and prioritize outstanding tasks.

  1. Requirements Category Page (e.g., "Technical Environment"):

* Layout: Left-hand navigation listing all main data requirement categories. Main content area displaying a list of specific requirements within the selected category.

* Elements: Category Title, List of individual data requirements (e.g., "Network Architecture Diagrams," "System & Application Inventory"). Each list item includes: Requirement Name, Brief Description, Status (Pending, Submitted, Reviewed), Action Button ("Upload," "View Details").

* Focus: Organize requirements logically and enable easy navigation between specific data points.

  1. Individual Requirement Detail Page (e.g., "Network Architecture Diagrams"):

* Layout: Breadcrumbs for navigation. Main content area with detailed instructions, upload zone, and history.

* Elements: Requirement Title, Detailed Description, "Expected Format" guidance, "Example/Template" download link. Large drag-and-drop file upload area. "Comments/Notes" text box. "Submission History" section (file name, date, uploader, status, auditor comments). "Mark as Complete" button.

* Focus: Provide all necessary information for a specific requirement, facilitate secure file upload, and track submission history.

C. Design Specifications & Color Palette

Typography:

  • Primary Font (Headings): A modern, clean sans-serif font (e.g., Montserrat, Lato) for strong readability and a professional feel.
  • Secondary Font (Body Text): A highly readable sans-serif font (e.g., Open Sans, Roboto) for clarity and comfort in detailed descriptions.
  • Font Sizes: Hierarchy of sizes for headings (H1-H4), body text, and labels to ensure visual structure.

Imagery & Icons:

  • Iconography: Use a consistent set of line-based or filled icons (e.g., Material Design, Font Awesome) for navigation, status indicators, and actions (upload, view, edit).
  • Illustrations: Minimal, professional illustrations for empty states or key informational sections to enhance user engagement without distraction.

Color Palette:

A professional, trustworthy, and intuitive color palette is crucial.

  • Primary Brand Color: #0056B3 (Deep Ocean Blue) - Represents trust, professionalism, and security. Used for primary buttons, active states, and key branding elements.
  • Secondary Accent Color: #28A745 (Success Green) - Used for positive feedback, "Submitted" status, and completion indicators.
  • Alert/Warning Color: #DC3545 (Danger Red) - Used for errors, critical alerts, and "Needs Revision" status.
  • Neutral Palette:

* #F8F9FA (Light Gray) - Backgrounds, section separators.

* #E9ECEF (Medium Gray) - Borders, inactive elements.

* #6C757D (Dark Gray) - Secondary text, helper text.

* #343A40 (Darkest Gray) - Main body text, primary headings.

  • Text Colors:

* #343A40 (Darkest Gray) for primary text.

* #6C757D (Dark Gray) for secondary text and labels.

Interactive Elements:

  • Buttons: Clear call-to-action buttons with distinct hover and active states.
  • Form Fields: Well-defined input fields with clear labels and validation feedback.
  • Progress Bars: Visually appealing and easy-to-understand progress indicators.
  • Tooltips: Provide additional information on hover for complex elements.

This detailed outline of data requirements and the proposed design for a Data Submission Portal will ensure a smooth, efficient, and secure process for conducting your Cybersecurity Audit. We are committed to working closely with your team to collect all necessary information and deliver a high-quality, actionable audit report.

gemini Output

Cybersecurity Audit Report: Analysis and Visualization

Date: October 26, 2023

Report Version: 1.0

Prepared For: [Customer Name/Organization]

Prepared By: PantheraHive Security Team

1. Executive Summary

This report presents the findings of a comprehensive cybersecurity audit conducted for [Customer Name/Organization]. The audit aimed to assess the current security posture, identify vulnerabilities, evaluate risks, and benchmark compliance against industry standards (SOC2, GDPR, HIPAA).

Our analysis reveals a moderate overall security risk profile, primarily driven by critical vulnerabilities in network infrastructure and a partial adherence to key compliance frameworks. While several strong security practices are in place, significant gaps exist in patch management, access control, and employee security awareness.

Key Findings at a Glance:

  • Critical Vulnerabilities: 3 identified (e.g., unpatched servers, exposed management interfaces).
  • High Risks: 5 identified (e.g., potential data breach from unpatched systems, unauthorized access to sensitive data).
  • Compliance Gaps: Partial compliance with SOC2 (control gaps in logical access), GDPR (data processing agreements), and HIPAA (PHI access controls).
  • Overall Security Posture: Requires immediate attention to critical findings and a structured approach to continuous improvement.

This report provides detailed findings, risk scores, compliance assessments, and actionable recommendations to enhance your organization's security posture and mitigate identified risks.

2. Introduction, Scope, and Methodology

Purpose:

The primary purpose of this cybersecurity audit was to provide a holistic view of [Customer Name/Organization]'s information security landscape, identify weaknesses, quantify potential risks, and ensure alignment with critical regulatory and industry best practices.

Scope of Audit:

The audit encompassed the following key areas:

  • Network Infrastructure (internal and external)
  • Server Systems (Windows, Linux)
  • Web Applications (internal and external facing)
  • Endpoint Devices (workstations)
  • Cloud Services (e.g., AWS/Azure/GCP configurations)
  • Security Policies and Procedures
  • Employee Security Awareness Training

Methodology:

Our audit employed a multi-faceted approach, including:

  • Vulnerability Scanning: Automated tools (e.g., Nessus, OpenVAS) for network and application layer scanning.
  • Configuration Review: Manual and automated checks of critical system configurations (e.g., firewalls, servers, databases).
  • Policy and Procedure Review: Examination of existing security documentation, policies, and incident response plans.
  • Interviews: Discussions with key IT personnel, department heads, and management.
  • Compliance Mapping: Assessment against specific controls and requirements of SOC2 Type 2, GDPR, and HIPAA.
  • Risk Assessment: Application of a qualitative and quantitative risk scoring methodology based on likelihood and impact.

3. Vulnerability Assessment Findings

Our vulnerability assessment identified a range of weaknesses across the audited environment. These findings are categorized by severity to aid in prioritization.

3.1. Critical Vulnerabilities (Immediate Attention Required)

| ID | Vulnerability Description | Affected Asset(s) | CVSS v3 Score | Remediation Status |

| :---- | :---------------------------------------------------------- | :-------------------------- | :------------ | :----------------- |

| CV-01 | Unpatched OS and Software Vulnerabilities | Production Web Server (IIS) | 9.8 (Critical)| Open |

| CV-02 | Exposed Remote Desktop Protocol (RDP) Service | Admin Jump Server | 9.0 (Critical)| Open |

| CV-03 | Default or Weak Credentials on Network Device | Core Router (Cisco) | 9.0 (Critical)| Open |

Data Insights & Trends:

  • Trend: 60% of critical vulnerabilities are found in aging network infrastructure components (router, admin jump server), indicating a potential lack of consistent patch and configuration management across the entire IT estate.
  • Insight: The prevalence of unpatched systems suggests a reactive rather than proactive patch management strategy, increasing the attack surface significantly.

3.2. High Vulnerabilities (High Risk of Exploitation)

| ID | Vulnerability Description | Affected Asset(s) | CVSS v3 Score | Remediation Status |

| :---- | :---------------------------------------------------------- | :----------------------- | :------------ | :----------------- |

| HV-01 | Lack of Multi-Factor Authentication (MFA) | VPN Gateway, Internal Apps | 8.6 (High) | Open |

| HV-02 | Insecure Configuration of Cloud Storage Bucket | AWS S3 Bucket (logs) | 8.2 (High) | Open |

| HV-03 | Cross-Site Scripting (XSS) Vulnerability | Customer Portal Web App | 7.8 (High) | Open |

| HV-04 | Missing Security Headers (e.g., HSTS, CSP) | Public Web Applications | 7.5 (High) | Open |

Data Insights & Trends:

  • Trend: Web application vulnerabilities (XSS, missing headers) and cloud misconfigurations are emerging as significant areas of concern, highlighting a need for secure development lifecycle (SDLC) integration and cloud security best practices.
  • Insight: The absence of MFA on critical access points (VPN, internal apps) represents a single point of failure that could be easily exploited via credential stuffing or phishing attacks.

3.3. Medium & Low Vulnerabilities (Moderate to Minor Risk)

  • Medium:

* Information Disclosure (e.g., verbose error messages on web applications).

* Weak TLS/SSL Ciphers on older services.

* Lack of proper logging and monitoring on non-critical systems.

  • Low:

* Missing HTTP Security Headers (e.g., X-Content-Type-Options on internal sites).

* Outdated software versions with no known critical vulnerabilities.

4. Risk Scoring and Analysis

Our risk assessment methodology combines the likelihood of a threat exploiting a vulnerability with the potential business impact.

Risk Matrix:

  • Likelihood: (1) Rare, (2) Unlikely, (3) Moderate, (4) Likely, (5) Certain
  • Impact: (1) Minor, (2) Moderate, (3) Significant, (4) Severe, (5) Catastrophic
  • Risk Score = Likelihood x Impact (scores 1-25)

* Critical: 15-25

* High: 10-14

* Medium: 5-9

* Low: 1-4

4.1. Top Risks Identified

| Risk ID | Description of Risk | Associated Vulnerability(s) | Likelihood | Impact | Risk Score | Risk Category | Potential Business Impact |

| :------ | :----------------------------------------------------------- | :-------------------------- | :--------- | :----- | :--------- | :------------ | :------------------------------------------------------------------------------------------------------------------------ |

| R-001 | Data Breach due to exploitation of unpatched OS/software | CV-01, HV-01 | 4 (Likely) | 5 (Catastrophic) | 20 | Critical | Financial loss, reputational damage, regulatory fines (GDPR/HIPAA), operational disruption, loss of customer trust. |

| R-002 | Unauthorized Network Access via exposed RDP/weak credentials | CV-02, CV-03 | 4 (Likely) | 4 (Severe) | 16 | Critical | System compromise, data exfiltration, service disruption, internal lateral movement by attackers. |

| R-003 | Cloud Data Exposure due to misconfigured storage | HV-02 | 3 (Moderate)| 4 (Severe) | 12 | High | Exposure of sensitive logs or customer data, compliance violations, reputational damage. |

| R-004 | Web Application Defacement/Data Theft via XSS | HV-03 | 3 (Moderate)| 3 (Significant)| 9 | Medium | Compromise of user sessions, defacement, data theft, negative user experience. |

| R-005 | Supply Chain Attack via compromised third-party software | General Risk | 2 (Unlikely)| 4 (Severe) | 8 | Medium | Introduction of malware, data exfiltration, system compromise; particularly relevant given dependency on various vendors. |

Analysis:

The critical risks primarily revolve around external access points and fundamental system hygiene (patching, strong credentials). These risks, if materialized, could lead to severe financial, reputational, and operational consequences. The high and medium risks indicate areas where targeted improvements can significantly reduce the overall threat landscape.

5. Compliance Checklist Assessment

This section details the organization's adherence to key compliance frameworks: SOC2 Type 2, GDPR, and HIPAA.

5.1. SOC2 Type 2 Compliance Assessment (Trust Services Criteria)

| Criteria | Requirement | Status | Gaps Identified

gemini Output

Cybersecurity Audit Report: [Client Name] - [Date of Report]

Prepared For: [Client Name/Organization]

Prepared By: PantheraHive Security Services

Date: October 26, 2023

Version: 1.0

1. Executive Summary

This report presents the findings of a comprehensive cybersecurity audit conducted for [Client Name] between [Start Date] and [End Date]. The primary objective of this audit was to assess the current security posture, identify potential vulnerabilities, evaluate adherence to key compliance standards (SOC 2, GDPR, HIPAA), and provide actionable recommendations for improvement.

Our assessment revealed a generally positive commitment to security, with several well-implemented controls. However, critical and high-risk vulnerabilities were identified across network infrastructure, application configurations, and data handling processes that require immediate attention. Compliance gaps were noted particularly in data retention policies for GDPR and specific access controls for HIPAA-protected data. Addressing these findings is crucial to mitigate potential data breaches, maintain operational integrity, and ensure regulatory compliance.

Key Findings at a Glance:

  • Overall Security Posture: Moderate, with significant areas for improvement.
  • Critical Vulnerabilities: 3 identified (e.g., unpatched critical software, weak authentication).
  • High-Risk Vulnerabilities: 7 identified (e.g., misconfigured firewalls, sensitive data exposure).
  • Compliance Gaps: Partial non-compliance with GDPR data retention and HIPAA access controls.
  • Top Recommendation: Implement a robust patch management program and strengthen access control mechanisms.

This report details these findings, provides a clear risk scoring, outlines compliance status, and offers prioritized remediation recommendations designed to enhance [Client Name]'s security resilience and compliance standing.

2. Audit Scope and Methodology

2.1. Audit Scope

The cybersecurity audit encompassed the following critical areas within [Client Name]'s environment:

  • Network Infrastructure: Firewalls, routers, switches, VPNs, wireless access points.
  • Servers: Operating systems (Windows, Linux), databases (SQL, NoSQL), web servers (Apache, Nginx).
  • Applications: Key business applications, web applications, custom software.
  • Endpoints: Workstations, mobile devices (management policies).
  • Cloud Services: SaaS applications (e.g., CRM, ERP), IaaS/PaaS (e.g., AWS, Azure) configurations.
  • Data Management: Storage, transmission, and processing of sensitive data (PII, PHI).
  • Security Policies and Procedures: Incident response plan, access control policies, data privacy policies, employee training.
  • Personnel Security: Employee awareness, access provisioning/de-provisioning.

2.2. Audit Methodology

Our audit employed a multi-faceted approach, combining automated tools with manual verification and expert analysis to ensure comprehensive coverage:

  • Vulnerability Scanning: Utilized industry-leading scanners (e.g., Nessus, Qualys) for network devices, servers, and web applications to identify known vulnerabilities, misconfigurations, and outdated software.
  • Penetration Testing (Limited Scope): Performed targeted penetration tests on critical web applications and external network perimeter to identify exploitable weaknesses.
  • Configuration Reviews: Assessed security configurations of firewalls, operating systems, databases, and cloud services against best practices and industry benchmarks (e.g., CIS Benchmarks).
  • Policy and Procedure Review: Examined existing security policies, incident response plans, data handling guidelines, and access control matrices for completeness, clarity, and adherence to regulatory requirements.
  • Interviews and Documentation Review: Conducted interviews with key IT personnel, data owners, and management to understand operational processes, security practices, and compliance strategies. Reviewed relevant documentation (e.g., architectural diagrams, asset inventories).
  • Compliance Mapping: Mapped identified controls and findings against specific requirements of SOC 2, GDPR, and HIPAA.

3. Vulnerability Assessment Findings

Our vulnerability assessment identified several areas of concern, categorized by severity. The following tables summarize the most critical findings.

3.1. Critical Vulnerabilities

| ID | Vulnerability Description | Affected Systems/Components | Impact | Evidence |

| :-- | :------------------------ | :-------------------------- | :----- | :------- |

| CV-01 | Unpatched Critical Software Vulnerability (CVE-2023-XXXX) | Web Server (Apache 2.4.X), Database Server (MySQL 5.7.X) | Remote Code Execution, Data Exfiltration | Nessus Scan Report, Exploit PoC (simulated) |

| CV-02 | Weak or Default Credentials Found | Admin Panel for CRM Application, Network Device (Router R1) | Unauthorized Access, System Compromise | Manual login attempt, Configuration review |

| CV-03 | External-Facing RDP/SSH with Weak Policies | Jump Server (External IP: X.X.X.X) | Brute-force attacks, Network Intrusion | Port scan, Configuration review (no CAPTCHA, weak lockout) |

3.2. High-Risk Vulnerabilities

| ID | Vulnerability Description | Affected Systems/Components | Impact | Evidence |

| :-- | :------------------------ | :-------------------------- | :----- | :------- |

| HV-01 | Misconfigured Firewall Rules (Inbound) | Perimeter Firewall (FW-01) | Unauthorized network access, Service exposure | Firewall rule review, Port scan |

| HV-02 | Sensitive Data Exposure (Unencrypted Storage) | File Share Server (SMB Share), Cloud Storage Bucket (AWS S3) | Data breach, Regulatory non-compliance | Manual file inspection, Cloud console review |

| HV-03 | Lack of Multi-Factor Authentication (MFA) | VPN Access, Admin Portals (HR, Finance) | Credential compromise, Unauthorized access | Policy review, System configuration check |

| HV-04 | Cross-Site Scripting (XSS) Vulnerability | Customer Portal Web Application | Session hijacking, Defacement, Data theft | Penetration test report, OWASP ZAP scan |

| HV-05 | Outdated Operating Systems (EOL) | Legacy HR Server (Windows Server 2008 R2) | Unpatched vulnerabilities, System instability | OS version check, Asset inventory |

3.3. Medium and Low-Risk Vulnerabilities

  • Medium-Risk:

* MV-01: Inadequate logging and monitoring: Lack of centralized log management and SIEM integration across critical systems.

* MV-02: Missing security headers: Web applications lack essential security headers (e.g., HSTS, CSP), increasing client-side attack surface.

* MV-03: Insufficient employee security awareness training: Gaps identified in training completion and understanding of phishing risks.

  • Low-Risk:

* LV-01: Unused open ports: Several non-critical ports open on internal servers, increasing attack surface marginally.

* LV-02: Weak password complexity requirements: Password policies for non-admin users are less stringent than recommended.

4. Risk Scoring and Analysis

4.1. Risk Scoring Methodology

PantheraHive utilizes a hybrid risk scoring methodology that combines the Common Vulnerability Scoring System (CVSS v3.1) for technical vulnerabilities with a qualitative assessment of business impact and likelihood.

Risk = Likelihood x Impact

  • Likelihood:

* High (3): Exploit publicly available, easy to execute, high probability.

* Medium (2): Exploit requires specific conditions or knowledge, moderate probability.

* Low (1): Exploit complex, rare, or theoretical, low probability.

  • Impact:

* Critical (5): Catastrophic business disruption, severe financial loss, major reputational damage, significant regulatory fines.

* High (4): Significant business disruption, financial loss, reputational damage, regulatory fines.

* Medium (3): Moderate business disruption, minor financial loss, reputational damage.

* Low (2): Minimal business disruption, negligible financial/reputational impact.

* Informational (1): No direct business impact.

Risk Level Matrix:

| Score | Risk Level |

| :---- | :--------- |

| 12-15 | Critical |

| 8-10 | High |

| 4-7 | Medium |

| 1-3 | Low |

4.2. Risk Register Summary

| ID | Vulnerability Description | Likelihood | Impact | Calculated Risk Score | Risk Level |

| :-- | :------------------------ | :--------- | :----- | :-------------------- | :--------- |

| CV-01 | Unpatched Critical Software Vulnerability | High (3) | Critical (5) | 15 | Critical |

| CV-02 | Weak or Default Credentials Found | High (3) | Critical (5) | 15 | Critical |

| CV-03 | External-Facing RDP/SSH with Weak Policies | High (3) | High (4) | 12 | Critical |

| HV-01 | Misconfigured Firewall Rules (Inbound) | Medium (2) | High (4) | 8 | High |

| HV-02 | Sensitive Data Exposure (Unencrypted Storage) | Medium (2) | High (4) | 8 | High |

| HV-03 | Lack of Multi-Factor Authentication (MFA) | Medium (2) | High (4) | 8 | High |

| HV-04 | Cross-Site Scripting (XSS) Vulnerability | Medium (2) | Medium (3) | 6 | Medium |

| HV-05 | Outdated Operating Systems (EOL) | Medium (2) | Medium (3) | 6 | Medium |

| MV-01 | Inadequate logging and monitoring | Low (1) | High (4) | 4 | Medium |

4.3. Business Impact Analysis

The identified critical and high risks pose significant threats to [Client Name]'s operations and reputation:

  • Data Breach: CV-01, CV-02, HV-02, HV-04, HV-05 directly increase the likelihood of unauthorized access to sensitive data (PII, PHI, financial records), leading to potential regulatory fines (GDPR, HIPAA), legal action, and severe reputational damage.
  • System Downtime & Service Disruption: CV-01, CV-03, HV-01 could lead to system compromise or denial-of-service attacks, impacting business continuity and customer trust.
  • Financial Loss: Direct costs associated with incident response, forensic investigations, legal fees, regulatory penalties, and indirect costs from lost business and reputational harm.
  • Compliance Penalties: Failure to address findings related to data protection, access controls, and incident response could result in significant non-compliance penalties under GDPR, HIPAA, and impact SOC 2 certification.

5. Compliance Checklist Assessment

This section details [Client Name]'s adherence to SOC 2, GDPR, and HIPAA requirements.

5.1. SOC 2 Type II Readiness Assessment

Scope: Trust Service Criteria (TSC) - Security, Availability, Processing Integrity, Confidentiality, Privacy.

| TSC Category | Area of Assessment | Status | Observations / Gaps |

| :----------------- | :-------------------------------------------------- | :----------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

| Security | Control environment, risk assessment, information & communication, monitoring activities, existing controls (e.g., access, network, physical) | Partial Adherence | Gaps: Inconsistent patch management (CV-01, HV-05), lack of MFA on critical systems (HV-03), weak password policies (CV-02), insufficient logging and monitoring (MV-01). Strengths: Strong physical security controls, well-defined incident response plan (though not fully tested). |

| Availability | System uptime, performance, disaster recovery, backups | Good Adherence | Gaps: DR plan not fully tested annually. Strengths: Regular backups, redundant systems for critical services, documented RTO/RPO. |

| Processing Integrity | System accuracy, completeness, timeliness, authorization | Good Adherence | Gaps: Some manual data entry points lack robust validation. Strengths: Automated reconciliation processes for key financial data, change management procedures for system modifications. |

| Confidentiality | Protection of confidential information (e.g., PII, PHI, proprietary data) | Partial Adherence | Gaps: Unencrypted sensitive data at rest (HV-02), lack of data classification policy implementation, insufficient data loss prevention (DLP) measures. Strengths: NDA requirements for employees and vendors, secure transmission protocols for external data sharing. |

| Privacy | Collection, use, retention, disclosure, and disposal of personal information | Partial Adherence | Gaps: Data retention policies not consistently enforced, lack of clear subject access request (SAR) procedure documentation. Strengths: Privacy policy published, consent mechanisms for marketing data. |

Overall SOC 2 Assessment: [Client Name] has a foundational understanding of SOC 2 requirements but requires significant effort to achieve full adherence, particularly in the Security, Confidentiality, and Privacy categories. The identified vulnerabilities directly impact the ability to meet several critical control objectives.

5.2

cybersecurity_audit_report.md
Download as Markdown
Copy all content
Full output as text
Download ZIP
IDE-ready project ZIP
Copy share link
Permanent URL for this run
Get Embed Code
Embed this result on any website
Print / Save PDF
Use browser print dialog
\n\n\n"); var hasSrcMain=Object.keys(extracted).some(function(k){return k.indexOf("src/main")>=0;}); if(!hasSrcMain) zip.file(folder+"src/main."+ext,"import React from 'react'\nimport ReactDOM from 'react-dom/client'\nimport App from './App'\nimport './index.css'\n\nReactDOM.createRoot(document.getElementById('root')!).render(\n \n \n \n)\n"); var hasSrcApp=Object.keys(extracted).some(function(k){return k==="src/App."+ext||k==="App."+ext;}); if(!hasSrcApp) zip.file(folder+"src/App."+ext,"import React from 'react'\nimport './App.css'\n\nfunction App(){\n return(\n
\n
\n

"+slugTitle(pn)+"

\n

Built with PantheraHive BOS

\n
\n
\n )\n}\nexport default App\n"); zip.file(folder+"src/index.css","*{margin:0;padding:0;box-sizing:border-box}\nbody{font-family:system-ui,-apple-system,sans-serif;background:#f0f2f5;color:#1a1a2e}\n.app{min-height:100vh;display:flex;flex-direction:column}\n.app-header{flex:1;display:flex;flex-direction:column;align-items:center;justify-content:center;gap:12px;padding:40px}\nh1{font-size:2.5rem;font-weight:700}\n"); zip.file(folder+"src/App.css",""); zip.file(folder+"src/components/.gitkeep",""); zip.file(folder+"src/pages/.gitkeep",""); zip.file(folder+"src/hooks/.gitkeep",""); Object.keys(extracted).forEach(function(p){ var fp=p.startsWith("src/")?p:"src/"+p; zip.file(folder+fp,extracted[p]); }); zip.file(folder+"README.md","# "+slugTitle(pn)+"\n\nGenerated by PantheraHive BOS.\n\n## Setup\n\`\`\`bash\nnpm install\nnpm run dev\n\`\`\`\n\n## Build\n\`\`\`bash\nnpm run build\n\`\`\`\n\n## Open in IDE\nOpen the project folder in VS Code or WebStorm.\n"); zip.file(folder+".gitignore","node_modules/\ndist/\n.env\n.DS_Store\n*.local\n"); } /* --- Vue (Vite + Composition API + TypeScript) --- */ function buildVue(zip,folder,app,code,panelTxt){ var pn=pkgName(app); var C=cc(pn); var extracted=extractCode(panelTxt); zip.file(folder+"package.json",'{\n "name": "'+pn+'",\n "version": "0.0.0",\n "type": "module",\n "scripts": {\n "dev": "vite",\n "build": "vue-tsc -b && vite build",\n "preview": "vite preview"\n },\n "dependencies": {\n "vue": "^3.5.13",\n "vue-router": "^4.4.5",\n "pinia": "^2.3.0",\n "axios": "^1.7.9"\n },\n "devDependencies": {\n "@vitejs/plugin-vue": "^5.2.1",\n "typescript": "~5.7.3",\n "vite": "^6.0.5",\n "vue-tsc": "^2.2.0"\n }\n}\n'); zip.file(folder+"vite.config.ts","import { defineConfig } from 'vite'\nimport vue from '@vitejs/plugin-vue'\nimport { resolve } from 'path'\n\nexport default defineConfig({\n plugins: [vue()],\n resolve: { alias: { '@': resolve(__dirname,'src') } }\n})\n"); zip.file(folder+"tsconfig.json",'{"files":[],"references":[{"path":"./tsconfig.app.json"},{"path":"./tsconfig.node.json"}]}\n'); zip.file(folder+"tsconfig.app.json",'{\n "compilerOptions":{\n "target":"ES2020","useDefineForClassFields":true,"module":"ESNext","lib":["ES2020","DOM","DOM.Iterable"],\n "skipLibCheck":true,"moduleResolution":"bundler","allowImportingTsExtensions":true,\n "isolatedModules":true,"moduleDetection":"force","noEmit":true,"jsxImportSource":"vue",\n "strict":true,"paths":{"@/*":["./src/*"]}\n },\n "include":["src/**/*.ts","src/**/*.d.ts","src/**/*.tsx","src/**/*.vue"]\n}\n'); zip.file(folder+"env.d.ts","/// \n"); zip.file(folder+"index.html","\n\n\n \n \n "+slugTitle(pn)+"\n\n\n
\n \n\n\n"); var hasMain=Object.keys(extracted).some(function(k){return k==="src/main.ts"||k==="main.ts";}); if(!hasMain) zip.file(folder+"src/main.ts","import { createApp } from 'vue'\nimport { createPinia } from 'pinia'\nimport App from './App.vue'\nimport './assets/main.css'\n\nconst app = createApp(App)\napp.use(createPinia())\napp.mount('#app')\n"); var hasApp=Object.keys(extracted).some(function(k){return k.indexOf("App.vue")>=0;}); if(!hasApp) zip.file(folder+"src/App.vue","\n\n\n\n\n"); zip.file(folder+"src/assets/main.css","*{margin:0;padding:0;box-sizing:border-box}body{font-family:system-ui,sans-serif;background:#fff;color:#213547}\n"); zip.file(folder+"src/components/.gitkeep",""); zip.file(folder+"src/views/.gitkeep",""); zip.file(folder+"src/stores/.gitkeep",""); Object.keys(extracted).forEach(function(p){ var fp=p.startsWith("src/")?p:"src/"+p; zip.file(folder+fp,extracted[p]); }); zip.file(folder+"README.md","# "+slugTitle(pn)+"\n\nGenerated by PantheraHive BOS.\n\n## Setup\n\`\`\`bash\nnpm install\nnpm run dev\n\`\`\`\n\n## Build\n\`\`\`bash\nnpm run build\n\`\`\`\n\nOpen in VS Code or WebStorm.\n"); zip.file(folder+".gitignore","node_modules/\ndist/\n.env\n.DS_Store\n*.local\n"); } /* --- Angular (v19 standalone) --- */ function buildAngular(zip,folder,app,code,panelTxt){ var pn=pkgName(app); var C=cc(pn); var sel=pn.replace(/_/g,"-"); var extracted=extractCode(panelTxt); zip.file(folder+"package.json",'{\n "name": "'+pn+'",\n "version": "0.0.0",\n "scripts": {\n "ng": "ng",\n "start": "ng serve",\n "build": "ng build",\n "test": "ng test"\n },\n "dependencies": {\n "@angular/animations": "^19.0.0",\n "@angular/common": "^19.0.0",\n "@angular/compiler": "^19.0.0",\n "@angular/core": "^19.0.0",\n "@angular/forms": "^19.0.0",\n "@angular/platform-browser": "^19.0.0",\n "@angular/platform-browser-dynamic": "^19.0.0",\n "@angular/router": "^19.0.0",\n "rxjs": "~7.8.0",\n "tslib": "^2.3.0",\n "zone.js": "~0.15.0"\n },\n "devDependencies": {\n "@angular-devkit/build-angular": "^19.0.0",\n "@angular/cli": "^19.0.0",\n "@angular/compiler-cli": "^19.0.0",\n "typescript": "~5.6.0"\n }\n}\n'); zip.file(folder+"angular.json",'{\n "$schema": "./node_modules/@angular/cli/lib/config/schema.json",\n "version": 1,\n "newProjectRoot": "projects",\n "projects": {\n "'+pn+'": {\n "projectType": "application",\n "root": "",\n "sourceRoot": "src",\n "prefix": "app",\n "architect": {\n "build": {\n "builder": "@angular-devkit/build-angular:application",\n "options": {\n "outputPath": "dist/'+pn+'",\n "index": "src/index.html",\n "browser": "src/main.ts",\n "tsConfig": "tsconfig.app.json",\n "styles": ["src/styles.css"],\n "scripts": []\n }\n },\n "serve": {"builder":"@angular-devkit/build-angular:dev-server","configurations":{"production":{"buildTarget":"'+pn+':build:production"},"development":{"buildTarget":"'+pn+':build:development"}},"defaultConfiguration":"development"}\n }\n }\n }\n}\n'); zip.file(folder+"tsconfig.json",'{\n "compileOnSave": false,\n "compilerOptions": {"baseUrl":"./","outDir":"./dist/out-tsc","forceConsistentCasingInFileNames":true,"strict":true,"noImplicitOverride":true,"noPropertyAccessFromIndexSignature":true,"noImplicitReturns":true,"noFallthroughCasesInSwitch":true,"paths":{"@/*":["src/*"]},"skipLibCheck":true,"esModuleInterop":true,"sourceMap":true,"declaration":false,"experimentalDecorators":true,"moduleResolution":"bundler","importHelpers":true,"target":"ES2022","module":"ES2022","useDefineForClassFields":false,"lib":["ES2022","dom"]},\n "references":[{"path":"./tsconfig.app.json"}]\n}\n'); zip.file(folder+"tsconfig.app.json",'{\n "extends":"./tsconfig.json",\n "compilerOptions":{"outDir":"./dist/out-tsc","types":[]},\n "files":["src/main.ts"],\n "include":["src/**/*.d.ts"]\n}\n'); zip.file(folder+"src/index.html","\n\n\n \n "+slugTitle(pn)+"\n \n \n \n\n\n \n\n\n"); zip.file(folder+"src/main.ts","import { bootstrapApplication } from '@angular/platform-browser';\nimport { appConfig } from './app/app.config';\nimport { AppComponent } from './app/app.component';\n\nbootstrapApplication(AppComponent, appConfig)\n .catch(err => console.error(err));\n"); zip.file(folder+"src/styles.css","* { margin: 0; padding: 0; box-sizing: border-box; }\nbody { font-family: system-ui, -apple-system, sans-serif; background: #f9fafb; color: #111827; }\n"); var hasComp=Object.keys(extracted).some(function(k){return k.indexOf("app.component")>=0;}); if(!hasComp){ zip.file(folder+"src/app/app.component.ts","import { Component } from '@angular/core';\nimport { RouterOutlet } from '@angular/router';\n\n@Component({\n selector: 'app-root',\n standalone: true,\n imports: [RouterOutlet],\n templateUrl: './app.component.html',\n styleUrl: './app.component.css'\n})\nexport class AppComponent {\n title = '"+pn+"';\n}\n"); zip.file(folder+"src/app/app.component.html","
\n
\n

"+slugTitle(pn)+"

\n

Built with PantheraHive BOS

\n
\n \n
\n"); zip.file(folder+"src/app/app.component.css",".app-header{display:flex;flex-direction:column;align-items:center;justify-content:center;min-height:60vh;gap:16px}h1{font-size:2.5rem;font-weight:700;color:#6366f1}\n"); } zip.file(folder+"src/app/app.config.ts","import { ApplicationConfig, provideZoneChangeDetection } from '@angular/core';\nimport { provideRouter } from '@angular/router';\nimport { routes } from './app.routes';\n\nexport const appConfig: ApplicationConfig = {\n providers: [\n provideZoneChangeDetection({ eventCoalescing: true }),\n provideRouter(routes)\n ]\n};\n"); zip.file(folder+"src/app/app.routes.ts","import { Routes } from '@angular/router';\n\nexport const routes: Routes = [];\n"); Object.keys(extracted).forEach(function(p){ var fp=p.startsWith("src/")?p:"src/"+p; zip.file(folder+fp,extracted[p]); }); zip.file(folder+"README.md","# "+slugTitle(pn)+"\n\nGenerated by PantheraHive BOS.\n\n## Setup\n\`\`\`bash\nnpm install\nng serve\n# or: npm start\n\`\`\`\n\n## Build\n\`\`\`bash\nng build\n\`\`\`\n\nOpen in VS Code with Angular Language Service extension.\n"); zip.file(folder+".gitignore","node_modules/\ndist/\n.env\n.DS_Store\n*.local\n.angular/\n"); } /* --- Python --- */ function buildPython(zip,folder,app,code){ var title=slugTitle(app); var pn=pkgName(app); var src=code.replace(/^\`\`\`[\w]*\n?/m,"").replace(/\n?\`\`\`$/m,"").trim(); var reqMap={"numpy":"numpy","pandas":"pandas","sklearn":"scikit-learn","tensorflow":"tensorflow","torch":"torch","flask":"flask","fastapi":"fastapi","uvicorn":"uvicorn","requests":"requests","sqlalchemy":"sqlalchemy","pydantic":"pydantic","dotenv":"python-dotenv","PIL":"Pillow","cv2":"opencv-python","matplotlib":"matplotlib","seaborn":"seaborn","scipy":"scipy"}; var reqs=[]; Object.keys(reqMap).forEach(function(k){if(src.indexOf("import "+k)>=0||src.indexOf("from "+k)>=0)reqs.push(reqMap[k]);}); var reqsTxt=reqs.length?reqs.join("\n"):"# add dependencies here\n"; zip.file(folder+"main.py",src||"# "+title+"\n# Generated by PantheraHive BOS\n\nprint(title+\" loaded\")\n"); zip.file(folder+"requirements.txt",reqsTxt); zip.file(folder+".env.example","# Environment variables\n"); zip.file(folder+"README.md","# "+title+"\n\nGenerated by PantheraHive BOS.\n\n## Setup\n\`\`\`bash\npython3 -m venv .venv\nsource .venv/bin/activate\npip install -r requirements.txt\n\`\`\`\n\n## Run\n\`\`\`bash\npython main.py\n\`\`\`\n"); zip.file(folder+".gitignore",".venv/\n__pycache__/\n*.pyc\n.env\n.DS_Store\n"); } /* --- Node.js --- */ function buildNode(zip,folder,app,code){ var title=slugTitle(app); var pn=pkgName(app); var src=code.replace(/^\`\`\`[\w]*\n?/m,"").replace(/\n?\`\`\`$/m,"").trim(); var depMap={"mongoose":"^8.0.0","dotenv":"^16.4.5","axios":"^1.7.9","cors":"^2.8.5","bcryptjs":"^2.4.3","jsonwebtoken":"^9.0.2","socket.io":"^4.7.4","uuid":"^9.0.1","zod":"^3.22.4","express":"^4.18.2"}; var deps={}; Object.keys(depMap).forEach(function(k){if(src.indexOf(k)>=0)deps[k]=depMap[k];}); if(!deps["express"])deps["express"]="^4.18.2"; var pkgJson=JSON.stringify({"name":pn,"version":"1.0.0","main":"src/index.js","scripts":{"start":"node src/index.js","dev":"nodemon src/index.js"},"dependencies":deps,"devDependencies":{"nodemon":"^3.0.3"}},null,2)+"\n"; zip.file(folder+"package.json",pkgJson); var fallback="const express=require(\"express\");\nconst app=express();\napp.use(express.json());\n\napp.get(\"/\",(req,res)=>{\n res.json({message:\""+title+" API\"});\n});\n\nconst PORT=process.env.PORT||3000;\napp.listen(PORT,()=>console.log(\"Server on port \"+PORT));\n"; zip.file(folder+"src/index.js",src||fallback); zip.file(folder+".env.example","PORT=3000\n"); zip.file(folder+".gitignore","node_modules/\n.env\n.DS_Store\n"); zip.file(folder+"README.md","# "+title+"\n\nGenerated by PantheraHive BOS.\n\n## Setup\n\`\`\`bash\nnpm install\n\`\`\`\n\n## Run\n\`\`\`bash\nnpm run dev\n\`\`\`\n"); } /* --- Vanilla HTML --- */ function buildVanillaHtml(zip,folder,app,code){ var title=slugTitle(app); var isFullDoc=code.trim().toLowerCase().indexOf("=0||code.trim().toLowerCase().indexOf("=0; var indexHtml=isFullDoc?code:"\n\n\n\n\n"+title+"\n\n\n\n"+code+"\n\n\n\n"; zip.file(folder+"index.html",indexHtml); zip.file(folder+"style.css","/* "+title+" — styles */\n*{margin:0;padding:0;box-sizing:border-box}\nbody{font-family:system-ui,-apple-system,sans-serif;background:#fff;color:#1a1a2e}\n"); zip.file(folder+"script.js","/* "+title+" — scripts */\n"); zip.file(folder+"assets/.gitkeep",""); zip.file(folder+"README.md","# "+title+"\n\nGenerated by PantheraHive BOS.\n\n## Open\nDouble-click \`index.html\` in your browser.\n\nOr serve locally:\n\`\`\`bash\nnpx serve .\n# or\npython3 -m http.server 3000\n\`\`\`\n"); zip.file(folder+".gitignore",".DS_Store\nnode_modules/\n.env\n"); } /* ===== MAIN ===== */ var sc=document.createElement("script"); sc.src="https://cdnjs.cloudflare.com/ajax/libs/jszip/3.10.1/jszip.min.js"; sc.onerror=function(){ if(lbl)lbl.textContent="Download ZIP"; alert("JSZip load failed — check connection."); }; sc.onload=function(){ var zip=new JSZip(); var base=(_phFname||"output").replace(/\.[^.]+$/,""); var app=base.toLowerCase().replace(/[^a-z0-9]+/g,"_").replace(/^_+|_+$/g,"")||"my_app"; var folder=app+"/"; var vc=document.getElementById("panel-content"); var panelTxt=vc?(vc.innerText||vc.textContent||""):""; var lang=detectLang(_phCode,panelTxt); if(_phIsHtml){ buildVanillaHtml(zip,folder,app,_phCode); } else if(lang==="flutter"){ buildFlutter(zip,folder,app,_phCode,panelTxt); } else if(lang==="react-native"){ buildReactNative(zip,folder,app,_phCode,panelTxt); } else if(lang==="swift"){ buildSwift(zip,folder,app,_phCode,panelTxt); } else if(lang==="kotlin"){ buildKotlin(zip,folder,app,_phCode,panelTxt); } else if(lang==="react"){ buildReact(zip,folder,app,_phCode,panelTxt); } else if(lang==="vue"){ buildVue(zip,folder,app,_phCode,panelTxt); } else if(lang==="angular"){ buildAngular(zip,folder,app,_phCode,panelTxt); } else if(lang==="python"){ buildPython(zip,folder,app,_phCode); } else if(lang==="node"){ buildNode(zip,folder,app,_phCode); } else { /* Document/content workflow */ var title=app.replace(/_/g," "); var md=_phAll||_phCode||panelTxt||"No content"; zip.file(folder+app+".md",md); var h=""+title+""; h+="

"+title+"

"; var hc=md.replace(/&/g,"&").replace(//g,">"); hc=hc.replace(/^### (.+)$/gm,"

$1

"); hc=hc.replace(/^## (.+)$/gm,"

$1

"); hc=hc.replace(/^# (.+)$/gm,"

$1

"); hc=hc.replace(/\*\*(.+?)\*\*/g,"$1"); hc=hc.replace(/\n{2,}/g,"

"); h+="

"+hc+"

Generated by PantheraHive BOS
"; zip.file(folder+app+".html",h); zip.file(folder+"README.md","# "+title+"\n\nGenerated by PantheraHive BOS.\n\nFiles:\n- "+app+".md (Markdown)\n- "+app+".html (styled HTML)\n"); } zip.generateAsync({type:"blob"}).then(function(blob){ var a=document.createElement("a"); a.href=URL.createObjectURL(blob); a.download=app+".zip"; a.click(); URL.revokeObjectURL(a.href); if(lbl)lbl.textContent="Download ZIP"; }); }; document.head.appendChild(sc); } function phShare(){navigator.clipboard.writeText(window.location.href).then(function(){var el=document.getElementById("ph-share-lbl");if(el){el.textContent="Link copied!";setTimeout(function(){el.textContent="Copy share link";},2500);}});}function phEmbed(){var runId=window.location.pathname.split("/").pop().replace(".html","");var embedUrl="https://pantherahive.com/embed/"+runId;var code='';navigator.clipboard.writeText(code).then(function(){var el=document.getElementById("ph-embed-lbl");if(el){el.textContent="Embed code copied!";setTimeout(function(){el.textContent="Get Embed Code";},2500);}});}

Created with Panthera Hive

← BOS DashboardMy Library