1. In Central, go to Configuration > Security Center.
2. Type your MFA code to confirm your identify.
3. Select a report and click Download.

   Only the past six reports are available. Earlier reports are automatically deleted.

   

Your report is downloaded as an Excel file.

The first Security Center report summarizes in an Excel workbook the suspected credentials (those that match the list of the 200 most commonly used passwords) that are discovered within your account. All subsequent reports contain only any remaining or new suspected credentials that have been identified based on the list of 200 most commonly used passwords. The Security Center report contains a summary sheet and a sheet for each of the nine areas within Central that are scanned. The report only contains sheets where suspected credentials have been identified. Below is a summary of what each scanned area within Central is used for and where suspected credentials may be stored within each.

Summary

Provides an overview of where suspected credentials have been identified in the nine locations within Central that are scanned. The Total column contains the number of suspected credentials remaining in a specific Central area. The Plus column contains the number of new suspected credentials that were introduced since the previous report was generated. The Minus column contains the number of suspected credentials that have been resolved since the previous report was generated. In your first report, you'll see the total number of suspected credentials in the Plus column.

Computer notes

You can create notes about your hosts either on the Computers page ( in the Note column) or on the Computer Properties page ( General Settings tab).

Installation Package

When you create an installation package to deploy the host software to multiple computers, you should add a description to your package. To see the description, go to Deployment and select an installation package. Check the Description field for suspected credentials.

Installation Package Note

When you create an installation package, you can add personal notes. To find such notes, go to Deployment and select an installation package. Check the Your personal notes field for suspected credentials.

One2Many Task script

When you run PowerShell commands on your remote computers, those commands may include suspected credentials. To find your One2Many scripts, go to One2Many > Tasks and select the task listed in the Excel sheet. Your script is in the Command to execute field.

One2Many log file path

When you set up a One2Many task to run a batch file or an executable, you can define a path to your log file. Security Center scans for suspected credentials in your folder path. To find your One2Many log file path, go to One2Many > Tasks and select the task listed in the Excel sheet. You can find the log file path in the Use custom log file field

One2Many Task note

You can add notes to any One2Many task. To find task notes, go to One2Many > Tasks and select the task listed in the Excel sheet. Check the Notes field for suspected credentials.

One2Many Task note (History)

You can add notes to One2Many tasks before you run those. These notes are stored in a read-only history; therefore, you cannot edit them, even if they contain suspected credentials. In this case, you should get in touch with the impacted users and ask them to change their passwords.

One2Many Run plan note (History)

Every time you run a One2Many plan, you can add a note to that plan. These notes are stored in a read-only history; therefore, you cannot edit them, even if they contain suspected credentials. In this case, you should get in touch with the impacted users and ask them to change their passwords.

Journal on Dashboard

Lists journal entries created directly on the Dashboard of your computers. To view a computer's journal, open its Dashboard and click the Journal heading on the right.

Note: You cannot delete journal entries. If you suspect there are credentials stored in a computer's journal, you should change those credentials at the appropriate place.

Who can download Security Center reports?

Master Account Holders and users who are explicitly granted all permissions can download a report. When a user group has Grant All Permissions selected on the Properties page, users do not inherit that setting.

Important: The Security Center report includes the suspected credentials in plain text.

I can't find a past report in Security Center.

You can find reports from the past six months only and no reports from before the first report was generated. Earlier reports are automatically deleted. There were no reports generated before May 2023.

Is there a way to automatically email this report to the Master Account Holder?

No. You can only download it from the Security Center.

Can I run a report any time?

No. These Security Center reports are generated automatically on a monthly basis.

If the Security Center report shows that there are no suspected credentials found, does that guarantee there are no credentials stored in Central in plain text?

No. These reports only identify where one of the 200 most commonly used passwords may be stored in plain text within Central. These reports are meant to aid in identifying credentials stored in plain text, but have a limited scope and cannot be relied upon to identify all credentials stored in plain text.