Sample weekly report
This is an illustrative example using fictional data. "Riverbend Electric Cooperative", its assets, domains, addresses (documentation ranges), and people are invented for demonstration. Real reports contain only your own monitored assets.
Every week (or on demand), Moat Watcher watches your internet-facing footprint and tells you, in plain language, what changed. Reports are delivered as a password-protected ZIP with a CHANGES summary plus the full report in PDF, Markdown, CSV, and HTML.
Riverbend Electric Cooperative — week of 2026-06-29
Summary: 2 Critical 3 High 5 Medium 2 Info
What changed since your last report
New (1)
- [High] A look-alike domain
riverbendelectric-coop.examplegained a mail (MX) record — now capable of sending phishing that impersonates you.
Changed (1)
- [Medium] The TLS certificate on
portal.riverbend-coop.examplenow expires in 12 days (was 74).
Resolved (1)
- [High] The previously-exposed management interface on
198.51.100.10is no longer reachable. Nice.
Vulnerabilities (your devices)
[Critical] Edge firewall fw-edge-01 (Cisco ASA 5525-X)
is end-of-support and matches 2 actively-exploited CVEs (CISA KEV). Plan replacement;
restrict management access meanwhile.
[Critical] Internet-facing appliance on 203.0.113.20
matches CVE-2026-XXXX (CVSS 9.8, KEV). Patch to the fixed release.
Exposure
[High] Unexpected exposure: gw-scada-01
(203.0.113.30) is declared as "should not be externally visible" but a service was
observed on 502/tcp. Confirm and close if unintended.
Certificates
[Medium] portal.riverbend-coop.example certificate
expires in 12 days (issuer: Let's Encrypt). Renew to avoid an outage.
Roster exposure
[High] A monitored address for Jordan Ellis (SCADA lead) appeared in a credential breach that included passwords. Force a reset and enable MFA.
Look-alike / typosquat domains
7 look-alike domains detected; 2 are mail-capable (highest risk for
payment-diversion / phishing), e.g. riverbendelectric-coop.example,
rlverbend-coop.example.
Email authentication
[Medium] riverbend-coop.example publishes
DMARC p=none and no MTA-STS — strengthen to reduce spoofing.
Threat-landscape digest
3 new CISA KEV entries and 5 new ICS advisories in the last 7 days (industry-wide awareness, independent of your assets).
Declared inventory
| Name | IP | Product | State | Vuln monitoring |
|---|---|---|---|---|
| fw-edge-01 | 203.0.113.10 | Cisco ASA 5525-X (EOL) | Confirmed | KEV match |
| gw-scada-01 | 203.0.113.30 | Control gateway | Unexpected exposure | OK |
| portal-01 | 198.51.100.20 | Web portal | Confirmed | OK |