CSV Reports

When a scan completes, ADG generates:

These reports can be emailed to administrators and are also written to the file system.

✉️ Email Delivery

Field	Description
startDate	Scan start date (format: YYYY-MM-DD HH:MM:SS).
runType	Indicates whether the scan was Manual or Scheduled.
sAMAccountName	The user’s `sAMAccountName` attribute.
userPrincipalName	The user’s UPN.
displayName	The user’s display name.
emailAddress	The user’s primary email address (`mail` attribute).
status	The type of match detected (Exact, Banned, Fuzzy, IDLink, etc.).
action	The remediation action applied.
actionStatus	The status of the remediation action.
spyCloudEntrySourceSite	Breach site where the record originated.
spyCloudEntrySourceDesc	Description of the breach source.
exposureCount	For Password-Only matches: how many times the password appeared in SpyCloud’s dataset.
exclusion	Indicates if the account matched but was excluded from remediation.
exclusionDetails	The collection or condition that caused the exclusion.

🔎
Note: If extended AD attributes are configured, they will also be included in the Scan Report CSV.

Field	Description
sAMAccountNames	Comma-separated list of accounts sharing the same password.
count	Number of accounts using that shared password.

CSV reports are saved locally in:

C:\ProgramData\SpyCloud\AD Guardian\7\Reports

Filenames are timestamped for traceability.
Naming conventions:
- Scan Report_YYYYMMDD_<ScanID>.csv
- Shared Password Report_YYYYMMDD_<ScanID>.csv

⚠️
You will not see a Shared Password Report if that option was not selected during the scan.

These CSV files are ideal for automation pipelines. They can be ingested by:

Once ingested, you can: