Creating a basic report involves the following steps:
There are additional configuration steps for the following types of reports:
After you complete a basic report configuration, you will have the option to configure additional properties, such as those for distributing the report.
You will have the options to either save and run the report, or just to save it for future use. For example, if you have a saved report and want to run it one time with an additional site in it, you could add the site, save and run, return it to the original configuration, and then just save. See Viewing, editing, and running reports .
The Security Console displays the Create a report panel.
The Create a report panel
pci
and the display will change to display only PCI templates.Search results are dependent on the template type, either Document or Export templates. If you are unsure which template type you require, make sure you select All to search all available templates.
Search report templates
Note: Resetting the Search templates field by clicking the close X displays all templates in alphabetical order.
The Security Console displays template thumbnail images that you can browse, depending on the template type you selected. If you selected the All option, you will be able to browse all available templates. Click the scroll arrows on the left and the right to browse the templates.
You can roll over the name of any template to view a description.
Selecting a report template
You also can click the Preview icon in the lower right corner of any thumbnail (highlighted in the preceding screen shot) to enlarge and click through a preview of template. This can be helpful to see what kind of sections or information the template provides.
When you see the see the desired template, click the thumbnail. It becomes highlighted and displays a Selected label in the top, right corner.
Tip: See descriptions of all available report templates to help you select the best template for your needs.
If you are using the PCI Attestation of Compliance or PCI Executive Summary template, or a custom template made with sections from either of these templates, you can only use the RTF format. These two templates require ASVs to fill in certain sections manually.
To change the default language of reports, click your user name in the upper-right corner, select User Preferences, and select a language from the drop-down list. The newly selected default will apply to reports that you create after making this change. Reports created prior to the change retain their original language, unless you update them in the report configuration.
Configuring a CyberScope XML Export report
When configuring a CyberScope XML Export report, you must enter additional information, as indicated in the CyberScope Automated Data Feeds Submission Manual published by the U.S. Office of Management and Budget. The information identifies the entity submitting the data:
Consult the CyberScope Automated Data Feeds Submission Manual for more information.
You must enter information in all three fields.
If you are creating one of the XCCDF reports, and you have selected one of the XCCDF formatted templates on the Create a report panel take the following steps:
Note: You cannot filter vulnerabilities by category if you are creating an XCCDF or CyberScope XML report.
Select an XCCDF formatted report template
The Policies option only appears when you select one of the XCCDF formats in the Template section of the Create a report panel.
Note: As described in Selecting Policy Manager checks, the major policy groups regularly release updated policy checks. The XCCDF report template will only generate reports that include the updated policy. To be able to run a report of this type on a scan that includes a policy that just changed, re-run the scan.
Use the Asset Reporting Format (ARF) export template to submit policy or benchmark scan results to the U.S. government in compliance with Security Content Automation Protocol (SCAP) 1.2 requirements. To do so, take the following steps:
Note: To run ARF reports you must first run scans that have been configured to save SCAP data. See Selecting Policy Manager checks for more information.
The report appears on the View reports page.
Select Report Scope panel
Tip: The asset selection options are not mutually exclusive. You can combine selections of sites, asset groups, and individual assets.
If you selected Assets, the Security Console displays search filters. Select a filter, an operator, and then a value.
For example, if you want to report on assets running Windows operating systems, select the operating system filter and the contains operator. Then enter Windows in the text field.
To add more filters to the search, click the + icon and configure your new filter.
Select an option to match any or all of the specified filters. Matching any filters typically returns a larger set of results. Matching all filters typically returns a smaller set of results because multiple criteria make the search more specific.
Click the check box for any displayed asset to select it. You also can click the check box in the top row to select all options.
Selecting assets to report on
The Scope section
Filtering vulnerabilities means including or excluding specific vulnerabilities in a report. Doing so makes the report scope more focused, allowing stakeholders in your organization to see security-related information that is most important to them. For example, a chief security officer may only want to see critical vulnerabilities when assessing risk. Or you may want to filter out potential vulnerabilities from a CSV export report that you deliver to your remediation team.
You can also filter vulnerabilities based on category to improve your organization’s remediation process. For example, a security administrator can filter vulnerabilities to make a report specific to a team or to a risk that requires attention. The security administrator can create reports that contain information about a specific type of vulnerability or vulnerabilities in a specific list of categories.
Reports can also be created to exclude a type of vulnerability or a list of categories. For example, if there is an Adobe Acrobat vulnerability in your environment that is addressed with a scheduled patching process, you can run a report that contains all vulnerabilities except those Adobe Acrobat vulnerabilities. This provides a report that is easier to read as unnecessary information has been filtered out.
Note: You can manage vulnerability filters through the API. See the API guide for more information.
Organizations that have distributed IT departments may need to disseminate vulnerability reports to multiple teams or departments. For the information in those reports to be the most effective, the information should be specific for the team receiving it. For example, a security administrator can produce remediation reports for the Oracle database team that only include vulnerabilities that affect the Oracle database. These streamlined reports will enable the team to more effectively prioritize their remediation efforts.
A security administrator can filter by vulnerability category to create reports that indicate how widespread a vulnerability is in an environment, or which assets have vulnerabilities that are not being addressed during patching. The security administrator can also include a list of historical vulnerabilities on an asset after a scan template has been edited. These reports can be used to monitor compliance status and to ensure that remediation efforts are effective.
The following document report template sections can include filtered vulnerability information:
Therefore, report templates that contain these sections can include filtered vulnerability information. See Fine-tuning information with custom report templates.
The following export templates can include filtered vulnerability information:
Vulnerability filtering is not supported in the following report templates:
To filter vulnerability information, take the following steps:
Options appear for vulnerability filters.
Select Vulnerability Filters section
Certain templates allow you to include only validated vulnerabilities in reports: Basic Vulnerability Check Results (CSV), XML Export, XML Export 2.0, Top 10 Assets by Vulnerabilities, Top 10 Assets by Vulnerability Risk, Top Remediations, Top Remediations with Details, and Vulnerability Trends. Learn more about Working with validated vulnerabilities .
Select Vulnerability Filters section with option to include only validated vulnerabilities
These are not PCI severity levels or CVSS scores. They map to numeric severity rankings that are assigned by the application and displayed in the Vulnerability Listing table of the Vulnerabilities page. Scores range from 1 to 10:
1-3=Moderate; 4-7=Severe; and 8-10=Critical.
If you want to include only positive check results, select the Vulnerable option.
You can filter positive results based on how they were determined by selecting any of the check boxes for result types:
If you choose to include all categories, skip the following step.
Tip: Categories that are named for manufacturers, such as Microsoft, can serve as supersets of categories that are named for their products. For example, if you filter by the Microsoft category, you inherently include all Microsoft product categories, such as Microsoft Path and Microsoft Windows. This applies to other "company" categories, such as Adobe, Apple, and Mozilla.To view the vulnerabilities in a category see Configuration steps for vulnerability check settings.
Selecting vulnerability categories by clicking check boxes
Click the text box to display a window that lists all available categories. Enter part or all a category name in the Filter: text box, and select the categories from the list that appears. If you enter a name that applies to multiple categories, all those categories appear. For example, you type Adobe or ado, several Adobe categories appear. As you select categories, they appear in the text field at the bottom of the window.
Filter by category list
If you use either or both methods, all your selections appear in a field at the bottom of the selection window. When the list includes all desired categories, click outside of the window to return to the Scope page. The selected categories appear in the text box.
Selected vulnerability categories appear in the Scope section
Note: Existing reports will include all vulnerabilities unless you edit them to filter by vulnerability category.
You can run the completed report immediately on a one-time basis, configure it to run after every scan, or schedule it to run on a repeating basis. The third option is useful if you have an asset group containing assets that are assigned to many different sites, each with a different scan template. Since these assets will be scanned frequently, it makes sense to run recurring reports automatically.
To configure report frequency, take the following steps:
If you selected either of the first two options, ignore the following steps.
If you selected the scheduling option, the Security Console displays controls for configuring a schedule.
OR
Select the date from the calendar widget.
If you select months on the specified date, the report will run every month on the selected calendar date. For example, if you schedule a report to run on October 15, the report will run on October 15 every month.
If you select months on the specified day of the month, the report will run every month on the same ordinal weekday. For example, if you schedule the first report to run on October 15, which is the third Monday of the month, the report will run every third Monday of the month.
Creating a report schedule
The frequency with which you schedule and distribute reports depends your business needs and security policies. You may want to run quarterly executive reports. You may want to run monthly vulnerability reports to anticipate the release of Microsoft hotfix patches. Compliance programs, such as PCI, impose their own schedules.
The amount of time required to generate a report depends on the number of included live IP addresses the number of included vulnerabilities—if vulnerabilities are being included—and the level of details in the report template. Generating a PDF report for 100-plus hosts with 2500-plus vulnerabilities takes fewer than 10 seconds.
The application can generate reports simultaneously, with each report request spawning a new thread. Technically, there is no limit on the number supported concurrent reports. This means that you can schedule reports to run simultaneously as needed. Note that generating a large number of concurrent reports—20 or more—can take significantly more time than usual.
The remediation plan templates provide information for assessing the highest impact remediation solutions. You can use the Remediation Display settings to specify the number of solutions you want to see in a report. The default is 25 solutions, but you can set the number from 1 to 1000 as you require. Keep in mind that if the number is too high you may have a report with an unwieldy level of data and too low you may miss some important solutions for your assets.
You can also specify the criteria for sorting data in your report. Solutions can be sorted by Affected asset, Risk score, Remediated vulnerabilities, Remediated vulnerabilities with known exploits, and Remediated vulnerabilities with malware kits.
Remediation display settings
The Vulnerability Trends template provides information about how vulnerabilities in your environment have changed have changed over time. You can configure the time range for the report to see if you are improving your security posture and where you can make improvements. To ensure readability of the report and clarity of the charts there is a limit of 15 data points that can be included in the report. The time range you set controls the number of data points that appear in the report. For example, you can set your date range for a weekly interval for a two-month period, and you will have eight data points in your report.
Note: Ensure you schedule adequate time to run this report template because of the large amount of data that it aggregates. Each data point is the equivalent of a complete report. It may take a long time to complete.
To configure the time range of the report, use the following procedure:
To set a custom range, enter a start date, end date, and specify the interval, either days, months, or years.
Vulnerability trend date range
After you complete a basic report configuration, you will have the option to configure additional properties, such as those for distributing the report. You can access those properties by clicking Configure advanced settings...
If you have configured the report to run in the future, either by selecting Run a recurring report after every scan or Run a recurring report in a schedule in the Frequency section (see Configuring report frequency), you can save the report configuration by clicking Save the report or run it once immediately by clicking Save & run the report. Even if you configure the report to run automatically with one of the frequency settings, you can run the report manually any time you want if the need arises. See Viewing, editing, and running reports .
If you configured the report to run immediately on a one-time basis, you will also see buttons allowing you to either save and run the report, or just to save it. See Viewing, editing, and running reports .
Saving or saving and running a one-time report
Designating an earlier scan as a baseline for comparison against future scans allows you to track changes in your network. Possible changes between scans include newly discovered assets, services and vulnerabilities; assets and services that are no longer available; and vulnerabilities that were mitigated or remediated.
You must select the Baseline Comparison report template in order to be able to define a baseline. See Starting a new report configuration .
Baseline scan selection