Select Reports > Assessment Reports
When an assessment report for a policy template or security check run completes, you can view the results in Assessments Reports.
Depending on the type of assessment, you can drill down into the results to determine which endpoints and groups failed security checks, and how. You can select endpoints, then re-run the failed checks for those endpoints only.
For more information about this software product, see the NetIQ Secure Configuration Manager documentation.
Assessment reports contain results for a single policy template or security check run. The Overview provides a high-level view of how the selected assets comply with the technical standards and organizational policies represented by the policy template.
NOTE: If an assessment results in an error for an endpoint, the Web console displays a compliance or risk score of -1 for the endpoint / security check combination that caused the error. The error might indicate that the endpoint needs to be re-registered, the security check failed to function appropriately, or the agent lost communication with the endpoint or Core Services.
Depending on the type of policy template run, you might see the following data in the report:
Displays the overall compliance of the endpoints based on the data collected for the policy template. A compliant asset meets your organization’s policies for assessment, operation, and control of systems and resources according to security standards, best practices, and regulatory requirements.
Each policy template has a specific range of compliance risk scores that Secure Configuration Manager uses as a baseline when calculating endpoint results. If an endpoint is compliant, then its risk score is lower than the out-of-compliance risk score range. An unknown compliance indicates incomplete data for the endpoint. Data might not be available because the some security checks do not apply to an endpoint, Secure Configuration Manager was unable to connect to the agent, or an endpoint returned errors.
Summarizes the risk or vulnerability state of the endpoints and groups associated with the report.
The report displays risk-based results when the policy template tests endpoints for a specific configuration setting or security risk on a specific platform, such as user privileges for an Oracle database.
Risk scores measure endpoint vulnerability and help you identify which endpoints have the most serious exposures based on two factors: threats discovered and endpoint importance. An endpoint’s importance represents the criticality level of that endpoint in your organization. For example, a database endpoint containing customer financial data might have a higher importance level than a database of customer references.
Lists the endpoints that most likely pose a security threat to your environment.
Lists the security checks that endpoints failed, which might pose a security issue.
Provides a map-based view of endpoints with the highest risk results.
You can export a completed assessment in PDF format.
Navigate to Reports > Assessment Reports.
Select the report.
Click ... > Download.
Depending on your browser settings, the browser might prompt you for the file name and download location.
Depending on the policy template, you can view results based on the security checks in the policy template, common vulnerabilities and exposures (CVEs), or requirements associated with a security standard.
You can quickly determine the overall number of security checks with failed and successful results. Then you can delve into a detailed view any particular security check to determine which endpoints failed and how.
It is possible that an endpoint might temporarily be causing a problem or some results returned might not be relevant for your security policies and standards. To remove this information from the assessment report, see Simplify the Data in a Report.
In the report view, click Endpoints & Groups.
To quickly find endpoints that might pose a security risk, you can select Endpoints at Risk. You can also sort the table by Failed Security Checks or Compliance.
Select an endpoint to view its compliance per security check. Then review the Expected Value and Actual Value columns to identify why the endpoint failed the security check.
The completed assessment for the NetIQ Password Strength policy template indicates that endpoint ABCTest failed two security checks. You select the endpoint to identify where the risks occurred. You observe the following results:
Security Check |
Compliance Status |
Expected Value |
Actual Value |
Check Result |
---|---|---|---|---|
Accounts with passwords that never expire |
Failed |
0 |
1 |
Description: Built-in account for guest access to the computer/domain Status: Disabled Last login date: Never logged on |
Minimum number of passwords remembered |
Failed |
greater than or equal to 24 |
0 |
Status: 0 |
The endpoint has one account with a password that never expires, which might pose a security risk if malicious users know about this built-in account. The security check expects to find no such accounts. Moreover, another security check discovered that the server fails to store previously used passwords, which is a safeguard to prevent the re-use of old passwords.
For more information about resolving these failures, see Resolve the Discovered Security Risks.
In the report view, click Security Checks.
You can identify the security settings that resulted in the most failures among your endpoints. From there, you can determine which endpoints might pose the greatest risk to your environment.
Select the value below Failed. You can clear this filter as needed.
Select a security check from the Failed list, then click Endpoints.
For more information about security check Properties, see Viewing Details of a Security Check.
Secure Configuration Manager helps you to resolve the security risks reported by an assessment in the following ways:
In the assessment report, you identified the endpoints that failed a security check. The assessment also tells you the value for the configuration setting value that would result in a successful result. You can now ask the endpoint’s administrator to resolve the failures. For ease of communication, you send the relevant information from the assessment report to the administrator. For more information, see Export Assessment Results.
You know that the settings that caused the failed security checks are acceptable for that particular server or endpoint. So you create an exception for the endpoint or the security checks to prevent the failed conditions from causing a violation. For more information, see Excluding Data from Reports.
When you run policy templates against a large number of endpoints or groups of endpoints, the results can be overwhelming. You might want to reduce the amount of data returned by applying exceptions to a certain set of values. Alternatively, some results returned might not be relevant for your security policies and standards. To simplify assessment results, you can exclude or include specific data for specific endpoints or groups.
To view data that has already been excluded from the report, select Exceptions. For more information, see Excluding Data from Reports.
NOTE:The individual who ran the policy template or security check might also have pre-filtered the security check’s results by applying a saved list. For more information, see Including or Excluding Values in a Security Check Parameter.
For trademark and copyright information, see Legal Notice.