You can use the Secure Configuration Manager delta reporting feature for comparing report results to easily identify and monitor changes to systems. For example, if you regularly run a policy template, you can observe changes to an endpoint’s results from run to run. You can also compare a known, good endpoint’s results against those of another endpoint for the same policy template run. Similarly, you can compare the results of two endpoints from a single security check run.
Since delta reports compare specific data fields, those fields must match in the two reports you want to compare. Therefore, you can run delta reports only for security check and policy template reports generated for endpoints managed by the same agent version. Also, if a security check was edited between runs, Secure Configuration Manager can only compare the unchanged fields in the check.
You can schedule a delta report to run on a recurring basis. You can also distribute a delta report using email or save it to a folder or file share. For more information about the Delta Comparison wizard, see the Help.
The Delta Comparison View in the delta report can indicate both a change in the managed risk at the security check level and differences in the endpoint results. That is, when you select Security Checks at the top level of the view, the report might indicate “Unchanged” because the overall scoring for the endpoints did not change for the selected runs. For example, information-only security checks always indicate “Unchanged” at the top level of the view because the managed risk value does not vary with endpoint results. However, the data results for individual endpoints might have changed between runs. To view whether endpoint results changed, you must expand the selected check in the navigation pane of the Delta Comparison View. The content pane then lists endpoint results, such as “Added” or “Deleted” if a change occurred between runs.