As Secure Configuration Manager runs a security check or policy template, the consoles display a report in the Pending jobs queue. When the run completes, Secure Configuration Manager moves the report to a Completed queue. To access assessment results, perform one of the following actions:
Select Reports > Assessment Reports or Reports > Dynamic Reports, then choose the report that you want to review. You can also click View Report in the Completed jobs queue. For more information, see Using the Web Console for Evaluation.
Select Job Queues > Completed in the left pane, then choose the report that you want to review.
When you open a report, Secure Configuration Manager launches the Report Viewer. From the Report Viewer, you can export results in a variety of file formats. For more information about exporting report results, see Exporting Assessment Results. For more information about graphics in the report, see Creating Custom Tasks and Reports.
NOTE:When you attempt to view large reports in the Report Viewer, the console might time out and disconnect from the database. To prevent this issue, change the Database Timeout for Console setting in the Tools > Options window to a longer period of time.
If the completed report indicates one or more endpoints failed security checks, you can re-run the failed checks for those endpoints only. To re-run checks for failed endpoints, right-click the completed report, and then click select Re-run for Failed Endpoints. Secure Configuration Manager generates a new report in the Completed jobs queue. For information about evaluating report results, see Section 7.0, Reviewing Results of Individual Runs.
When you run a security check or policy template, the resulting report provides a snapshot of each endpoint’s condition at the time you ran the check or template. The results include discovered configuration violations and a risk score for each selected endpoint for each applicable security check run. Secure Configuration Manager calculates the risk score based on two factors: the threat level of the discovered violations and the importance of the asset to the company. For more information about endpoint importance, see Assigning Importance to Endpoints. For more information about scoring, see Understanding Risk Scoring.
NOTE:
When you assign importance levels to all endpoints, the weighted report results help you identify which computers have the most serious exposures and need remedial attention first.
If you run an assessment that results in an error for an endpoint, the Web console displays a compliance or risk score of -1 for the endpoint / security check combination that caused the error. The error might indicate that the endpoint needs to be re-registered, the security check failed to function appropriately, or the agent lost communication with the endpoint or Core Services. In the Windows console, you will continue see a compliance or risk score of 0 for the endpoint / security check combination.
You can view and print the report results. Secure Configuration Manager places the completed report in the Completed jobs queue. You can use the printed reports for presenting compliance status results or as a remediation checklist. When you view a completed report, the Report Viewer opens in the Report Summary view. This view gives you a thorough overview of the report, providing you with important information such as the endpoints with the highest risk scores, and the most frequently violated security checks.
Once you have completed security check and policy template runs, you can use the available evaluation tools to assess compliance trends and report asset compliance to auditors and management. You can also use the delta report function to identify changes in your environment and determine which endpoints need to be updated.
Once Secure Configuration Manager completes a security check or policy template run, you can export the completed report to a variety of file formats. For policy template reports, you can specify whether the full report lists security checks according to their order in the template or alphabetically by their names or specified aliases. The check sort order applies to reports exported in .pdf, .rtf, .tsv, .xml, .xls, and .xlsx formats.
The Web console allows you to export the completed assessment report as a PDF file. For more information, see the Help in the Web console.
Alternatively, you can give users access to view the reports in the Web console, which enables them to more easily drill down into the data. For more information, see Using the Web Console for Evaluation.
Available only in the Windows console.
To export report data:
View the complete report. For more information about viewing reports, see Viewing Assessment Results.
Click Full Report.
(Optional) To change the sort order of the checks in the policy template, click Full Report Options, and then select the appropriate option from the Check Sort Order menu.
On the Actions menu, click Export Report.
Type the file name, and then select one of the following file formats:
.tsv
.rtf
.xml (XML or XCCDF)
.xls or .xlsx (depending on the Excel version that you use)
NOTE:To export a report in Excel format from the Report Viewer, Microsoft Excel must be installed on the Secure Configuration Manager console computer from which you are exporting the report and installed on the Core Services computer. For more information, see the Secure Configuration Manager Installation Guide.
Click Save.
If the completed report indicates one or more endpoints failed security checks, you can re-run the job or re-run just the failed checks on those endpoints. For information about evaluating report results, see Section 7.0, Reviewing Results of Individual Runs.
Run the assessment report again from Jobs > Success or Jobs > Failed.
To re-run checks for failed endpoints, right-click the completed report, and then click select Re-run for Failed Endpoints. Secure Configuration Manager generates a new report in the Completed jobs queue.