Creating reports

Comply works best with operating system-level checks. See Creating computer groups.

You can create a new report on the Reports page or create one using an existing benchmark on the Benchmarks page. You must have the Comply Report Administrator role to create reports. For more information about Comply roles, see User roles.

Run a configuration compliance report to check the security configuration compliance state of a group of machines. This will execute reports using SCAP XCCDF benchmarks. Run a vulnerability report to execute OVAL checks against your endpoints to check for the presence of identified vulnerabilities.

Create a configuration compliance report

Create a configuration compliance report from the Reports page

  1. Select Reports from the main menu.
  2. Select Configuration Compliance Report from the Create Report drop-down list.
  3. On the New Configuration Compliance Report page, enter a Name for the report in the Details section. You can also provide a Labels.
  4. Select a Platform.
  5. Select the Engine. You will only see the Engine field if you have more than one engine installed.
  6. The Tanium Comply action group is created automatically by Comply and will be auto-populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  7. Select Computer Groups.
  8. Be sure to select the appropriate platform (Windows, Linux, or OS X) and Computer Groups containing endpoints that align with the Platform for Comply to work correctly.

  9. Select either Low or Normal from the Execution Priority drop-down list. Low causes the Comply scan process to yield processor utilization to other processes running on the machine. Normal will execute the scan process with the same priority as other processes running on the machine.
  10. Selecting Low may increase the duration of the scan processes on endpoints with high processor utilization.

  11. Select Start at andEnd atand complete the date and time values to limit the report to run only during a specific time period.
  12. Select the Distribute over and enter values to run the report over minutes or hours.This value cannot be over four hours.
  13. Select None, Interval, or Report Result Age for the Repeat report execution by field.
    • If you choose Interval, the Reissue every field will appear, and you can specify how often the report is run.
    • If you choose Report Result Age, then the Run when results are older than field will appear, and you can specify how old you want the results to be before the report is run. If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour.
  14. Select the Benchmark and Profile from the drop-down lists in the Benchmarks section.
  15. Click + Add Additional Benchmark to add another benchmark or click Create & Deploy and enter your credentials. Action results will display.
  16. If you have Custom Checks or Custom ID Mappings, you can specify these in the Advanced section. See Customizing compliance results for more information.
  17. Custom checks should take less than a minute to run – they can output anything to standard output as long as the last line is a valid rule result string such as passfail, or error.

Create a configuration compliance report from the Benchmarks page

On the Benchmarks page, click Create Report next to a benchmark profile to create a report for that profile.

Create a vulnerability report

Create a vulnerability report from the Reports page

  1. Select Reports from the main menu.
  2. Select Vulnerability Report from the Create Report drop-down list.
  3. On the New Vulnerability Report page, enter a Name for the report in the Details section. You can also provide a Labels.
  4. Select a Platform.
  5. Select the Engine. You will only see the Engine field if you have more than one engine installed.
  6. The Tanium Comply action group is created automatically by Comply and will be auto-populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  7. Select Computer Groups.
  8. Be sure to select the appropriate platform (Windows, Linux, or OS X) and Computer Groups containing endpoints that align with the Platform for Comply to work correctly.

  9. Select either Low or Normal from the Execution Priority drop-down list. Low causes the Comply scan process to yield processor utilization to other processes running on the machine. Normal will execute the scan process with the same priority as other processes running on the machine.
  10. Selecting Low may increase the duration of the scan processes on endpoints with high processor utilization.

  11. Select Start at andEnd atand complete the date and time values to limit the report to run only during a specific time period.
  12. Select the Distribute over and enter values to run the report over minutes, hours, or days.
  13. Select None, Interval, or Report Result Age for the Repeat report execution by field.
    • If you choose Interval, the Reissue every field will appear, and you can specify how often the report is run.
    • If you choose Report Result Age, then the Run when results are older than field will appear, and you can specify how old you want the results to be before the report is run. If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour.
  14. Select the Source and Operating System from the drop-down lists in the Vulnerability Source section.
  15. Specify the CVE Years. The Preview section on the right will show the number of CVEs and Definitions that will be included in the report.
  16. You can specify now in the CVE Years field as the end of a range. For example, entering 2016-now will run the report against all CVEs from 2016 to the current date. This can make it easy to define a range that always is current.

  17. Check the scores you want to see in CVSS Scores.
  18. List specific CVEs.
  19. Specified CVEs will always be included in the report regardless of the values specified for CVE Years or CVSS Scores. To search by year and score, you must provide values for both fields for the search to be valid. If you specify CVE Years, you must select at least one score in CVSS Scores. If you select a score in CVSS Scores, you must specify CVE Years. If you list specific CVEs, you can choose to leave the CVE Years field blank and select no CVSS Scores.

  20. Specify the Batch Size.
  21. Batch Size defines the number of checks that will run at a time. The default value for this field is 500 in order to run a manageable number of checks on your endpoints. Consult with your TAM if you want to adjust this value.

  22. If you have Custom ID Mappings, you can specify these in the Advanced section. See Customizing vulnerability results for more information.
  23. Click Create & Deploy and enter your credentials. Action results will display.

Create a vulnerability report from the Benchmarks page

Select Benchmarks from the main menu, select Vulnerability and click Create Report next to the vulnerability benchmark for which you want to create a report.

Last updated: 5/15/2018 5:48 PM | Feedback