Creating reports

Comply works best with operating system-level checks. See Creating computer groups.

You can create a new report on the Reports page or create one using an existing benchmark on the Benchmarks page. You must have the Comply Report Administrator role to create reports. For more information about Comply roles, see User role requirements.

Run a configuration compliance report to check the security configuration compliance state of a group of machines. This will execute reports using SCAP XCCDF benchmarks. Run a vulnerability report to execute OVAL checks against your endpoints to check for the presence of identified vulnerabilities.

Create a configuration compliance report

Create a configuration compliance report from the Reports page

  1. Select Reports from the Comply menu.
  2. Select Configuration Compliance Report from the Create Report drop-down list.
  3. On the Create Configuration Compliance Report page, in the Summary section, enter a Name for the report. You can also provide Labels.
  4. Select Computer Groups.

    Be sure to select the appropriate platform (AIX, Linux, Mac, or Windows) and Computer Groups containing endpoints that align with the Platform for Comply to work correctly.

  5. The Tanium Comply action group is created automatically by Comply and will be automatically populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  6. Select a Platform.
  7. Select the Engine. The Engine field displays only when you have more than one engine installed.
  8. Select either Low or Normal from the Execution Priority drop-down list.

    If you select Low, the Comply scan process yields processor utilization to other processes running on the endpoint. If you select Normal, the scan process runs with the same priority as other processes on the endpoint.

    Selecting Low might increase the duration of the scan processes on endpoints with high processor utilization.

  9. Select the Benchmark from the drop-down list in the Benchmarks section.
  10. (Optional) Select Start on and End on and complete the date and time values to limit the report to run only during a specific time period.
  11. (Optional) Select the Distribute Over option and enter values to run the report over minutes or hours. This value cannot be over four hours.
  12. In the Repeat field, select Interval, Using report age, or Never.
    • If you choose Interval, the Reissue every field displays, and you can specify how often the report runs.
    • If you choose Using report age, then the Run when results are older than field displays, and you can specify how old you want the results to be before the report runs again. If a targeted endpoint comes online that has never run the report, the report runs as soon as the next age-check occurs. The age of results is checked every 3 hours unless you specify an age less than 3 hours. In this case, the age of results is checked every hour.
  13. Click Create & Deploy and enter your credentials. Action results will display.
  14. If you have Custom Checks or Custom ID Mappings, you can specify these in the Advanced section. See Customizing compliance results for more information.
  15. Custom checks should take less than a minute to run – they can output anything to standard output as long as the last line is a valid rule result string such as passfail, or error.

Create a Configuration Compliance report from the Benchmarks page

On the Configuration Compliance Benchmarks page, click Create Report next to a benchmark profile to create a report for that profile.

Create a vulnerability report

Create a vulnerability report from the Reports page

Vulnerability reports are supported only for Windows, macOS, and Linux endpoints. They are not supported for AIX endpoints.

  1. Select Reports from the Comply menu.
  2. Select Vulnerability Report from the Create Report drop-down list.
  3. On the Create Vulnerability Report page, in the Summary section, enter a Name for the report. You can also provide Labels.
  4. Select Computer Groups.

    Be sure to select the appropriate platform (Linux, Mac, or Windows) and Computer Groups containing endpoints that align with the Platform for Comply to work correctly.

  5. The Tanium Comply action group is created automatically by Comply and will be automatically populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  6. Select a Platform.
  7. Select the Engine. You will only see the Engine field if you have more than one engine installed.
  8. Select either Low or Normal from the Execution Priority drop-down list.

    If you select Low, the Comply scan process yields processor utilization to other processes running on the machine. If you select Normal, the scan process runs with the same priority as other processes on the machine.

    Selecting Low might increase the duration of the scan processes on endpoints with high processor utilization.

  9. Select the Source from the drop-down list in the Vulnerability Content section.
  10. Select an Operating System.
  11. Specify the Range of CVEs. The Preview section on the right will show the number of CVEs and Definitions that will be included in the report.

    You can specify now in the Range of CVEs field as the end of a range. For example, entering 2016-now will run the report against all CVEs from 2016 to the current date. By using this format, you can easily define a range that always is current.

  12. Check the scores you want to see in CVSS Score.
  13. List specific CVEs in the List of Individual CVEs field.

    If you specify a List of Individual CVEs, they will always be included in the report regardless of the values specified for Range of CVEs or CVSS Score. To search by year and score, you must provide values for both fields for the search to be valid. If you specify Range of CVEs, you must select at least one score in CVSS Score. If you select a score in CVSS Score, you must specify Range of CVEs. If you list specific CVEs, you can choose to leave the Range of CVEs field blank and select no CVSS Score.

    If you have previously saved a report with values for List of Individual CVEs, Range of CVEs, or CVSS Score, these values will remain the same for the next vulnerability report you create. You can edit these values as needed.

  14. Specify the Batch Size.

    Batch Size defines the number of checks that will run at a time. In order to run a manageable number of checks on your endpoints, the default value for this field is 500 for CIS-CAT and SCC, and the default is 2000 for JovalCM. Consult with your TAM if you want to adjust these values.

  15. If you have custom Vulnerability Mappings, you can specify these in the Advanced Settings section. See Customizing vulnerability results for more information.
  16. Select Remote Open Ports if you want your vulnerability report to include open ports. The Open Ports section lists open ports and their corresponding processes on Tanium-managed endpoints.
  17. Select Start on and End on and complete the date and time values to limit the report to run only during a specific time period.
  18. Select the Distribute Over option and enter values to run the report over minutes, hours, or days.
  19. Select Interval, Using report age, or Never for the Repeat field.
    • If you choose Interval, the Reissue every field displays, and you can specify how often the report is run.
    • If you choose Using report age, then the Run when results are older than field displays, and you can specify how old you want the results to be before the report is run. If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour.
  20. Click Create & Deploy and enter your credentials. Action results will display.

Create a vulnerability report from the Benchmarks page

Select Benchmarks from the main menu, select Vulnerability and click Create Report next to the vulnerability benchmark for which you want to create a report.

Create a remote vulnerability report

To create remote vulnerability reports in Comply, you must use Discover 2.9.0 or later. Before you can run a remote vulnerability report, you must configure a remote scan profile.

For the steps to create a remote scan profile, see Create a remote scan profile.

  1. Select Reports from the Comply menu.
  2. Select Remote Vulnerability Report from the Create Report drop-down list.
  3. On the Create Remote Vulnerability Report page, in the Summary section, enter a Name for the report. You can also provide Labels.
  4. The Tanium Comply action group is created automatically by Comply and is automatically populated in the Action Group field.
  5. Select Computer Groups.
  6. The computer groups you select must contain endpoints that are included in the computer groups that you defined in the profile that you created in the previous section.

  7. Click Create & Deploy and enter your credentials. Action results will display.

Last updated: 11/13/2019 12:40 PM | Feedback