Creating reports

Comply works best with operating system-level checks. See Creating computer groups.

You can create a new report on the Reports page or create one using an existing benchmark on the Benchmarks page. You must have the Comply Report Administrator role to create reports. For more information about Comply roles, see User role requirements.

Run a configuration compliance report to check the security configuration compliance state of a group of machines. This will execute reports using SCAP XCCDF benchmarks. Run a vulnerability report to execute OVAL checks against your endpoints to check for the presence of identified vulnerabilities.

Create a configuration compliance report

Create a configuration compliance report from the Reports page

  1. Select Reports from the Comply menu.
  2. Select Configuration Compliance Report from the Create Report drop-down list.
  3. On the New Configuration Compliance Report page, in the Details section, enter a Name for the report. You can also provide Labels.
  4. Select a Platform.
  5. Select the Engine. You will only see the Engine field if you have more than one engine installed.
  6. The Tanium Comply action group is created automatically by Comply and will be auto-populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  7. Select Computer Groups.
  8. Be sure to select the appropriate platform (Windows, Linux, or OS X) and Computer Groups containing endpoints that align with the Platform for Comply to work correctly.

  9. Select either Low or Normal from the Execution Priority drop-down list. Low causes the Comply scan process to yield processor utilization to other processes running on the machine. Normal will execute the scan process with the same priority as other processes running on the machine.
  10. Selecting Low may increase the duration of the scan processes on endpoints with high processor utilization.

  11. Select Start at andEnd atand complete the date and time values to limit the report to run only during a specific time period.
  12. Select the Distribute over and enter values to run the report over minutes or hours.This value cannot be over four hours.
  13. Select None, Interval, or Report Result Age for the Repeat report execution by field.
    • If you choose Interval, the Reissue every field will appear, and you can specify how often the report is run.
    • If you choose Report Result Age, then the Run when results are older than field will appear, and you can specify how old you want the results to be before the report is run. If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour.
  14. Select the Benchmark and Profile from the drop-down lists in the Benchmarks section.
  15. Click + Add Additional Benchmark to add another benchmark or click Create & Deploy and enter your credentials. Action results will display.
  16. If you have Custom Checks or Custom ID Mappings, you can specify these in the Advanced section. See Customizing compliance results for more information.
  17. Custom checks should take less than a minute to run – they can output anything to standard output as long as the last line is a valid rule result string such as passfail, or error.

Create a configuration compliance report from the Benchmarks page

On the Benchmarks page, click Create Report next to a benchmark profile to create a report for that profile.

Create a vulnerability report

Create a vulnerability report from the Reports page

  1. Select Reports from the Comply menu.
  2. Select Vulnerability Report from the Create Report drop-down list.
  3. On the New Vulnerability Report page, in the Details section, enter a Name for the report. You can also provide Labels.
  4. Select a Platform.
  5. Select the Engine. You will only see the Engine field if you have more than one engine installed.
  6. The Tanium Comply action group is created automatically by Comply and will be auto-populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  7. Select Computer Groups.
  8. Be sure to select the appropriate platform (Windows, Linux, or OS X) and Computer Groups containing endpoints that align with the Platform for Comply to work correctly.

  9. Select either Low or Normal from the Execution Priority drop-down list. Low causes the Comply scan process to yield processor utilization to other processes running on the machine. Normal will execute the scan process with the same priority as other processes running on the machine.
  10. Selecting Low may increase the duration of the scan processes on endpoints with high processor utilization.

  11. Select Start at andEnd atand complete the date and time values to limit the report to run only during a specific time period.
  12. Select the Distribute over and enter values to run the report over minutes, hours, or days.
  13. Select None, Interval, or Report Result Age for the Repeat report execution by field.
    • If you choose Interval, the Reissue every field will appear, and you can specify how often the report is run.
    • If you choose Report Result Age, then the Run when results are older than field will appear, and you can specify how old you want the results to be before the report is run. If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour.
  14. Select the Source and Operating System from the drop-down lists in the Vulnerability Source section.
  15. Specify the CVE Years. The Preview section on the right will show the number of CVEs and Definitions that will be included in the report.
  16. You can specify now in the CVE Years field as the end of a range. For example, entering 2016-now will run the report against all CVEs from 2016 to the current date. This can make it easy to define a range that always is current.

  17. Check the scores you want to see in CVSS Scores.
  18. List specific CVEs.
  19. Specified CVEs will always be included in the report regardless of the values specified for CVE Years or CVSS Scores. To search by year and score, you must provide values for both fields for the search to be valid. If you specify CVE Years, you must select at least one score in CVSS Scores. If you select a score in CVSS Scores, you must specify CVE Years. If you list specific CVEs, you can choose to leave the CVE Years field blank and select no CVSS Scores.

    If you have previously saved a report with values for CVEs, CVE Years, or CVSS Scores, these values will remain the same for the next vulnerability report you create. You can edit these values as needed.

  20. Specify the Batch Size.
  21. Batch Size defines the number of checks that will run at a time. In order to run a manageable number of checks on your endpoints, the default value for this field is 500 for CIS-CAT and SCC, and the default is 2000 for JovalCM. Consult with your TAM if you want to adjust these values.

  22. If you have Custom ID Mappings, you can specify these in the Advanced section. See Customizing vulnerability results for more information.
  23. In the Open Ports section, check Report Open Ports if you want your vulnerability report to include open ports. The Open Ports section lists open ports and their corresponding processes on Tanium-managed endpoints.

  24. Click Create & Deploy and enter your credentials. Action results will display.

Create a vulnerability report from the Benchmarks page

Select Benchmarks from the main menu, select Vulnerability and click Create Report next to the vulnerability benchmark for which you want to create a report.

Create a remote open ports scan report

In order to create remote open ports scan reports in Comply, you must have Nmap scan discovery enabled in Tanium DiscoverTM using the Host Discovery and OS fingerprint option. If you want to scan endpoints that are on isolated subnets, select Enable Scanning on Isolated Endpoints. See Tanium Discover User Guide: Nmap scan discovery and Tanium Client Deployment Guide: Configure "isolated subnets" for more information.
  1. Select Reports from the Comply menu.
  2. Select Remote Open Ports Scan Report from the Create Report drop-down list.
  3. On the New Remote Open Ports Scan Report page, in the Details section, enter a Name for the report. You can also provide Labels.
  4. The Tanium Comply action group is created automatically by Comply and will be auto-populated in the Action Group field. All saved actions created by Comply will be created under this action group.
  5. Select Computer Groups.
  6. The computer group(s) you select must contain endpoints that are included in the computer group(s) defined in the Nmap scan discovery you enabled in Discover.

  7. Click Create & Deploy and enter your credentials.

Last updated: 12/4/2018 5:48 PM | Feedback