Working with reports
Select Reports > All from the Comply menu to view the results for All reports, Configuration Compliance reports, or Vulnerability reports that have been run and the next scheduled run, if applicable.
By default, users with the Comply Report Reviewer role can see all reports, even reports that target computer groups for which the user does not have management rights.
If the report_mr_enabled setting is set to true, users can only see reports that target computer groups for which they have management rights. With this setting enabled, users can only see reports when they have management rights to all computer groups that the report targets. If a report targets multiple computer groups, but the user does not have management rights to one or more of the targeted computer groups, the user cannot see the report.
The maintain_management_rights setting is set to false by default. When this is set to true, the management rights of a report's original creator are preserved when the saved action for the report is recreated. The saved action is recreated when the report schedule is edited or when a report vulnerability feed is updated. With this setting, users who are not administrators, can only change the schedule for reports they create.
Expand a report to see details about that report. Click on the report name to see results associated with that report and details about the policies included in configuration compliance reports and questions included in vulnerability reports.
Reports can include the following:
Last run, date and time
Next run, date and time
Compliance checks with a color-coded failed and passed bar.
Details such as computer group, scan priority, and benchmarks.
CVEs (Common Vulnerabilities and Exposures) with total found and high, medium, and low assignments.
If you see a Scan Error next to a report , click the icon to see details about the errors.
Vulnerability report results
When you view Vulnerability report results, you will see icons to the left of each CVE indicating the severity of that vulnerability.
Expand a CVE to get more details including Remediation Instructions and a Solution.
Integration with Patch
The scan engine in Comply scans for both vulnerability and operating system patch definitions. If you have Tanium Patch installed and the scan engine finds a vulnerability definition and a patch definition that are associated with the same CVE, Comply checks Patch for the necessary patch. If the patch is available in Patch, a Patch icon displays next to vulnerability.
For more information, see Patch User Guide: Deploying patches.
Use Patch to deploy operating system patches and software updates to proactively remediate and eliminate software and operating system vulnerabilities before they are found by vulnerability reports.
Get Comply - Report Age
Comply - Vulnerability CVE Search
Use this sensor in Interact to find endpoints with specific CVEs and see details. The sensor extracts multiple CVE numbers as a parameter; you can then enter them one line at a time in the input field in Interact. Add Computer Name to your parameters to get more specific results.
Comply - Vulnerability Discovery Dates
This sensor will show the date on which a vulnerability was first encountered on an endpoint and the date of the last discovery of that vulnerability on an endpoint. This data is also available from the Comply – [engine] Vulnerabilities Full sensor. Add Computer Name to your parameters to get more specific results.
When you upgrade to Comply 2.0.0 and later, you will need to upgrade your saved questions to the newest format. You will see a warning next to reports requiring an upgrade.
- On the Reports page, select the report(s) requiring an upgrade.
- Click Upgrade Reports.
- Enter your credentials and click OK.
Use the Filter Results fields at the top of the Reports page to filter the list of reports.
When vulnerability sources are updated and contain new definitions that match a report's vulnerability content, Comply automatically marks the reports as having new content available and displays a notification banner. If a service account is configured, then Comply automatically redeploys reports that are scheduled to run again as part of the service account background process. If you need the update sooner, you can manually update and deploy vulnerability reports that Comply has identified as outdated before the service account deploys them.
- If reports are configured only for CVEs from a previous year, then a source update will not generate the message because updates to the CVEs for that year are unlikely. If reports are configured to include CVEs for the current year, then a source update generates the message.
- This workflow does not apply to configuration compliance reports, which require a new report to use updated configuration compliance benchmarks. See Delete a report.
- Click Update Now in the notification message to see the list of affected reports.
- Click Update Reports.
- Select the reports you want to update.
- Click Update Report. You can view the status of the update in the Status column.
You can view reports that are scheduled to run on the Tanium Comply action group in the Tanium Console.
- Select Scheduled Actions under Actions from the main menu.
- On the Actions page, enter Comply in the Filter by text field at the top right to see the reports scheduled to run on the Tanium Comply action group.
Selecting the Tanium Comply action group in the left navigation pane shows all scheduled actions for Comply, including engine/JRE scheduled actions as well as those created for report execution.
On the Reports page, select a report and click Deploy Now to run the report.
- From the Reports menu, select All, Configuration Compliance, or Vulnerability.
- Select a report.
- Click Manage Report > Export Report.
- In the Export Report window, provide a Title and Description for the report.
- Choose either HTML or CSV from the Format drop-down list for the exported data.
- For Configuration Compliance reports, the pass, fail, and error report types are selected by default. Click in the Report Types field to select additional types or to remove any of the default types.
- For Configuration Compliance reports, select options for Results Display and Rule Details.
Use Results Display to turn off the summary values for each result so that the endpoint list is the complete list of computer names and IP addresses.
- Click Export. Enter your credentials and click OK.
- When the export report is complete, click View report export to go to the Report Exports page or click Download to download the report in the format you selected. On the Report Exports page, you can also select a report and click Download.
- Use the Filter Results fields to filter the list of reports.
You can close the Export Report window and let the report export process run in the background. Go to the Report Export page to view the progress of any report export jobs currently running. The last column in the results table on indicates the status of the report export job.
- On the Reports page for All, Configuration Compliance, or Vulnerability, select a report.
- Under the Manage Report drop-down button, click Refresh Results. Comply will retrieve the results from the Tanium Server for the selected report.
- On the Reports page for All, Configuration Compliance, or Vulnerability, select a report.
- Under the Manage Report drop-down button, click Reissue Question. Comply will re-ask the report questions.
Use Refresh Results to retrieve new results from the Tanium Server for the selected report.
- On the Reports page for All, Compliance, or Vulnerability, select a report.
- Under the Manage Report drop-down button, click View Saved Question to see the questions in Interact that retrieved the results for the selected report.
- On the Reports page, select Edit Report next to the report for which you want to edit the schedule or title.
- Edit the Title if needed.
- Add labels in the Labels field. Click the X next to a label to remove it.
- Change the Engine if needed.
- Change the Scan Priority if needed.
- Select Start at and End at and complete the date and time values to limit the report to run only during a specific time period.
- Select the Distribute over and enter values to run the report over minutes or hours. This value cannot be over four hours.
- Select None, Interval, or Use report age for the Repeat field.
- If you choose None, the report will run once if the Start At field is specified for a date and time in the future. Otherwise, the report will not run again.
- If you choose Interval, the Reissue every field will appear, and you can specify how often the report is run. The default value for this field is 1 Days and, if you do not specify a value for Start at, the report will run immediately. If you choose Interval and do not enter a value for End At, the report will run at the specified interval forever.
- If you choose Use report age, then the Run when results are older than field will appear, and you can specify how old you want the results to be before the report is run. The default value for this field is 1 Days and, if you do not specify a value for Start at, the report will run immediately. If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour. If do not enter a value for End At, the report will continue to run forever.
When an updated version of a new configuration compliance benchmark is released, you must delete the configuration compliance report that used the old benchmark and create a new report with the updated benchmark.
- This workflow does not apply to vulnerability reports, which are updated automatically if a service account is configured. See Update vulnerability reports.
- You cannot edit the content of a report once it has been created, and you cannot delete a benchmark, custom check, or custom ID mapping if they are associated with a report. You can only change when a report runs. See Edit a report.
On the Reports page, select a report and click Delete to delete it. See Deleting stale reports from endpoints to remove the report from the endpoints.
If you delete a report using the procedure described in Delete a report, you still need to delete it from the endpoints.
- On the Comply Home page, click Help .
- On the Troubleshooting tab, in the Manage Stale Reports section, click Update Reports.
- The Stale Reports window will appear and provide a list of reports that are no longer known to comply. Select the report you want to remove.
- Edit the following scheduling fields to schedule the removal action:
- Select Start at and End at and complete the date and time values to limit the removal to occur only during a specific time period.
- Select the Distribute over and enter values to run the removal over minutes, hours, or days.
- Select the Reissue every and define the interval in minutes, hours, or days in which the removal will run.
Last updated: 3/3/2021 1:21 PM | Feedback