Working with reports

View results

Select Reports from the main menu to view the results for All reports, Configuration Compliance reports, or Vulnerability reports that have been run and if/when they are scheduled to run again.

Click Go to Interact next to Endpoints to go to Interact to view any endpoints reported on that are currently online.

Expand a report to see details about that report. Click on the report name to see results associated with that report and details about the policies included in configuration compliance reports and questions included in vulnerability reports.

Click on a rule to see a detailed description of that rule.

Get Comply - Report Age from all machines sensor

Use this sensor in Interact to see which Comply reports exist and when they were run.

Comply - Vulnerability CVE Search sensor

This sensor in Interact to find endpoints with specific CVEs and see details. The sensor extracts multiple CVE numbers as a parameter; you can then enter them one line at a time in the input field in Interact.

Comply - Vulnerability Discovery Dates sensor

This sensor will show the date on which a vulnerability was first encountered on an endpoint and the date of the last discovery of that vulnerability on an endpoint. This data is also available from the Comply – [engine] Vulnerabilities Full sensor.

Filter reports

Use the Filter Results fields at the top of the Reports page to filter the list of reports.

Update vulnerability reports

Whenever vulnerability sources are updated and contain new definitions that match the report vulnerability content, Comply automatically updates these vulnerability reports. Users have the option to manually update vulnerability reports that Comply has identified as outdated before that background process updates them.

If the report was for CVEs in 2016, then a source update will not generate the message because it is unlikely there will ever be more CVEs for 2016. However, if the report was for CVEs in 2017 (or the current year), then a source update will often generate the message.

  1. Click the provided link in the Warning message to see the list of affected reports.
  2. Select the reports you want to update.
  3. Click Update Report. You can view the status of the update in the Status column.

View scheduled report actions

You can view reports that are scheduled to run on the Tanium Comply action group in the Tanium Console.

  1. Select Scheduled Actions under Actions from the main menu.
  2. On the Actions page, enter Comply in the search field and select Tanium Comply to see the reports scheduled to run on the Tanium Comply action group.

Selecting the Tanium Comply action group shows all scheduled actions for Comply, including engine/JRE scheduled actions as well as those created for report execution.

Run a report again

On the Reports page, select a report and click Deploy Now to run the report.

Export report results

  1. On the Reports page for All, Configuration Compliance, or Vulnerability, select a report.
  2. Under the Manage Report drop-down list, click Export Report.
  3. In the Export Report window, provide a Title and Description for the report.
  4. Choose either HTML or CSV from the Format drop-down list for the exported data.
  5. By default, pass, fail, and error report types are already selected. Click in the Report Types field to select additional types or to remove any of the default types.
  6. Select options for Results Display and Rule Details. Results Display can be used to turn off the summary values for each result so that the endpoint list will the complete list of computer names and IP addresses.
  7. Click Export. Enter your credentials and click OK.
  8. You can close the Export Report window and let the report export process run in the background. Go to the Report Export page to view the progress of any report export jobs currently running. The last column in the results table on indicates the status of the report export job.

  9. When the export report is complete, click View report export to go to the Report Exports page or click Download to download the report in the format you selected. On the Report Exports page, you can also select a report and click Download to download it.
  10. Use the Filter Results fields to filter the list of reports.

Edit a report

Edit report name or schedule

  1. On the Reports page, select Edit Report from the Manage Report drop-down list next to the report for which you want to edit the schedule or title.
  2. Edit the Title if needed.
  3. Select Start at and End at and complete the date and time values to limit the report to run only during a specific time period.
  4. Select the Distribute over and enter values to run the report over minutes or hours. This value cannot be over four hours.
  5. Select None, Interval, or Report Result Age for the Repeat report execution by field.
    • If you choose None, the report will not run again with the specified settings.
    • If you choose Interval, the Reissue every field will appear, and you can specify how often the report is run. The default value for this field is 1 Days and, if you do not specify a value for Start at, the report will run immediately.
    • If you choose Report Result Age, then the Run when results are older than field will appear, and you can specify how old you want the results to be before the report is run. The default value for this field is 1 Days and, if you do not specify a value for Start at, the report will run immediately.If a targeted endpoint comes online that has never run the report, the report will be run as soon as the next age-check occurs. The age of results is checked either every hour or every 3 hours. If you specify an age less than 3 hours, the age of results will be checked every hour.
  6. Click Save, enter your credentials, and click OK.

Edit report labels

  1. On the Reports page, select Edit Labels from the Manage Report drop-down list next to the report for which you want to edit the labels.
  2. Add labels in the Labels field. Click the X next to a label to remove it.

Delete a report

You cannot edit the content of a report once it has been created, and you cannot delete a benchmark, custom check, or custom ID mapping if they are associated with a report. You can only change when a report runs per Edit a report.

When an updated version of a new Benchmark is released, you must delete the Report that used the old Benchmark and create a new report with the updated Benchmark.

On the Reports page, select a report and click Delete to delete it. See Deleting stale reports from endpoints to remove the Report from the endpoints.

Deleting stale reports from endpoints

If you have deleted a report using the procedure described in Delete a report, you still need to delete it from the endpoint(s).

  1. At the top right of the Home page, click Help .
  2. On the Troubleshooting tab, in the Manage Stale Reports section, click Update Reports.
  3. The Stale Reports window will appear and provide a list of reports that are no longer known to comply. Select the report you would like to remove.
  4. Edit the following scheduling fields to schedule the removal action:
    • Select Start at andEnd atand complete the date and time values to limit the removal to occur only during a specific time period.
    • Select the Distribute over and enter values to run the removal over minutes, hours, or days.
    • Select the Reissue every and define the interval in minutes, hours, or days in which the removal will run.
  5. Click Remove Selected.

Last updated: 4/24/2018 12:13 PM | Feedback