Working with reports

Viewing reports

A report is a set of saved filters and groupings on a set of findings. You can create reports from findings, and you can create a report from another report.

  • Compliance and vulnerability reports appear on Client tab.

  • Network unauthenticated reports appear on the Network Unauthenticated tab.

Comply provides some default reports:

By default, users with the Comply Report Reviewer role can see all reports, even reports that target computer groups for which the user does not have management rights.

If the assessment_mr_enabled setting is set to true, users can only see assessments that target computer groups for which they have management rights. With this setting enabled, users can only see reports when they have management rights to all computer groups that the report targets. If a report targets multiple computer groups, but the user does not have management rights to one or more of the targeted computer groups, the user cannot see the report.

The maintain_management_rights setting is set to false by default. When this is set to true, the management rights of a report's original creator are preserved when the saved action for the report is recreated. The saved action is recreated when the report schedule is edited or when a report vulnerability feed is updated. With this setting, users who are not administrators, can only change the schedule for reports they create.

Compliance report results

Click on a compliance report in the list to view the report details page. The details page is another view of the findings that were used to create the report. You can further refine or change the report by using the available filters and fields.

Optionally, select the check box to Show Excepted Findings if you have configured exceptions. See Creating exceptions for findings.

 

Click the Revert button undo changes and return to the original report. Click the Save As button to create a new report using the applied filters.



Vulnerability report results

Click on a vulnerability report in the list to view the report details page. The details page is another view of the findings that were used to create the report. You can further refine or change the report by using the available filters and the Save As button to create a new report.

Optionally, select the check box to Show Excepted Findings if you have configured exceptions. See Creating exceptions for findings.

Click the Get More Details icon on a finding in a report for Remediation Instructions and a Solution.

Create a new report

Create a new report from the Comply > Reports > Client or Network Unauthenticated tab. Click the Create Report button and select a report type. This takes you to the Findings page for your selection. See Create reports from findings. Also see Create a network unauthenticated report. Also see Creating vulnerability assessments.


Integration with Patch

The scan engine in Comply scans for both vulnerability and operating system patch definitions. If you have Tanium Patch installed and the scan engine finds a vulnerability definition and a patch definition that are associated with the same CVE, Comply checks Patch for the necessary patch. If the patch is available, when you select the check box for a CVE a Remediate in Patch button appears. This button is also available when you click the arrow to Get more details. Click the Remediate in Patch button to open the corresponding page in Patch.

The Remediate in Patch button is only available to users with the Show Patch privilege.

The Get more details windows also provides more information on the applicable patches for the selected CVE.

For more information, see Patch User Guide: Deploying patches.

Integration with Reporting

When you filter findings by endpoint, you can click the icon for an individual endpoint to view more details. From the details pop-up, you can click the View Details button to go to Tanium Reporting. See Tanium Reporting Guide: View and manage a single endpoint.

Tanium Reporting 1.12 or later is required. Otherwise, Tanium Asset is used for endpoint details.


View saved question

The Comply dashboard on the Overview page includes Tanium Trends boards that provide data visualization information for the Comply results described here: .


Click the title for a board in the Summary section to view the saved question in Tanium Interact that retrieved the results for the selected board.
From the Saved Question view, you can click the Edit button to edit the question in Interact. See Managing saved questions in the Tanium Console User Guide for detailed instructions.

Exporting network unauthenticated reports

Do the following to export a report.

  1. On the Reports page, select the Network Unauthenticated tab.
  2. Select a report and click the Export icon . You can only export one report at a time. If you have more than one report selected, the Export icon is not displayed.
  3. In the Export Report window, provide the following for each report type:
  4. Enter an Report Name.
  5. Optionally, enter a Description.
  6. Enter a File Name or use the pre-populated name.
  7. Select a Format: HTML or CSV.
  8. Click Export.

Click the Exports tab to view the status of the exported report. It will appear as Running until it's Complete. Click the Refresh button to update the Status column manually.

Downloading exported reports

  1. To import reports, go to the Reports > Exports tab.

  2. Select an exported report and click Download.
  3. Click the Download button to import a zip file containing the report.