Topic
  • 6 replies
  • Latest Post - ‏2011-11-17T16:33:20Z by SystemAdmin
mgardner28
mgardner28
11 Posts

Pinned topic Security Configuration and Vulnerability Management Report Needed

‏2011-10-31T15:18:39Z |
I need a report that has the following information. I know the majority of this is available with the Security Configuration and Vulnerability Management component. We have this component. How can I extract this data and get it in the format in which I need? I was thinking that the Excel Connector might be the way I need to go. I have attached an image that makes it easier to see what I need. Any help is appreciated.

------------Unique Identifiers
FISMA ID Hostname
USC-00001-MAJ-00001 USCG.Asset.1

------------Asset Reporting
CPE Date of Last Scan Device Role
cpe:/o:redhat:enterprise_linux 6/23/2011 Server

----Vuln. Management
CVE CVSS
CVE-2007-3008 5.8

------------Configuration Management
CCE Compliance Anti-Virus Date of Last Patch
CCE-3204-5 Pass McAfee 6/19/2011
  • mgardner28
    mgardner28
    11 Posts

    Re: Security Configuration and Vulnerability Management Report Needed

    ‏2011-11-01T15:26:30Z  
    Anyone? I know almost all of the information is available in TEM, I just don't know how to extract it.

    Thanks,
    Mark
  • SystemAdmin
    SystemAdmin
    119 Posts

    Re: Security Configuration and Vulnerability Management Report Needed

    ‏2011-11-02T22:51:19Z  
    Hi mgardner28. You have some options here...

    I assume you've already created and activated your custom properties (e.g FISMA ID, CPE (yes, custom right now...), Device Role)... and you have activated any of the standard properties you want in your report.

    Your options are:
    • You can get TEM SCA to generate different views of this same data by setting columns and filters for existing report types. It won't all be in exactly this table format you show in your example and I don't think you can get it all on one report page type out of the box, but the data is there.
    • You can use the TEM SCA API to get the data into the report format you want. You'd create an html page with your desired formatting and embed the requests for data from the API. More info here https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/TEM%20Analytics%20API.
    • You can use the TEM SOAP API. More info here https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20SOAP%20API.
    • A cool implementation of the SOAP API is the Excel connector, which you might be able to use to get the same report format you're looking for. More info here https://www-304.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW10EP01.
    • You can create a custom Web Report. More info here https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/BigFix%20Custom%20Reports.

    Hope this gets you started.

    -- Jeff
  • mgardner28
    mgardner28
    11 Posts

    Re: Security Configuration and Vulnerability Management Report Needed

    ‏2011-11-04T16:07:16Z  
    Jeff,

    I have not set up custom properties "(e.g FISMA ID, CPE (yes, custom right now...)". When you say "CPE (yes, custom right now...) does that mean it will soon be a standard property? It would be useful to have standard reports with this information. It seems that most 3 letter government agencies are requiring this type of report. I would imagine that BiFix/TEM has several customers that will have to now or in the near future supply these reports. Many of these items are discussed in the SCAP Users Guide (http://publib.boulder.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc/SCAP_Users_Guide.pdf) and it indicates that the information is available. I seem to be having a difficult time finding and extracting the information. Do you have any suggestions as to how I should proceed?

    Thanks,
    Mark
  • SystemAdmin
    SystemAdmin
    119 Posts

    Re: Security Configuration and Vulnerability Management Report Needed

    ‏2011-11-11T05:49:43Z  
    Hi mgardner28,
    Sorry for not being clearer on this.

    I'm pretty sure you can get the reports you need from the Security & Compliance Analytics reports. Here are some screenshot examples: https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/More%20Examples

    The only issues I see are:

    • We don't currently have a list view that blends CCEs and CVEs for multiple computers in the same list. There is a CCE report and there is a CVE report. If you want them blended like in your example, you could create your own report template and use the TEM SCA API to populate the template.

    • Some of the items you list are custom properties. "FISMA ID", "Device Role", and potentially "Anti-Virus" would be properties you create. Once you have the properties created via the TEM console, these can be added to the SCA reports like the ones I've linked above with just a couple clicks, no problem. I included columns with those names in my examples, but the data is mostly blank/placeholders until I create the actual properties.

    • As you can see in the attached CCE report, we do have CPE information in our USGCB content and in our pending FDCC content refresh. The CPE's appear in the SCA reports just like your examples. However, since CPE information is currently associated with fixlets in the content sites and not directly associated with an asset, CPE information will not be available within the CVE reports. A solution to this would be for you to use TEM to populate CPE information onto the computers themselves (e.g. in text files or in the registry) and then create custom properties that would pick this up from each computer for your reports. This is what I meant by "yes, custom right now…" in my original reply. We are looking at ways to make CPE a general property of each asset so it's available wherever you have a list of computers (CCE report, CVE report, computer asset report, etc) and not strictly available only on the CCE reports.

    -- Jeff
  • mgardner28
    mgardner28
    11 Posts

    Re: Security Configuration and Vulnerability Management Report Needed

    ‏2011-11-17T14:07:48Z  
    Jeffs,

    Are the example reports(https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/More%20Examples) available for download?

    Thanks,
    Mark
  • SystemAdmin
    SystemAdmin
    119 Posts

    Re: Security Configuration and Vulnerability Management Report Needed

    ‏2011-11-17T16:33:20Z  
    Hi Mark,
    The report templates are already present in every SCA install. Here are the steps to configure the reports to look like the ones in the screenshots:

    Pre-req: you have USGCB and/or FDCC content sites in your deployment and your computers are subscribed to the sites.

    1) Log in to SCA with a user with Administrator privileges
    2) Go to Management>Computer Properties
    3) Add your custom properties (e.g. FISMA ID, Device Role, Anti-Virus)
    4) Run an import
    5) Go to the Reports>Check Reports report
    6) Click the Configure View button
    7) Check and uncheck the columns you would like to display
    8) Use the Filters area to filter the results you want (e.g. "Checklist in set 'USGCB for Windows 7'). You can specify multiple and/or filter criteria.
    9) Click Submit
    10) Click on column headings to sort
    11) Click and drag on column headings to reorder
    The second example report was generated using SCA 1.2, which is in release prep now. Here are the steps:

    Pre-req: you have the Vulnerabilities for Windows site in your deployment and your computers are subscribed to the site.

    All the other steps are the same (in fact if you already did 1-4, you don't need to redo them), except in step 5 you go to the Reports>Vulnerabilities report.

    -- Jeff