Viewing assessment results

You can take various actions while you view the results of an assessment.

View Results of an Assessment

View the results of an assessment in the Query-Report Builder. Open the Query-Report Builder by clicking Investigate > Query-Report Builder, and use the filter to find the report you are looking for.

Interpreting the Results of an Assessment

An assessment evaluates multiple tests based on multiple reports. The overall results are displayed in a separate browser window entitled Security Assessment Results and have the following sections:

Assessment Identity

The Assessment results identifies:

The assessment name
The date and time the assessment was run
The time period for the assessment
The Client and Server IP addresses or subnets

Assessment Selection

Use the drop-down menu to select and display past results for an assessment. The latest result is displayed by default.

Assessment Results History

The Assessment Results History shows the percentage of tests passing over a period of time. Further recommendations to improve the percentage of passing tests are given under the Assessment Test Results section.

View log

When clicked, the Execution Log will be displayed in a new window that shows the runtime execution of the assessment test. A timestamp, along with events, and messages can aid in the debugging of issues that might have caused certain tests to fail.

Results Summary

A tabular graph summarizes all the tests that were executed within this assessment. The X-axis represents the test’s severity (CRITICAL, MAJOR, MINOR, CAUTION, or INFO). The Y-axis represents the type of test (Privilege, Authentication, Configuration, Version, or Other). Within the grid is the representation of the number of tests that have either Passed, Failed, or had an Error when trying to execute. The tests that are not categorized as "Passed" or "Failed" are also listed as errors. As an example, if an error is displayed due to an unsupported database, you can see this detail when you filter on the error type. The number of tests represented in this grid are directly related to the detail for the assessment tests that is given under the Assessment Test Results section.

Current filtering applied

If you would like to change the filtering from what is currently applied, use the following two options to filter the results as you would like:

Reset Filtering - Removes all filtering options selected through the Filter / Sort Controls options.

Filter / Sort Controls - Use this to open a filter/sort options for the report. Options allow you to filter by Severities, Datasource Severity Classification (DS sev. class), Scores (pass, fail, or error), and Test Types (Observed/Database type). The sort option allows you to sort across combinations of severity, score, and datasource. Click Apply when you would like the chosen filter/sort options to take effect.

Assessment Test Results

The Assessment Test Results section provides a detailed description of the test taken, information about the target datasource and datasource severity classification, and the test's Pass/Fail status, severity, the external reference, and reason for the current status. Each test name is clickable and will filter all information off the report except for relevant information about that particular test. A hover-over feature on the Reason field will display the recommendation to help remedy failed or tests in error.

The assessment results include a count of the number of tests and the number of passed tests in each of these categories:

CIS tests
CVE tests
STIG tests

These values are displayed in the assessment result viewer and available for reporting as part of the VA results domain.

Datasource Details

When expanded, the Datasource Details section will show all of the datasources that were referenced within this assessment including the datasource's specific environmental information.

CVE and CVSS information

CVE Records and CVSS information will be displayed in the Assessment test result viewer.

The reference links are clickable (opens new window). Either section will be absent when there is no corresponding record for a result.

The CVSS fields of interest are:

CVSS Score
Access Complexity
Availability Impact
Confidentiality Impact
Integrity Impact
Authentication
Access Vendor
Source
Generated on Datetime

Working with failed tests

If some of the tests in your assessment show a failed status, you might want to take one of these actions:

Tune a test. For more information, see Tuning a test.
Create a test exception. For more information, see Creating a test exception.
Create an exception group. For more information, see Group exceptions.
Create a test detail exception. For more information, see Test detail exceptions.

Draft comment: anu.baskar@ibm.com

If some of the tests in your assessment show a failed status, you might want to take one of these actions:

Add an exception for the test: This action causes the test to always pass for a period of time. For example, you might have a group of servers that fail a test that checks that the latest available service updates are applied. You cannot apply the updates until your weekend maintenance window. You do not want the test to keep failing until that time. Right-click on the word Fail in the results panel and an Add Test exception popup menu appears. Specify an end date and time for the exception, and optionally a comment. The test will pass, on all datasources, whenever it is run before the exception expires, whether it is run from this assessment or as part of another assessment.
Add failing elements to an exception group: When a test fails, you can view more information by clicking the name of the test. The new panel will include an area titled Details. Elements of the test that failed are displayed after this heading. If any elements are displayed, you can add them to an exception group for this test. To do this, click the heading Details: to open a new dialog. This dialog displays the failing elements, with a check box next to each one. Check the boxes for the elements that you want to add to an exception group and clear the other check boxes. Then select a group. If a default exception group is defined for this test, it will appear pre-selected in the dialog. A drop-down list displays all other groups of type VA test exception that have been defined. To choose a group from the list, click the radio button next to the list, then choose the group from the list. Click Save to implement your choices. To add remaining elements to a different group, click Details again.

Export to PDF or to SCAP or AXIS XML

You can generate a PDF version of Assessment result by clicking Download PDF.

Use the Download XML button to open two menu choices: Download as SCAP xml and Download as AXIS xml. Choose one of these selections in order to download to your workstation an XML file representing the displayed assessment results. The file can be formatted for Security Content Automation Protocol (SCAP) XML or Apache EXtensible Interaction System (AXIS) XML, which is used by QRadar.