Viewing assessment results

You can take various actions while you view the results of an assessment.

View Results of an Assessment

View the results of an assessment in the Query-Report Builder. Open the Query-Report Builder by clicking Investigate > Query-Report Builder, and use the filter to find the report you are looking for.

Interpreting the Results of an Assessment

An assessment evaluates multiple tests based on multiple reports. The overall results are displayed in a separate browser window entitled Security Assessment Results and have the following sections:

Assessment Identity

The Assessment results identifies:
  • The assessment name
  • The date and time the assessment was run
  • The time period for the assessment
  • The Client and Server IP addresses or subnets

Assessment Selection

Use the drop-down menu to select and display past results for an assessment. The latest result is displayed by default.

Assessment Results History

The Assessment Results History shows the percentage of tests passing over a period of time. Further recommendations to improve the percentage of passing tests are given under the Assessment Test Results section.

View log

When clicked, the Execution Log will be displayed in a new window that shows the runtime execution of the assessment test. A timestamp, along with events, and messages can aid in the debugging of issues that might have caused certain tests to fail.

Results Summary

A tabular graph summarizes all the tests that were executed within this assessment. The X-axis represents the test’s severity (CRITICAL, MAJOR, MINOR, CAUTION, or INFO). The Y-axis represents the type of test (Privilege, Authentication, Configuration, Version, or Other). Within the grid is the representation of the number of tests that have either Passed, Failed, or had an Error when trying to execute. The tests that are not categorized as "Passed" or "Failed" are also listed as errors. As an example, if an error is displayed due to an unsupported database, you can see this detail when you filter on the error type. The number of tests represented in this grid are directly related to the detail for the assessment tests that is given under the Assessment Test Results section.

Current filtering applied

If you would like to change the filtering from what is currently applied, use the following two options to filter the results as you would like:

Reset Filtering - Removes all filtering options selected through the Filter / Sort Controls options.

Filter / Sort Controls - Use this to open a filter/sort options for the report. Options allow you to filter by Severities, Datasource Severity Classification (DS sev. class), Scores (pass, fail, or error), and Test Types (Observed/Database type). The sort option allows you to sort across combinations of severity, score, and datasource. Click Apply when you would like the chosen filter/sort options to take effect.

Assessment Test Results

The Assessment Test Results section provides a detailed description of the test taken, information about the target datasource and datasource severity classification, and the test's Pass/Fail status, severity, the external reference, and reason for the current status. Each test name is clickable and will filter all information off the report except for relevant information about that particular test. A hover-over feature on the Reason field will display the recommendation to help remedy failed or tests in error.

The assessment results include a count of the number of tests and the number of passed tests in each of these categories:
  • CIS tests
  • CVE tests
  • STIG tests
These values are displayed in the assessment result viewer and available for reporting as part of the VA results domain.

Datasource Details

When expanded, the Datasource Details section will show all of the datasources that were referenced within this assessment including the datasource's specific environmental information.

CVE and CVSS information

CVE Records and CVSS information will be displayed in the Assessment test result viewer.

The reference links are clickable (opens new window). Either section will be absent when there is no corresponding record for a result.

The CVSS fields of interest are:
  • CVSS Score
  • Access Complexity
  • Availability Impact
  • Confidentiality Impact
  • Integrity Impact
  • Authentication
  • Access Vendor
  • Source
  • Generated on Datetime

Working with failed tests

If some of the tests in your assessment show a failed status, you might want to take one of these actions:

Export to PDF or to SCAP or AXIS XML

You can generate a PDF version of Assessment result by clicking Download PDF.

Use the Download XML button to open two menu choices: Download as SCAP xml and Download as AXIS xml. Choose one of these selections in order to download to your workstation an XML file representing the displayed assessment results. The file can be formatted for Security Content Automation Protocol (SCAP) XML or Apache EXtensible Interaction System (AXIS) XML, which is used by QRadar.