To get to this page: Select Report from the left menu to access Report Share. Go to New > Compliance Report. If the compliance module is enabled, then you must also select Template Based.
Compliance reports identify your compliance with security standards, such as SANS Top 20 and Qualys Top 20, and the PCI Data Security Standard. These compliance reports are based on data collected during vulnerability scans.
Important: The SANS Top 20 list was last updated in 2008. For more accurate information on the most prevalent and critical real-world vulnerabilities use the Qualys Top 20 list.
When the compliance module is enabled and you have compliance management privileges, then 2 additional report types are available: Policy Report and Authentication Report. These reports are based on data collected during compliance scans.
To run a report, supply the report details, select a report source option, and click Run. Your report will appear in the report history list where you can download it when it's completed.
Title. Specify a title for your new report. The title will appear on the report history list for quick identification. The title may contain a maximum of 128 characters. Note that the title is pre-defined for PCI reports and cannot be edited.
Report Type. Select a compliance report type from the drop-down menu. Your options are: Payment Card Industry (PCI) Executive Report, Payment Card Industry (PCI) Technical Report, Policy Report, Qualys Top 20 Report, and SANS Top 20 Report (you'll notice the title is "2008 SANS Top 20 Report" if your subscription was created using version 6.18 or later). When you have compliance management privileges, then 2 additional reports are available: Policy Report and Authentication Report.
Report Template. This option appears only when you select the report type Policy Report. Specify the policy report template that you want to use for this report. Click Select to choose a template from a list of available policy report templates. If no templates are available, you must first create a policy report template before you can generate a policy report. See Creating Policy Report Templates for more information.
Report Format. Select a format for your report. You can generate and store a report as a PDF or HTML file. Different format options appear for different report types. See Report Formats for more information on format options.
Once your report is complete, it will be available for download in the selected report format from the report history list. The one exception is PCI reports, which can be downloaded only in PDF format. If you generate a PCI report in HTML, it is saved to the report history list for viewing, but the download icon on the report history list will be disabled.
Add Secure Distribution. The secure PDF distribution option is available only for subscriptions with Report Share enabled. Managers and Unit Managers can encrypt the report with a password and securely distribute it to others via an email distribution list. See Securely Distribute PDF Reports for more information.
The Report Source options change dynamically according to the report type you select:
Specify the report target. Enter asset groups and IPs/ranges in the fields provided.
Click Next to select a saved scan result. A list of completed scan results generated with the PCI option profile appears. Select one saved scan result to include in the report.
Note: This report is available only when the compliance module is enabled.
Policy. Select a policy that you want to report on.
Asset Groups. Select the option All Asset Groups in policy to include all asset groups from the policy (for which you have permission) in the report. Select the option Select asset groups to include specific asset groups in the report. When selected, the Policy Asset Groups field is pre-populated with the groups available to you. Remove the groups that you don't want to include in the report. Optionally, remove all groups from the text field and then click the Select link to choose the groups you want to add back in.
Important Note: Trend data will appear in the report only if you select the All Asset Groups in policy option.
Note: This report is available only when the compliance module is enabled.
Managers and Auditors can select one or more business units or one or more asset groups to include in the report. You cannot include a combination of business units and asset groups. Other users can select one or more asset groups to include in the report.
Display & Filter. The Authentication Report consists of two sections: Summary and Details section. You can choose to filter one of these sections from the report. To do so, clear the section you want to filter out of the report. The summary section includes the total number of hosts that passed and failed authentication. The details section includes specific authentication results for each included host.