TOC & Recently Viewed

Recently Viewed Topics

Reporting

Tenable provides extremely flexible and simplified reporting through an assortment of report templates and user-friendly report creation interface. Supported report types include the well-known PDF, RTF, and CSV standards for a high level of compatibility and ease of use. For some specialized needs, additional DISA ASR, DISA ARF, and CyberScope reporting options are available. These specialized reporting types are enabled or disabled by an admin user of the SecurityCenter. Reports can be scheduled and automatically emailed, shared to one or more specified SecurityCenter users and/or published to one or more sites on completion. Reports can be copied and reused as required. Tenable provides many report templates based on industry standards. When configuring a scan, an existing report template can also be set to run on completion.

Reports

To see a list of available reports, click on "Reporting" and then "Reports".

From the reports page, clicking on a report will display a page to edit the selected report, which is a set of pages that works like the Add Report pages described in detail in the custom report area later in this section. Clicking on the gear icon will display a menu to view the details of, edit, export the report definition, copy, or delete the report.

When creating a new report, the first step is to click the “Add” button. A window opens and lists high-level categories for available report templates from the SecurityCenter feed. Each category is represented by a name and description of the templates available in the category. The custom section provides standard report types to begin creation of custom reports.

From the “Add Report” screen, the templates may be searched by keyword in the “Search Templates” field across all the categories or by clicking the high-level category name. Selecting a category such as “Monitoring” displays a list of the report templates and a list of keywords that each of the available reports belongs to. Each report indicates the Tenable products that must be used with SecurityCenter for the data in the report to be complete. Once a category is selected, a drop-down menu is available to change the category view. At any time in the search, the “Search Templates” text entry may be used to filter on keywords. Selecting any of the report templates will provide a screen with information about the report and a selectable list of chapters to disable as desired before adding the template and targets to focus the report on by asset list, IP/DNS name, or the repository the results should be taken from.

Once a report template is added to the list of reports, it may be modified from the “Edit Report” screen to customize the report. The reports are created as a template report and may be scheduled as desired. The editing of a report follows the same options as adding a custom report described in the following section.

Custom Report

If an existing template does not satisfy the reporting need, a custom report may be created. From the initial “Add Report” screen select a report type from the “Custom” section at the bottom of the page. The screen captures below show the pages of the “Custom” dialog for a PDF report. Other styles will have similar screens.

Add PDF Report

PDF Report “Definition”

PDF Report “Distribution”

These pages allow the user to configure, define, and distribute custom vulnerability and event reports. The tables below describe available reporting options.

Option

Description

General

Name

Name assigned to the report.

Description

Descriptive text for the report.

Schedule

Determines how often the report will be run. Options are On Demand, Now, Once, Daily, Weekly, or Monthly. Selecting each frequency from the drop-down list will provide the options for the selected time frame. The schedule may be altered at a later time by editing the report.

Report Options

Report Style (PDF, RTF)

Report paper type/orientation. Available report types are selected from the drop-down shown in the image below and affect the report’s printability. The three available styles are Plain, Tenable 3D, and Tenable with options for Letter or A4 size paper and Portrait (unlabeled options) or Landscape printing.

Note: If a Classification Type banner has been set by the SecurityCenter administrator, only the “Plain” report styles will be listed.

Include Cover Page (PDF and RTF)

Include a cover page in the report.

Include Header (PDF only)

Include a predefined header in the report.

Include Footer (PDF only)

Include a predefined footer in the report.

Include Table of Contents (PDF and RTF)

Include a table of contents with the report.

Include Index (PDF and RTF)

Include an Index with the report.

Cover Logo (PDF only)

Choose the logo to display on the cover page (lower right-hand corner).

Footer Logo (PDF only)

Choose the logo to display on the cover page (lower center).

Watermark (PDF only)

Add a “Confidential” or other custom uploaded watermark to each page of the report.

Encrypt PDF (PDF only)

Protect the PDF with a password. The encryption level is 40-bit RC4. When enabled, a password field is displayed for a text entry of a password to use. This password must be used to open the report and view its contents. For more information about this encryption mechanism, please refer to the following URL: https://xmlgraphics.apache.org/fop/1.0/pdfencryption.html.

Operational Attribute Set (DISA ARF or CyberScope)

A drop-down list of available predefined operational attributes for adding required information to DISA ARF or CyberScope report types. Only the attribute set defined for the appropriate report will display in the drop-down.

ASR Content (DISA ASR only)

When creating a report, this drop-down offers a selection of Benchmark, IAVM, CVE, or Plugin ID to be included.

ASR Record Format (DISA ASR only)

This drop-down determines the format (Summary or Detail) of the DISA ASR report.

Include ARF (DISA ASR only)

When enabled, allows for the inclusion of a DISA ARF attribute set for the report.

Benchmarks

Benchmarks are generated after a scan using certain audit files that have been successfully run against at least one target system.

Definition

Tip: To determine what data will show up in your report, browse to the desired data view using the Analysis Tool and locate the desired data set. Save the data set as a query and then select the query as a data source for your report element (chart, table, etc.).

The definition will appear differently for different report types.

CSV reports will offer a drop-down to define a data type of Vulnerability, Event, Alert, Ticket, or User, and the ability to define an appropriate filter set or to use a predefined query. A selection to define the columns and number of results to appear in the report is then available for configuration.

DISA ARF, DISA ASR, and CyberScope reports offer a Vulnerability data filter or predefined Query selection from which the report may be defined.

When PDF and RTF reports are selected, this section allows the user to define report elements such as charts, tables and chapters along with their underlying data sources. Each element described below can be used more than once to create multifunction reports with great flexibility. A sample definition section for PDF and RTF reports is displayed below:

Chapter (PDF and RTF)

Chapters consist of sections and groups (table, charts, paragraphs, etc.). They are the primary sections listed in the table of contents and make up the section divisions within the report.

Template (PDF and RTF)

Templates are formatted reports that can be customized using chapter and target selections

Chapter Customizations

When working with a chapter, hovering over the chapter will reveal icons for Add Element, editing, and deleting the chapter. The following options are available for adding elements to the chapter. Once added, each element may be edited or deleted.

Grouping

Group (PDF and RTF)

Click the group button to add a group element to the report. Grouping will attempt to keep associated elements on the same page, but does not affect the content of the report.

Section (PDF and RTF)

Click to add a section and section title to the report.

Iterator (PDF and RTF)

Click to add an iterator to the report. Iterators are grouping elements that determine the field a report is grouped by. For example, if an “Iterator Type” of “Port” is chosen for a vulnerability report, the report is displayed with vulnerability data grouped by detected ports.

To use an iterator, click the iterator button. When adding elements to the report, the iterator may be selected for the location defined in the element.

If an iterator is not selected, the hosts and vulnerabilities are listed in the report individually.

Text

Matrix (PDF and RTF)

Click to add a Matrix chart to the report. Matrix charts have a variety of useful methods to display data in a chart layout within a report. Once the size of the matrix is selected, the individual cells may be configured for displaying data.

The following screenshot shows a four column by four row matrix table to be populated. Selecting a header will enable a gear icon menu to be selected that will enable editing the header’s name, deleting the cells in the row or column, and copying the row or column. Clicking on a cell will launch a configuration screen to set the data and rules to be used for displaying in the matrix.

Table (PDF and RTF)

Click to add a table element to the report (max results displayed: 999).

The underlying data set has a big effect on the report display. The default view for most reports is host-centric and SecurityCenter presents the user with the ability to choose a vulnerability-centric report (a listing of vulnerabilities with all associated hosts).

Paragraph (PDF and RTF)

Click to add a paragraph element to the report. A paragraph is simply descriptive text that can be inserted anywhere into the report. Use this option to describe table elements or report output for the viewer.

Assurance Report Card

Adds an element to the report based on the results of a selected Assurance Report Card.

Charts

Bar Chart (PDF and RTF)

Click to add a bar chart element to the report. A sample bar chart is displayed below:

Pie Chart (PDF and RTF)

Click to add a pie chart element to the report. A sample pie chart is displayed below:

Line Chart (PDF and RTF)

Click to add a line chart element to the report. A sample line chart is displayed below:

Line charts are defined by time (x-axis) and series data (y-axis). When selecting the time, available options include “Relative” time and “Absolute” time. One or more series data elements can be chosen and displayed as discrete lines for easy comparison.

Area Chart (PDF and RTF)

Click to add an area chart element to the report. A sample area chart is displayed below:

Area charts are defined by time (x-axis) and series data (y-axis). When selecting the time, available options include “Relative” time and “Absolute” time. One or more series data elements can be chosen and displayed as a stackable view for easy comparison.

Distribution

Publishing Sites

Upon completion of the report, it may be uploaded to one or more defined publishing sites selected from the list.

Email Users

Email Addresses

When a report has run, an email will be sent to selected users (with a defined email address) and additionally specified email address.

Share

When a report has run, the completed report will be shared in SecurityCenter with other users within the Organization. This is useful if emailing potentially sensitive data is prohibited by organizational policies.

Edit Reports

When editing reports, the fields are presented as they have been configured during their creation or addition. On the Definition page an additional link is provided to Find and Update Filters. When this link is selected, a new page is presented with three major fields: Search Filters, Update Actions, and Matching Filters.

The Search Filters section allows for adding search filters to find particular conditions throughout the selected report. These include Address, Audit File, Asset, CVE ID, DNS Name, IAVM ID, Repositories, Scan Policy, and Severity. Selecting each of the items changes the drop-down match filter list to an appropriate selection of conditions to filter on. If the condition selected requires an additional selection from another field, it will be presented. Multiple filters may be created to narrow down the matching components.

The Update Actions field allows for setting the new action to trigger on in the report. For instance, if the Search Filter is configured to locate all of the Severity levels that are set to Info and discovered within the last seven days, the Update Actions field can be set to reset the Severity Level trigger to Medium and/or the discovery date to greater than 30 days. When the “Update Filters” button is clicked, these changes will be applied to the report in all of the Matching Filters conditions list.

The Matching Filters field displays a list of all of the filters throughout the report that match the Search Filters criteria.

Report Results

Caution: Either the Oracle Java JRE or OpenJDK along with their accompanying dependencies must be installed on the system hosting the SecurityCenter for PDF reporting to function.

Clicking on “Report Results” opens a view to the status of running and completed reports. Results are displayed in a list view with the ability to click on an individual report to view its details. An example screen capture of this page is shown below:

Filters are available at the top of the screen to allow the user to view only desired report results. Filter parameters include the “Name”, “Owner”, “Status”, and “Finish Time”. The “Owner” filter allows you to view reports owned by your user, shared with your group, or any users managed by your user. “Status” allows you to view any reports or only completed reports or reports with errors and “Finish Time” gives you the ability to filter reports for the finish time range by preset times or an explicit time frame. To return to the original report result view, click on the “Clear Filters” link at the bottom of the filter options.

The results of individual reports are available by using the “Download” button next to the Completed status. The report is downloaded as a PDF, RTF, CSV, DISA ARF, DISA ASR, or CyberScope file as it was originally created.

Additional options are available from the gear icon menu. The “Copy” link will allow sharing a selected report with other SecurityCenter Organization users and groups The “Email” link allows for sharing the report via email by selecting the SecurityCenter users or entering the individual email address(es) for recipients not a part of the SecurityCenter environment. The “Publish” link allows you to send a completed report to a defined publishing site. Basic report parameters are available using the “Details” link. Finally, reports may be removed from SecurityCenter using the “Delete” link.

Report Images

Note: Image files must be of type .png or .jpg. Images used must be consistent when selecting the bit depth (8-bit, 16-bit, 24-bit, etc.). Otherwise, errors may be encountered when generating reports.

The “Report Images” interface allows a user with permissions to view details, add, edit, or delete PDF report images. Two types of images are managed from this interface: logos and watermarks. Logos are displayed at the bottom of each page, while watermarks are displayed prominently across the center of the report page.

Report Image Options

Option Description

Add

Add a new logo or watermark image. Note that only PNG and JPEG formats are supported. The default image sizes are as follows, all at 300 DPI:

default-cover-logo = 987x130

default-footer-logo = 380x100

default-page-logo = 579x84

default-watermark = 887x610

While there are no set limitations on image size or resolution, using images that are different from these specifications can have a negative impact on report appearance.

Note: The image size must be set to 300 DPI to prevent image breaks.

Edit

Edit any of the selected image’s fields, including name, description, type and file.

Detail

View image details including: name, description, date uploaded, last modified and type.

Delete

Delete the highlighted image.

Report Attributes

Report Attributes are used for adding required information to DISA ARF or CyberScope report types. During the Add attribute process, selecting the Type CyberScope or DISA ARF will present options appropriate to that attribute type. After adding attributes to the list, they are available for use during report creation of DISA or CyberScope reports.

Report Import and Export

SecurityCenter supports importing and exporting report definitions via the SecurityCenter web interface.

To import a report, select the Import Report item from the Options menu in the top right of the screen.

Clicking “Import Report” displays the following page:

The “Import Report” option allows users to import a report definition exported from another SecurityCenter. Give the imported report a name and click the “Choose File” button to select the definition from where it was saved to. This option is useful for Organizations running multiple SecurityCenters to provide consistent reports without duplicating the work needed to create the definition templates.

Clicking “Export” from the gear icon menu displays the export options under the selected report definition:

The “Export” button allows users to export the report definition for use by other SecurityCenter users in other Organizations. This allows one user to create a report and other users to import it for consistency in reporting across their Organization.

There are three options to select from when exporting and are described in the following table.

Values for Report Export Options

Option Description

Keep All References

Object References will be kept intact. Importing users should be within the same organization and have access to all relevant objects for the components to be useable.

Remove All References

All Object References will be removed, altering the definitions of the components. Importing users will not need to make any changes for components to be useable.

Replace With Placeholders

Object References will be removed and replaced with their respective names. Importing users will see the name of the reference object, but will need to replace it with an applicable object within their organization before the component is useable.

 

 

 

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.