Assurance Report Card Options

Name

The name of the ARC.

Description

(Optional) A description for the ARC.

Schedule

Specifies how often the ARC polls data sources to obtain updates.

• Daily (default) — The ARC polls data sources every 1-20 days at the specified time.

• Weekly — The ARC polls data sources every 1-20 weeks at the specified time and day of the week.

• Monthly — The ARC polls data sources every 1-20 months at the specified time and day of the month.

For example, Every 2 months on the fourth Thursday at 15:00 -4:00 indicates the ARC will poll data sources to obtain updates every two months, on the fourth Thursday of the month, at 15:00 in the America/New York timezone.

Add Policy Statement

Click to add a custom policy statement to the ARC. For more information, see Policy Statement Options.

Targets

Specifies the target hosts for the ARC to analyze:

• All Systems — Targets all available hosts.

• Assets — Targets the specified assets. For more information, see Assets.

  Tip: Use NOT, OR, and AND operators to exclude unwanted assets from the view.

• IPs — Targets the specified IP addresses. You can specify single addresses, IP addresses in CIDR notation, and IP ranges.

• Repositories — Targets the specified repositories. For more information, see Repositories.

If you want to match the specified assets or IP addresses against one or more repositories, select the repositories you want to match against.

Note: If an IP address you specified appears in two or more repositories you selected, the duplicated IP address negatively skews the ARC results.

Statement

Specifies pass/fail criteria for the policy statement.

Display

Specifies how the ARC displays the policy statement: Ratio (x/y), Percentage (%), or Compliant/Non-Compliant.

Data Type

The type of data you want the ARC to analyze: Vulnerabilities or Events.

Base Filters

The filters used as the basis for data analysis.

• If the Data Type is Vulnerabilities, you can select from the list of vulnerability analysis filter components.

• If the Data Type is Events, you can select from a list of event analysis filter components.

Compliant Filters

The filters used to determine the compliance conditions for the data analysis. For more information, see Vulnerability Analysis and Event Analysis.

• If the Data Type is Vulnerabilities, you can select from the list of vulnerability analysis filter components.

• If the Data Type is Events, you can select from a list of event analysis filter components.

Note:  Filters set in Base Filters are not present in Compliant Filters, with exception of the Assets and Plugin IDs. All filters set in Base Filters are carried over into Compliant Filters.

Compliant Condition

Specifies the conditions to match for determining compliance. For more information, see Vulnerability Analysis and Event Analysis.

Specify a quantity: All, No, Any, > (greater than), < (less than), >= (greater than or equal to), and <= (less than or equal to).

Specify hosts: Hosts, Vulnerabilities, and Ports.

Drilldown Filters

The filters to apply when clicking on the ARC policy statement for more details. For more information, see Vulnerability Analysis and Event Analysis.

• If the Data Type is Vulnerabilities, you can select from the list of vulnerability analysis filter components.

• If the Data Type is Events, you can select from a list of event analysis filter components.