I need a report that has the following information. I know the majority of this is available with the Security Configuration and Vulnerability Management component. We have this component. How can I extract this data and get it in the format in which I need? I was thinking that the Excel Connector might be the way I need to go. I have attached an image that makes it easier to see what I need. Any help is appreciated.
I assume you’ve already created and activated your custom properties (e.g FISMA ID, CPE (yes, custom right now…), Device Role)… and you have activated any of the standard properties you want in your report.
Your options are:
You can get TEM SCA to generate different views of this same data by setting columns and filters for existing report types. It won’t all be in exactly this table format you show in your example and I don’t think you can get it all on one report page type out of the box, but the data is there.
I have not set up custom properties “(e.g FISMA ID, CPE (yes, custom right now…)”. When you say "CPE (yes, custom right now…) does that mean it will soon be a standard property? It would be useful to have standard reports with this information. It seems that most 3 letter government agencies are requiring this type of report. I would imagine that BiFix/TEM has several customers that will have to now or in the near future supply these reports. Many of these items are discussed in the SCAP Users Guide (http://publib.boulder.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc/SCAP_Users_Guide.pdf) and it indicates that the information is available. I seem to be having a difficult time finding and extracting the information. Do you have any suggestions as to how I should proceed?
We don’t currently have a list view that blends CCEs and CVEs for multiple computers in the same list. There is a CCE report and there is a CVE report. If you want them blended like in your example, you could create your own report template and use the TEM SCA API to populate the template.
Some of the items you list are custom properties. “FISMA ID”, “Device Role”, and potentially “Anti-Virus” would be properties you create. Once you have the properties created via the TEM console, these can be added to the SCA reports like the ones I’ve linked above with just a couple clicks, no problem. I included columns with those names in my examples, but the data is mostly blank/placeholders until I create the actual properties.
As you can see in the attached CCE report, we do have CPE information in our USGCB content and in our pending FDCC content refresh. The CPE’s appear in the SCA reports just like your examples. However, since CPE information is currently associated with fixlets in the content sites and not directly associated with an asset, CPE information will not be available within the CVE reports. A solution to this would be for you to use TEM to populate CPE information onto the computers themselves (e.g. in text files or in the registry) and then create custom properties that would pick this up from each computer for your reports. This is what I meant by “yes, custom right now…” in my original reply. We are looking at ways to make CPE a general property of each asset so it’s available wherever you have a list of computers (CCE report, CVE report, computer asset report, etc) and not strictly available only on the CCE reports.
The report templates are already present in every SCA install. Here are the steps to configure the reports to look like the ones in the screenshots:
Pre-req: you have USGCB and/or FDCC content sites in your deployment and your computers are subscribed to the sites.
Log in to SCA with a user with Administrator privileges
Go to Management>Computer Properties
Add your custom properties (e.g. FISMA ID, Device Role, Anti-Virus)
Run an import
Go to the Reports>Check Reports report
Click the Configure View button
Check and uncheck the columns you would like to display
Use the Filters area to filter the results you want (e.g. "Checklist in set ‘USGCB for Windows 7’). You can specify multiple and/or filter criteria.
Click Submit
Click on column headings to sort
Click and drag on column headings to reorder
The second example report was generated using SCA 1.2, which is in release prep now. Here are the steps:
Pre-req: you have the Vulnerabilities for Windows site in your deployment and your computers are subscribed to the site.
All the other steps are the same (in fact if you already did 1-4, you don’t need to redo them), except in step 5 you go to the Reports>Vulnerabilities report.