Navigating the Dashboard

To access the latest information about this topic and all Cloud Security releases, check out the Release notes and notices.

The BMC Helix Cloud Security Dashboard displays the compliance health of your environment at a glance, and enables you to customize the data based on filters you define. The dashboard shows current summary compliance statistics of your resources also displays clickable charts that enable to you traverse directly to specific resources, rules, or violations to policies. For capturing and sharing, you can export data to PDF format.

The Dashboard has the following elements:

Screen elementDescription
Top navigation bar items
Dashboard

Displays the Cloud Security Dashboard with a current snapshot of your environment.

Note

View Only users cannot add or modify connectors, policies, exceptions, or users, nor can they add or invite new users to use Cloud Security.

However, they can view and export the data to PDF.

If no data is displayed on the Dashboard, View Only users are notified to contact their Tenant Administrator, who can perform all operations in Cloud Security.

Resources

Displays a list of resources that are evaluated by Cloud Security. It also shows the compliance status of a resource, the connector associated with the resource, the associated policy, and other details. From the Resources page you can export data in the following formats:

CSV: Exports the resource data to a zip file containing a CSV file for each policy and its properties. CSV files can be created for the second level Resource data.
The naming convention of the downloaded zip file is: Resources-Date-Month-Year.zip; for example, Resources-27-Jun-2017.zip

The naming convention of the CSV file (in above zip file) is: Evaluation.csv

PDF: Exports the resource data to PDF. This functionality is available to both Admin and View Only users.

  • Resources (Resources-Date-Month-Year.pdf): Shows a list of resources that are evaluated by Cloud Security. It also shows the compliance status of a resource, the connector associated with the resource, the associated policy, and other details.
  • Resource Details (<Resource Name> - Date-Month-Year.pdf): Shows details for a specific resource that is evaluated by Cloud Security. For the selected resource, the report shows step-by-step evaluation details for each variable within a rule. You can use appropriate filters when generating the report to get an optimum dataset.
Violations

Displays a list of rules that are evaluated by Cloud Security. For each rule, the list shows the total number of resources that are evaluated, the count of resources that are compliant, non-compliant, or indeterminate, the associated connector and policy, and the severity level.

CSV: Exports the violations data to a zip file containing a CSV file for each policy and its properties. CSV files can be created for the second level Violations data.
The naming convention of the downloaded zip file is: Violations-Date-Month-Year.zip; for example, Violations-27-Jun-2017.zip

The naming convention of the CSV file (in above zip file) is: Evaluation.csv

PDF: Exports the violations data to PDF. This functionality is available to both Admin and View Only users.

  • Violations (Violations-Date-Month-Year.pdf): Shows a list of rules that are evaluated by Cloud Security. For each rule, the report shows the total number of resources that are evaluated, the count of resources that are compliant, non-compliant, or indeterminate, the associated connector and policy, and the severity level.
  • Violation Details (<Rule Name> - Date-Month-Year.pdf): Shows details for a specific rule that is evaluated by Cloud Security. For the selected rule, the report shows step-by-step evaluation details for each variable within a resource.
Remediations

Displays a list of resources that are remediated by Cloud Security. In addition to the resource name, it also shows the remediation action required for the particular resource, the rule name that has been violated, the type of remediation trigger (On Demand or Auto), the name of the user, the date and the status of the remediation (Successful or Failed).

A filter bar enables user to filter data according to connector type, status of remediation, date, tags, configuration or resource type.

The Resource Name column now shows only resource name, although initial evaluated resources show resource name as well as connector name.

From the Remediations page you can export data in the following formats:

CSV: Exports the remediation data to a zip file containing a CSV file for each policy and its properties.

The naming convention of the downloaded zip file is: Remediation-History-Date-Month-Year.zip; for example, Remediation-History-27-Jun-2017

The naming convention of the CSV file (in above zip file) is: Evaluation.csv


The data listed under Remediation Trigger column in the BMC Helix Cloud Security UI can be found under the Configuration column when exported in CSV format.

When data is exported from Remediations page in CSV format, the configuration column may not display that data in accordance with the selected filter (for older data, as the configuration column was not recorded earlier). This will not be an issue for freshly evaluated data.


PDF: Exports the remediation data to PDF. This functionality is available to both Admin and View Only users.

Manage

Enables you to manage policies and exceptions in Cloud Security.

View TransactionsDisplays the Transaction Utilization page which shows a graph and table of the total number of transactions per month over the last year. You can click Export to export the page to a PDF.
Sign Out

Logs you out of the Cloud Security application.

Scan duration selectionFilters the data on the dashboard according to a specified scan date range (Last 24 hours, Last 7 days, Last 14 days, Last 30 days, Till Date).
Scan time selection customizes the display in all the charts.
Configure icon

Enables you to manage Users, Connectors, Notifications, Resource Pools and Organizations in Cloud Security. Cloud Security.

Filter bar items
Connector

Filters the data by connector type. The default setting is All Connectors. To clear current selections and return to the default menu, click Clear selected items.

Tags

Filters the data by tag, which is metadata related to specific resources (security groups, database instances, and so forth) represented as key-and-value pairs. Tags enable you to categorize a resource by purpose or other category. You can then search on that category and filter widget data using tag filters, which are available on the top-level dashboard, and Resources and Violations multi-level pages. The default setting is All Tags. The filter provides the following additional options:

  • To search for a tag, type the name in the Find Tags search field. A minimum of 3 characters is required in the field.
  • (For currently selected items only) To clear your selections and return to the default menu, click Clear selected items.
  • (For two or more selected items only) To match any or all criteria for the selected search items, select either the Match Any or Match All options in the Matching Criteria section. Matching any of the criteria specifies that the search will return results for resources containing any of the tagged metadata (for example, either owner or name). Matching all of the criteria specifies that the search will return results for resources containing all of the tagged metadata (for example, both owner and name).

If you are using Microsoft Azure and have scanned for multiple subscriptions, those subscriptions will be displayed as tags. So, in the following example, the Azure Client ID is mapped to two subscriptions, which display on the Dashboard and Resources page in the Tags menu when that Azure connector is selected.



You can select each subscription to display the resources for that specific subscription, and you can apply the necessary filters to customize the results as you want.

Resource Type

Filters the data by resource type. The default setting is All Types. To clear current selections and return to the default menu, click Clear selected items.

Policy

Filters the data by policy type. The default setting is All Policies. To clear current selections and return to the default menu, click Clear selected items.

SeverityFilters the data by severity (Critical, High, Medium, or Low). The default setting is All Severity. To clear current selections and return to the default menu, click Clear selected items.
ClearClicking this button clears all filter selections to their default settings.
Export To PDF

Exports a current state snapshot of the dashboard to a PDF file (Dashboard.pdf) based on the filters defined. This functionality is available to both Admin and View Only users.

Widgets 
Total Evaluation(Clickable) Shows the total number of evaluations that are compliant, non-compliant for a given tenant.
Total Resources(Clickable) Shows the total number of resources that are compliant, non-compliant, and indeterminate that are evaluated for a given tenant. The total number and percentage of each resource category is displayed in the corresponding number/percentage item to the right of the chart.
Non Compliant Rules(Clickable) Shows the current summary of compliance statistics of rule violations.
Non Compliant Resources(Clickable) Shows the compliance distribution of resources.
Remediations Triggered
Shows the distribution of resources remediated, as well as the resources triggered during the current day.
Compliance Trend

Shows a compliant history trending graph of compliant resources over a selected scan time.

Non Compliant Rules vs RemediationShows the compliance trend of rule violations against the number of remediations.

Back to top

The Total Evaluations widget shows the total number of evaluations that are compliant, non-compliant, and indeterminate that are evaluated for a given tenant. 

Click any of the states (Compliant, Non Compliant, and Indeterminate) to view the violations for each of the state. For example, if you click Compliant, the Violations page is displayed, which describes the compliant evaluations for the selected period. 

 

The Total Resources widget shows the total number of resources that are compliant, non-compliant, and indeterminate that are evaluated for a given tenant. The total number and percentage of each resource category is displayed in the corresponding number/percentage item to the right of the widget (the highest number of resources are displayed to the left).

Clicking the Compliant item displays the Resources page with the Evaluation Status filter automatically set to Compliant, from which you can traverse directly to a specific resource.

Similarly, clicking the Non Compliant item displays the Resources page with the Evaluation Status filter automatically set to NonCompliant, and clicking the Indeterminate item displays the Resources page with the Evaluation Status filter automatically set to Indeterminate.

Note

When clicking the Back button on your browser to return to the Dashboard, the filter settings you previously applied do not change.

Back to top

The Non Compliant Rules widget shows the current summary of compliance statistics of violations.

To show a summary of the data by severity, click By Severity. Clicking a section of the widget displays the Violations page with the Severity filter automatically set to the severity represented in the widget, from which you can traverse directly to a specific rule.

For example, in the following screens, clicking the Critical section of the widget or the numeric/percentage area below the widget displays the Violations page with the Severity filter automatically set to Critical.

To show a summary of the data by age, click By Age. Clicking a section of the widget or the numeric/percentage area below the widget displays the Violations page with all filters set to the default states, from which you can traverse directly to a specific rule.

Back to top

The Non Compliant Resources widget shows the current compliance distribution of resources.

Clicking a section of the widget or the numeric/percentage area below the widget displays the Resources page with the with Evaluation Status filter automatically set to NonCompliant, and the Scan Date showing to the corresponding duration.

Back to top

The Remediations Triggered widget shows the distribution of remediations triggered.

The sections of the widget and the numeric/percentage area below the widget display the total number of successful, failed, and submitted (if applicable) remediations. The title above the widget displays the total number of remediations triggered during the current day. Every time a violation is detected in Cloud Security, a remediation is triggered and the widget and number/percentage area is incremented accordingly.

Back to top

The Compliance Trend widget shows a compliant history trending graph of compliant resources over the selected scan duration. This widget enables you to quickly assess the health of your resources over a period of time. You can hover over a point in the graph to locate a specific number of resources for a given date. For example, in the following screen, for a scan time selection of 7 days, 24 resources were compliant on July 21, trending to its highest number of compliant resources in that time period on July 22.

Back to top

The Non Compliant Rules vs Remediation widget shows the compliance trend of rule violations against the number of remediations.

The data trending chart shows the number or non-compliant rules at any given point in time. The vertical (Y) axis displays the number of violations and remediations at the selected scan duration, represented in the horizontal (X) axis.

Note

This widget is not clickable; however, you can hover over a point on either graph to locate a specific number of remediations or violations for a given date.

Back to top

Was this page helpful? Yes No Submitting... Thank you

Comments