SCAP Compliance results - Viewing and using

An SCAP Compliance operation runs an SCAP Compliance Job created in BMC Server Automation. The Security Content Automation Protocol (SCAP) is a set of standards used to automate and measure data center compliance with accepted security standards. 

Results of an SCAP Compliance operation provide:

• A pie chart showing the percentage of servers that pass or fail SCAP standards or fall into other categories specified by SCAP. 

• Statistics about the operation's start and end time, duration, and status.

• A series of tabs providing information and functionality relating to: 
   

  • • Target results
    • Rule results
    • Log messages

Target results

The Target Results tab shows the compliance status of all targets included in an SCAP Compliance operation. 

An icon next to each target in the Targets list shows  if the target has passed or failed or has some other status. Similarly, icons in the Rules list at right show the status of for each rule. For a rule to be marked as having passed, all targets must comply with the rule.

The Target Results tab also provides options for exporting SCAP results for the entire job or individual targets.

To search for rules or targets

In the  Search Targets  box, enter a text string of any length. The Targets list shows all targets with names that include that text string. If you leave the box blank, the page shows all targets. Search for rules that apply to a selected target in a similar way, using the  Search Rules  box.

To filter rules or targets

Take any of the following steps:

• Click one of the wedges representing a status in the pie chart and rule results are automatically filtered for that status. For example, if you click Pass in the pie chart, the Targets list shows only targets that have passed.
• Select a compliance status in the list at the top of the Targets list. The Targets list shows only targets matching that status. 
• Select a compliance status in the list at the top of the Rules list. The Rules list shows only rules matching that status for the selected target.

To obtain information about a rule

In the Targets list, select a target. Then, in the Rules list, hover your cursor over a rule that applies to the selected target. A pop-up message describes the rule.

To export results

Use the following procedures to export the results of an SCAP Compliance operation.

• To export OVAL interpreter log files
• To export OVAL analysis files
• To export ARF, ASR, or AI reports
• To export SCAP compliance results

SCAP reports are often used as input for other automated processes and are typically exported using an XML format. However, many exports include an XSL file, which allows them to be read easily by humans. 

To export OVAL interpreter log files

Open Vulnerability and Assessment Language (OVAL) is an open standard used to normalize the transfer of security information.

1. To export:
   • (All targets) Select the Actions icon  at the top of the Targets list. Then, select Export OVAL interpreter logs.
   • (Single target) Select the Actions icon  in the row for that target. Then, select Export OVAL interpreter logs .
2. In the dialog box that appears, for Export File Name, assign a path and a name to the file being exported. The path must be entered using the Network Shell style.
   For example, enter //myserver/shared/ComplianceRuleViews/OVAL.log. See  here for more information about entering paths in BMC Server Automation.
    The portal administrator can define a default export path for your site. If one is defined, you only have to enter a file name.
3. Click Export. 
   Your browser downloads the file according to your browser specifications. OVAL interpreter log files are human readable when viewed with a browser.

To export OVAL analysis files

1. Select the  Actions  icon   in the row for a target. Then, select  Analyze OVAL results .
2. In the dialog box that appears, for Export File Name, assign a path and a name to the file being exported. The path must be entered using the Network Shell style. The file ending must be .xml.
   For example, enter //myserver/shared/ComplianceRuleViews/OVALanalysis.xml. See  here for more information about entering paths in BMC Server Automation.
    The portal administrator can define a default export path for your site. If one is defined, you only have to enter a file name.
3. Click Export. 
   Your browser downloads the file according to your browser specifications. OVAL analysis files are human readable when viewed with a browser.

To export ARF, ASR, or AI reports

1. To export a report:
   • (All targets) Select the Actions icon  at the top of the Targets list. 
   • (Single target) Select the Actions icon  in the row for that target. 

2. Select one of the following options:

   • Export Asset Reporting Format (ARF) report
   • Export Assessment Summary Report (ASR) report
   • Export Asset Identification (AI) report

   A dialog opens. The dialog shown below is for an ARF report.  The same options apply to all three types of exports.
    

3. For Export File Name, assign a path and a name to the file being exported. The path must be entered using the Network Shell style. The file ending must be .xml.
   For example, enter //myserver/shared/ComplianceRuleViews/ARFreport.xml. See here  for more information about entering paths in BMC Server Automation.
    A default export path may already be defined for your site. If so, you only have to enter a file name.
4. For Report Type, select the reporting standard to use. In some situations only one option is available.
5. Click Export. 
   Your browser downloads the file according to your browser specifications. ARF reports are human readable when viewed with a browser

To export SCAP compliance results

SCAP compliance results are exported in a human-readable, HTML format.

1. To export compliance results:
   • (All targets) Select the Actions icon  at the top of the Targets list. Then, select Export SCAP compliance results.
   • (Single target) Select the Actions icon  in the row for that target. Then, select Export SCAP compliance results.
2. In the dialog box that appears, for Export File Name, assign a path and a name to the file being exported. The path must be entered using the Network Shell style. The file ending must be .xml.
   For example, enter //myserver/shared/ComplianceRuleViews/ScapResults.xml. See here  for more information about entering paths in BMC Server Automation.
    A default export path may already be defined for your site. If so, you only have to enter a file name.
3. For Result Type, specify whether you want to export all results, results for failed rules, or results for rules that passed. 
4. Select Split Files if you want a separate file to be generated for each server analyzed.
    
5. Click Export. 
   Your browser downloads the file according to your browser specifications. SCAP compliance results are human readable when viewed with a browser.

_{Back to top}

Rule results

The Rule Results tab shows the compliance status of all rules included in an SCAP Compliance operation. Select one or more of those rules, and the Targets list at right shows the compliance status of that rule for each of the operation's targets.

An icon next to each rule in the Rules list shows the status of all targets for that rule. Similarly, icons in the Targets list at right show the compliance status of each target.

The Rule Results tab also provides an option for exporting SCAP compliance results.

To search for rules or targetse

In the Search Rules box, enter a text string of any length. The Rules list shows all rules with names that include the text string. If you leave the box blank, the page shows all rules. Search for non-compliant targets in a similar way using the Search Targets box.

To filter rules or targets

Take any of the following steps:

• Click one of the wedges representing a compliance status in the pie chart at top and rule results are automatically filtered for that status. For example, if you click Fail in the pie chart, the Rules list shows rules for which targets have failed.
• Select a compliance status in the list at the top of the Rules list. The Rules list shows only rules matching that status. 
• Select a compliance status in the list at the top of the Targets list. The Targets list shows only targets matching that status.

To obtain information about a rule

In the Rules list, hover your cursor over a rule. A pop-up message describes the rule.

To export SCAP compliance results

SCAP compliance results are exported to a human-readable, HTML format.

1. Select the Actions icon  at the top of the Rule Results list and then select Export SCAP compliance results.
   A dialog box opens.
2. For Export File Name, assign a path and a name to the file being exported. The path must be entered using the Network Shell style. The file ending must be .xml.
   For example, enter //myserver/shared/ComplianceRuleViews/ScapResults.xml. See  here for more information about entering paths in BMC Server Automation.
    The portal administrator can define a default export path for your site. If one is defined, you only have to enter a file name.
3. For Result Type, specify whether you want to export all results, results for failed rules, or results for rules that passed. 
4. Select Split Files if you want a separate file to be generated for each server analyzed.
    
5. Click Export. 
   Your browser downloads the file according to your browser specifications.

_{Back to top}

Log messages

The Run Log tab lists all messages generated during a run of an operation.

To filter messages

At the top of the list, select a message type, such as Error or Warning. The Run Log list shows only messages of that type.

To search for messages

In the Search Messages box, enter a text string of any length. The list shows all log messages with names that include that text string. If you leave the box blank, the page shows all messages. 

To refresh the list of messages

Select the Actions icon  at the top of the Run Log list and then select Refresh.

_{Back to top}