Understanding the SCAP analyzer report

Open the Security Content Automation Protocol (SCAP) analyzer report in a web browser.

The SCAP analyzer report contains five sections:

  • Scoring — Shows the total compliance score, copied from the XCCDF results file
  • Target Details — Shows system details about the target server
  • Benchmark Details — Shows information about the benchmark that was used in the SCAP Compliance Job whose results are being analyzed
  • Group Rule Hierarchy — Shows details about the benchmark's rule groups, including the rules in each group
  • Rule Results — Shows the results details for each rule

A navigation bar at the top of the report lets you go directly to each of the sections. To navigate from the Group Rule Hierarchy section to the Rule Results section, click a rule. The rule criteria tree in the definition table includes active links to the tests table, and, for complex tests, active links exist between the rule table and the definition table.

You can filter the report to show only passed rules or only failed rules. To filter, go to the Scoring section in the report, click the Filter Result Type dropdown list, and select a filter.

Color coding indicates rule status:

  • Rules, definitions, and tests that produced a status of Pass, Not Applicable, Not Selected, Informational, or Not Checked appear in blue.
  • Rules, definitions, and tests that produced a status of Error, Unknown, or Fail appear in red.

The tests table in the Rule Results section displays expected and actual settings on the target, as follows:

  • When the criteria result has an OVAL state of Pass or Fail, the report shows the expected and actual settings.
  • When the criteria result has an OVAL state of Error or Unknown, the report shows the expected setting, but not the actual setting.
  • When the criteria result has an OVAL state of Not evaluated or Not applicable, the report does not show the expected nor the actual setting.
  • If a rule result is Not Applicable, Not Checked, Not Selected, or Informational, the report does not show a definition table for that rule.

Note

Due to an issue in Ovaldi, this report might show wrong results for the rules if different values are passed to the same oval definition from different rules. Avoid generating this report in such situations. 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*