Tell me about the SCAP Rule Pass/Fail Report

Launch the Rule Pass/Fail Report to see the SCAP compliance posture for a particular rule in a selected SCAP policy.

When is this report available?When is this report available?

This report is available only when the SCAP application is enabled for your subscription and you have compliance management privileges.

 

Go to PC > Reports and select Reports > New > SCAP Report > Interactive. Select Rule Pass/Fail and click Run. Tell us which policy and rule you want to report on, and choose other report settings. Click Run again.

When you're running your report use the Display option to filter the hosts displayed in the report based on posture. You have these options: Passed (Fixed), Failed (includes Error and Unknown) or Ignored (includes Not Applicable, Not Checked, Not Selected and Informational).

 

The summary section shows the SCAP policy title, benchmark, profile, version and technology, the specified report source options, and the number of hosts in and out of SCAP compliance.

This section is visible only to Managers and Auditors. Asset group information includes the number of IPs and domains assigned to the group, the number of users with privileges to the group, and the location, function and division specified for hosts in the group. The business impact level indicates how critical the asset group is to your organization, and the CVSS Environmental metrics are shown when CVSS Scoring is enabled for your subscription.

Each host in the report is listed with the posture for the selected rule. Our service evaluates the test results for all the nodes (definitions and test sections) according to the rule and determines whether the host satisfied the conditions of the rule.

Passed - The test results for all the nodes satisfied the conditions of the rule.

Failed - In a case where the evidence has a node with the result Error or Unknown, our service will assign the posture Failed since the host did not satisfy the conditions of the rule. If the result is Error, our service reports Failed (Error). If the result is Unknown, our service reports Failed (Unknown).

A rule is ignored if you see one of these postures: Not Applicable, Not Checked, Not Selected or Informational. Not Checked indicates that the rule refers to checks in checking systems other than OVAL (http://oval.mitre.org/XMLSchema/oval-definitions-5). This includes OCIL checks.

Evidence is available in the report when the Evidence option is selected in the report source. You can tell whether there is evidence in the report by placing your mouse over a row in the Results section. When evidence is available, the browser pointer changes from an arrow to a hand and the row (rule) is highlighted. Click the row to see the evidence for the rule on the host. By reviewing the evidence you can easily determine why the rule passed or failed for the host. The evidence content for a rule is displayed in a tree structure with nodes that represent the logic of the rule and the scan tests performed on the host. You can expand and collapse sections of the evidence tree by hovering your mouse over a node and then clicking the link to change the view. You will notice when you move your cursor over a node, the browser pointer will change to a hand and the link will be underlined so you can follow the link. Each node in the evidence tree identifies the OVAL test result status so you can determine compliance within the rule sections. A Red node in the evidence tree indicates a failed test. A Definition node identifies an OVAL definition test and results for the rule.

The rule titled "Security Patches Up-To-Date" provides evidence for special patches tested during the most recent SCAP scan of each host in the SCAP policy. These include all patches defined in the "patches" file in the SCAP policy when present. For each host you'll see the patch status. The status Pass indicates the patch was found during the last SCAP scan on the host, and the status Fail (in Red) indicates the patch was not found during the last SCAP scan on the host.

 

Quick Links

About SCAP Reporting

Set up SCAP policies

Manage your assets

Did you know? You can modify the report settings to change the report output in real-time. Go to View > Setup Pane.

Tip Interactive reports are not saved to your reports list. You can download and print the report from the File menu within your report.