BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

How To Leverage MS SharePoint for UVM Reports

Posted September 8, 2011    Morey Haber

One of the most important facets regarding security is escalating data to the proper individuals in a timely manner. This is generally done using reports or some form of email alerts. In the context of reports, securing and proper distribution of the contents is just as important as the data contained within. In other words, making sure sensitive scan data is hosted and secured correctly against improper distribution or misrepresentation.

The user community has driven the ease of use of this process by making reports fully available in an email or an email with a hyperlink that secures the content for the proper trusted audience. Recently, the user community has been requesting yet another vehicle for hosting reports in a simple and secured fashion for additional team members (such as executive management and auditors) that extends beyond traditional notifications. Publishing reports to a portal.

The most common portal integration request is for Microsoft SharePoint. Retina Insight is a data warehouse solution that aggregates long term unified vulnerability management data for assessments, attacks, malware, assets, compliance, risk, and regulatory initiatives in a single location. Reports follow a role-based access model and can be generated ad-hoc, saved, or scheduled for automated generation and delivery. The scheduling function is specifically called “Subscriptions.” Subscriptions in Retina Insight allow direct integration into Share point by either (A) emailing reports to a share point SMTP mail daemon or (B) publishing the reports to a UNC share for directory and file-based publishing. Here is how they work.

First, after selecting any report within Retina Insight, a user can set the relative filter parameters and Smart Group. Then, they click “Subscribe” as illustrated below.

Next, the user needs to decide which integration method they want to use, either via email or shared folder. This forms the basis for SharePoint integration.

(A) Retina Insight email integration to SharePoint.

  1. As documented in this Programming4US article (http://programming4.us/enterprise/3454.aspx) a user simply needs to enable the receipt of SMTP email via Sharepoint and set the appropriate permissions to receive .eml content. It is important to note, that to avoid internal Spam and misuse, security settings should only permit postings from Retina Insight or other security tools.
  2. Select “Deliver the report through e-mail” and Select Next.
  3. Next, the user then completes details regarding the report title, SharePoint email address, etc. and then selects Next (illustrated below).
  4. Finally the user selects (not illustrated) the reoccurring schedule for the report and the Subscription will generate a new report and email it to SharePoint for publication.

    (B) Retina Insight UNC Share integration to SharePoint.

    1. By default, you can access SharePoint document libraries via a UNC share if the system is properly setup (\\server\sharepointsite\doclibname) or you can follow this Microsoft TechNet Article on how to Connect Web Sites to UNC Network Shares (http://technet.microsoft.com/en-us/library/cc768023.aspx). The later can be used to host saved reports remotely via UNC share for SharePoint.
    2. An important consideration for the shares is there visibility. You may want to create any of them, local to the SharePoint Server or remotely, hidden by suffixing the share name with a “$” to add an additional layer of security.
    3. Next select “Deliver the report through a shared folder” and Select Next.
    4. Then, the user then completes details regarding the report title, UNC address, file format for the report (PDF, Word, Excel, etc.), permissions, and if the file should be overwritten or incremented on the target. (Illustrated below)
    5. Once the permissions have been entered, the user can select “Test” to verify the UNC share will accept file writes.
    6. Finally the user selects Next (not illustrated) and they can set the reoccurring schedule for the report. It will then be automatically written to the UNC share SharePoint for publication.

     

    Disseminating critical security data is key to any modern Internet enabled organization. By the way, that is just about every business today. Having reports available only to security teams is no longer enough. Having summarized data for executives, regulatory information available to finance and auditors, and patch information available to administrators helps every team perform their functions at optimal levels. Retina allows these reports to operate outside of the island of traditional security and be available to everyone through solid third-party integration into Microsoft SharePoint.

    For more information on how eEye can help raise unified vulnerability management awareness in your organization, please click here. “Knowledge is Power” (-Francis Bacon) and good security information in the right hands can help secure your business from modern day threats.

    Leave a Reply

    Additional articles

    PowerBroker Password Safe Password Age Report

    Reshaping Privileged Password Management with Password Safe 5.2

    Posted July 21, 2014    Martin Cannard

    Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

    Tags:
    , , ,
    PowerBroker for Windows tamper protection

    PowerBroker for Windows 6.6 Tamper Protection

    Posted July 18, 2014    Morey Haber

    I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

    Tags:
    , ,
    PowerBroker for Windows can be configured to automatically identify the end user’s language preference

    Implementing Least Privilege Around the World with PowerBroker for Windows

    Posted July 17, 2014    Morey Haber

    BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

    Tags:
    , ,