BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reporting Snapshots and Saved Views

Posted June 7, 2011    Morey Haber

I would like to tell you about a new feature recently added to Retina Insight. It may sound so simple but it solves a huge problem for businesses that like to perform ad-hoc reports.  If your one of those companies that likes to run reports ad-hoc, when you want, and review it compared to older reports saved electronically the same way, read on.

So here is the problem. Often users run ad-hoc reports on a data set that is constantly changing due to new events and identified vulnerabilities. When they run the report one day, the output may have a given number of vulnerabilities and running it the next day, a new and different tally. Users can traditionally fix this by specifically choosing the scan job to generate the report and save the results. This does not however allow reports to be generated with relative dates (last 30 days for PCI) since this is a moving relative date range. Reports will inherently change day after day as they are executed and ad-hoc reports become relative to the date they where executed. So how do you run a report with a relative period and save them in context with only the data available for that date? This is where the new feature comes in – Saved Views and Save Snapshots. First, let me define each of them:

Saved Views – When setting up a report, a user can selected various criteria including the chart type, relative date range, and devices in scope (Smart Groups) to include in the report. Once they have made all the selections, just the way they like them, a Save button is available to store the reporting filters exactly the way they like them for future reports. This is a Saved View.

Saved Snapshots – After a report is generated, a Saved Snapshot stores the data permanently “as is” into the database. The report is now electronically stored in its original format (not downloaded as a PDF) for retrieval and interaction using data specifically generated from the relative dates and scans selected with full drill down capabilities. Essentially, it is a snapshot of the report stored in the database from the date and time it was run and never changes based on any new or purged data for its rendering.

So why is this so important for ad-hoc report users?  First, when generating a report, you can setup it up to run every time the way you like it. Second, once you generate it, the report can be can stored electronically in its native format for future viewing or even exporting later into a different format. After you store several Saved Snapshots, you will a have running library to reference old reports and a guide to where you have been, and where you are potentially going. Having them all stored online, or even published to MS SharePoint using the “Subscribe” button provides the historical transparency  you need to meet many regulatory initiatives and best practices for data security. It answers that question, “didn’t we see that before?” or even “do you have that old report?”

For more information on Retina Insight, please click here. This new feature can save you endless hours thumbing through old reports (PDFs) and track historical data from the date it was generated. Any clients that need to be able to provide historical reporting on the fly, especially from ad-hoc reports, will benefit from these new features.

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,