Compliance reports return vital information on the status of your cloud instances, but this data must be generated first by running your first Scan task. Once the scan task has completed successfully, compliance data can be viewed one of three ways:
- The Compliance Summary report shows a server fleet view of compliance across the entire organization - all applications, regions, accounts and departments. Use this view when you want to report across everything within a single pane of glass.
- The Patch Summary report shows compliance based upon patch policies. Use this view when you want to report across instances based on the patch policy they are attached to.
- The Applications Compliance report shows compliance based upon individual applications. Use this view when you want to report against selected applications for a greater granularity than the Compliance and Patch Summary reports.
This article will walk you through how to configure your first scan task and generate your first report.
What you will need:
- You will need to know the instance(s) you would like to run this against
- You will need to know the patch policy you would like to compare your patches to
- You will need to know how you would like to be notified. (Default is in the MontyCloud Console)
Configuring your first scan task:
- Navigate to Operations → Patch Compliance → Vulnerability Scanning
Click on +New Scan to start the task creation wizard.
Enter your Task Details → Click Next.
Task details should contain human readable information that helps you identify the scan task at a later time.Choose your Patch Policy → Click Next.
Patch policies are based on operating system or Linux distribution. For a heterogenous environment, you will need to configure a scan task for each patch policy you wish to use based upon the operating systems used within your cloud instances.Select your Targets → Click Next.
Targets can be selected based upon individual instances, or server groups that you create.If you desire to be notified when a scan task has completed, you can use the Notifications step to setup a notification.
- To Enable - Toggle the button if you want to Enable Notifications. (Default is Disable Notification) → Click “Add Notification” → Select (Slack or AWS SNS) → Enter your details → Click Add → Click Next
- To Disable (Default) Notifications – Make sure the toggle button is set to Disable. → Click Next
- To Enable - Toggle the button if you want to Enable Notifications. (Default is Disable Notification) → Click “Add Notification” → Select (Slack or AWS SNS) → Enter your details → Click Add → Click Next
- The Automation step instructs the DAY2 platform when you want to execute the scan task. The default is to run immediately (an on-demand task), but scan tasks can also be scheduled.
- To execute this Task now Choose Now (Default is Now) → Click Next
To execute this Task at a scheduled time choose Later → Select the time you would like to schedule this → Click Next
- To execute this Task now Choose Now (Default is Now) → Click Next
- Review the task details, and then click Create Scan to finish the task creation process.
Once the scan task has completed successfully, the compliance data will have been collected and you can then generate your compliance report.
Generating your compliance report
- Navigate to Reports → Security & Compliance
- Select the report you want based on the view that fits your needs by clicking Run against the desired report:
- To view across everything within a single report, select the Compliance Summary report.
- To view based upon a patch policy, select the Patch Summary report
- To view based upon one or more applications, select the Applications Compliance report.
- All reports will ask for a date - this is the point-in-time on which to select the data to generate the report. By default, it is always set to today, but if you want to look back in time, you can change the date selector.
- Different reports will ask for different inputs - select the appropriate input, then click on Run Report
- The Compliance Summary report looks across all instances, and will only ask for a date.
- The Patch Summary report will ask you to select a patch policy to report against.
- The Applications Compliance report will ask you to select one or more applications to report against.
The report will then be generated and displayed within your browser.