View Reporting Dashboard

This chapter provides an overview of the Reporting Dashboard in Cisco Secure Workload, designed to assist Executives, Network Administrators, and Security Analysts in monitoring critical workflows and generating reports.

The chapter outlines how to generate reports, including options to download, email, or schedule reports on a daily or weekly basis. It emphasizes the importance of configuring the Simple Mail Transfer Protocol (SMTP) server for successful email scheduling. The Reporting Dashboard is a crucial tool for monitoring and managing security within Cisco Secure Workload. Effective report scheduling and generation are vital for maintaining oversight of security metrics and compliance.


Attention

Due to recent GUI updates, some of the images or screenshots used in the user guide may not fully reflect the current design of the product. We recommend using this guide in conjunction with the latest version of the software for the most accurate visual reference.

Table 1. Feature Information

Feature Name

Release

Feature Description

Where to Find

Integration of Cisco Vulnerability Management for Deep CVE Insights with Cisco Risk Score for Prioritization

3.9 Patch 2

You can use the Cisco Security Risk Scores of the CVEs to create inventory filters, microsegmentation policies to block communication from the impacted workloads, and virtual patching rules to publish the CVEs to Cisco Secure Firewall.

Summary Reports for Security Compliance

Reporting Dashboard

The Reporting dashboard provides visual representations of critical workflow status, troubleshooting capabilities, and report creation functionalities. From the navigation pane, choose Reporting > Reporting Dashboard to access the dashboard.

The sections below provide an overview of the reports and how to schedule and email reports.

Schedule Email Reports

To generate a report, choose from either of the options:

  • Download: After you generate a report, you can download and save a copy of the report for future reference.

  • Email: If you choose the option to email reports, an email will be triggered to recipients with the attached report.

  • Schedule: You have two options to choose from to schedule a report.

    • Daily

    • Weekly

      To schedule a report, enter the schedule details to trigger the report. Select Weekly or Daily, enetr the day and time, and the email addresses of the recipients. Click Create Scheduled PDF to save the details.


Note

If the report scheduling fails, check the schedule for any incorrect email address or incorrectly entered date and time.

Note

Without SMTP server configuration, email scheduling to send reports will be affected.

To access the report schedules that were generated earlier, choose Generated Reports > Schedules. If the report scheduling fails, check the schedule for any incorrect email address or incorrect date, time.


Note

The maximum number of schedules that you can store in the scheduling dashboard is five.

Summary Reports

The below sections provide a summary of real-time insights into the network flow information, security policies, system performances, and security threats. It enables Security Analysts and Network Administrators to make informed decisions and take measures to protect their data resources.

Summary Reports of Segmentation, Workload, Traffic Flow and Security

The overview section provides real-time insights into the network flow information, security policies, system performances, and security threats. It enables security analysts and network administrators to make informed decisions and take measures to protect their data resources.

Segmentation Summary

Workspaces are the building blocks to discover, apply, and manage policies and enforcement within the cluster. You can define segmentation memberships by selecting the appropriate scope.

Segmentation summary captures the configuration details for every workspace, all policy-related activities, such as defining, analyzing, and enforcing policies for a particular scope in the workspace or workspaces that are associated with that scope.

The graph displays a summary of the various policies that are associated with the workspaces.

Figure 1. Segmentation Summary

Workload Summary

The Workload summary provides the following details about the agents that are deployed on one or more servers and endpoints in the infrastructure:

  • Agents monitor and collect network flow information.

  • Agents enforce security policies with firewall rules on the installed hosts.

  • Agents communicate the status of the workload.

  • Agents receive updates on the security policies.

Figure 2. Workload Summary

Traffic Summary

Traffic summary captures the flow observations of each flow. Each observation in the flow source tracks the number of packets, bytes, and other metrics for the flows.

Figure 3. Traffic Summary

Security Summary

Security Summary provides Threat Intelligence Status (last time when the threat intelligence status updates were received are shown), count of CVEs, and distribution of Forensic events.

Figure 4. Security Summary

Operation Summary for Workload, Telemetry and Segmentation

Workload Summary

Workload summary provides a view of the total agents that are deployed on one or more servers and endpoints in the network. The agents monitor and collect network flow information, enforce security policies with firewall rules on the installed hosts, communicate the status of the workload, and receive updates on the security policies.

Figure 5. Workload Summary

Telemetry Summary

Many connectors that are deployed on the virtual appliance collects telemetry from various points in the network, these connectors must listen on specific ports on the appliance. Connectors can ingest flow logs if you have setup flow logs for your specific security groups. You can also use the telemetry data for visualization and segmentation policy generation.

Figure 6. Telemetry Summary

Cluster Summary

Site Admins can access the cluster status page, but the actions can be carried out only by Customer Support. It shows the status of all the physical servers on the Cisco Secure Workload rack.

The processing and retention time for clusters refer to the duration for which data is stored and processed within a cluster. The specific processing and retention times depend on the requirements of the workload and the policies of the organization.

It is important to consider the processing time requirements when configuring the cluster, as this can impact the storage capacity and processing power that is needed to meet the workload's needs.

Retention time refers to the length of time that data is retained within a cluster. For some workloads, data may need to be retained for regulatory or compliance purposes, while for others it may be deleted once it has been processed. It is important to establish retention policies for the workload to ensure that data is retained for the appropriate length of time and then deleted securely to prevent unauthorized access.

Figure 7. Cluster Summary

Segmentation Summary

Segmentation or Application Workspaces are the building blocks for discovering, applying, and managing policy and enforcement within the cluster. The segmentation summary captures the configuration details for each of the Application Workspaces implemented, the no. of workspaces with and without enforcement, policies that have been enabled or disabled, workspaces that have up-to-date policies or out of sync, and with or without draft policies.

Figure 8. Segmentation Summary

Summary Reports for Security Compliance

Cisco Security Risk Score Summary

Cisco Security Risk Score Summary provides the risk assessment of your workloads based on the Cisco Security Risk scores. The Cisco Security Risk Score graph displays the number of workloads with high, medium, and low severity CVEs. The CVE's Risk Details graph displays the number of CVEs for each of the supported attributes of Cisco Vulnerability Management.

Figure 9. Cisco Security Risk Score Summary

The downloaded compliance report lists top 10 workloads with CVEs of high severity status based on the Cisco Security Risk Score.

Workload Summary

Workload Summary provides a view of the total agents that are deployed on one or more servers and endpoints in the infrastructure. The agents monitor and collect network flow information, enforce security policies with firewall rules on the installed hosts, communicate the status of the workload and receive updates on the security policies.

Figure 10. Workload Summary

Security Summary

Configure your forensic events; once configured, all tactics are displayed without any rules under them, with a count of 0. Select one or more forensic rules to make the selection at the tactic level. Selecting a tactic selects all the rules under it. Default MITRE ATT&CK rules are provided to alert techniques from the MITRE ATT&CK Framework.

Figure 11. Security Summary

Workspaces with CVEs

Based on the scope that is selected and the scoring system (v2 or v3), the common vulnerabilities and exposures (CVE) count highlights the vulnerabilities (sorted by the scores) on workloads in the selected scopes. See the distribution of workspaces and the workloads with the highest number of critical CVEs.

Software packages on a workload could potentially be associated with known vulnerabilities (CVE). Common Vulnerability Scoring System (CVSS) is used for assessing the impact of a CVE. CVE can have CVSS v2 and CVSS v3 score. To compute the vulnerability score, consider CVSS v3 if it is available, else CVSS v2 is considered.

Vulnerability score for a workload is derived from scores of vulnerable software that is detected on that workload. The Workload Vulnerability Score is calculated based on the CVSS scores, the vendor data, and the security research team may adjust when the data is missing or inaccurate. Higher the severity of the most severe vulnerability, lower is the score.

Figure 12. Workspaces with CVEs