Auditor Help: Fact-Finding Reports

Fact-Finding Report definitions are like templates, they create the structure of the report, but do not contain the actual content from your environment. Each Ecora product comes with a collection of built-in report definitions designed by systems engineers to solve common problems or project needs. While these report definitions cannot be deleted, they can be used as the basis for custom reports you need. If, for example, the security report contains 90% of the information you would like, it would be far quicker to copy and edit the existing security report definition than to start a new report definition from scratch.

Warning Warning: None of the reports can provide a thorough analysis if you do not document ALL systems in your infrastructure. A security-oriented report, for example, will necessarily have "blind spots" where systems that are not documented may have vulnerabilities.

Generating a Fact-Finding Report

To generate a Fact-Finding Report:

  1. Click on the Fact-Finding button or choose Reports... Fact-Finding Report Definitions....
  2. Use the uppermost set of tabs to select the area of the report:
          OS includes Windows, Unix, and Novell NetWare operating systems.
          DB includes Oracle and MS-SQL databases.
          Web includes Internet Information Services (IIS).
          Messaging includes Exchange and Domino systems.
          Network includes Citrix and Cisco routers and L3 switches.
          Directory Services includes Active Directory (AD).
  3. Use the second set of tabs to select the module for the report.
  4. Use the left-hand pane to navigate to, expand, and select the general information you wish to include.
  5. If necessary, expand the tree in the left pane to locate the category containing the report you wish to run.
  6. Once populated, use the center pane to select the settings to include.
  7. Click Edit in the table if the report already contains a table
    OR
    click the New Table button to begin defining a table.
    OR
    click the Edit Table button to begin editing the selected table.
    See the instructions for Editing a Fact-Finding Report Definition.
    Helpful Hint Tip: Fact-Finding Reports are formatted as a series of tables containing the results of the queries you define in this dialog box. You can choose to present only one attribute per table or to group related settings in one table.
  8. Click the Logo button to change the image/logo appearing on the report.
    Note Note: The image should not exceed 80 pixels high.
  9. In the Output Format area, click in the checkbox(es) for the file format of the report:
    HTML Report - saves the data to the formatted report for viewing in a web browser;
    Export to CSV file - saves the data to a comma-separated value file for importing, manipulating, or using with other applications;
    Helpful Hint Tip: The CSV reports mimic the FFR report - in column names, layout, data order, etc.
  10. In the Report Criteria area, click in the radio button for the data range:
    Relative Time Range - includes data from the last n hour, day, week, month, or year you choose in the drop-down lists;
    Exact Time Range - includes data from a time span you specify in the drop-downs;
    Select Dataset - includes data from a single collection / data set entered or located using the Browse... button;
    Most Recent - includes the most current data available in the database;
  11. Click Generate >
  12. Accept (or change) the timestamp name and click OK.
  13. When the report finishes, click View to see the finished report in a browser.

Helpful Hint Tip: Fact-Finding Reports exported as CSV files take the FFR name if there is only one table; multiple tables are saved as separate .csv files with the FFR name appended with the table name. They are saved to the default location and visible through the main interface under the FFR tree.

Report Definition dialog

Creating a New Fact-Finding Report Definition

To create a new report definition:

  1. Choose Edit... Fact-Finding Report Definitions....
  2. Click the New... button.
  3. Follow the instructions for Editing a Fact-Finding Report Definition.

Report Definition dialog

Copying a Fact-Finding Definition

To copy a report definition to create a new report definition:

  1. Choose Edit... Fact-Finding Report Definitions....
  2. If necessary, expand the tree in the left pane to locate the category containing the report you wish to use.
  3. In the right pane, select the report definition on which to base your new report definition.
  4. Click Copy.
  5. Select the copy and click Edit....
  6. Follow the instructions for Editing a Fact-Finding Report Definition.

Resources See also the appendix on Fact-Finding Reports.