Types of Reports: Overview

Overview and General Principles

Reports in Ecora Auditor Professional are the consolidated and structured representation of the datasets collected during the collection part of the process. On the back end, reports are generated through a query issued to the SQL server (assuming SQL instance is used instead of Oracle) where the Ecora Database is located. This SQL query also contains structural and logical information to be used in the report generation, i.e. it defines what information will be pulled from the dataset, how it will be connected, and filters would be applied. On the front end, the report is generated via a spreadsheet-like interface, where the same parameters are defined in a human-friendly interface.

Ecora Auditor Professional supports four general types of reports:

• Configuration Reports
• Fact-Finding Reports (FFR)
• Change Reports
• Baseline Reports

Each type of report can be accessed through Reports-->Desired type of report from the main user interface, or from the corresponding type of report button from the shortcut buttons menu. Ecora Auditor Professional provides hundreds of canned reports, however each report is completely customizable within its corresponding module. For more information regarding what each attribute in the reports represents, please refer to Attributes Description.

All canned reports that come with Auditor can not be deleted or modified. Copies can be made of any canned report and those reports can then be modified. If you start with an existing canned report, you can make changes to that report, but you will have to rename the report prior to saving it. There is one more option that can be done. If you modify a canned report you will be given the option to save the report or not save the report. If you choose not to save the report, the report will still be generated with the changes, just not saved that way. The reason behind this concept is that the customer should always be able to use the canned reports as a starting and/or reference point.

Configuration Reports

A configuration report would look into the general system configuration of a desired system, or several systems. This type of report would provide customers with various configuration data of interest for audit or for general systems housekeeping. Configuration reports will provide information such as hardware configuration (e.g. hard drive type and size, network devices, etc.) and/or software configuration (e.g. operating system, installed drivers, applications, hotfixes, system policies, etc.)

Configuration reports can be ran against both servers and workstations, as well as active directory, etc. Typically configuration report generation is automated, so the customer is presented with a configuration reports only when certain events are triggered. Detailed information regarding Configuration Reports can be found here

Fact-Finding Reports

Fact-Finding Report definitions are templates, which create the structure of the report, but do not contain the actual content from your environment. Each Ecora product comes with a collection of built-in report definitions designed to solve typical problems or project needs. While these report definitions cannot be deleted, they can be used as the basis for custom created reports you need. If, for example, the security report contains 90% of the information you need, it would be far quicker to copy and edit the existing security report definition and add the additional parameter needed, than to start a new report definition from scratch.

FFRs investigate various parameters on a set of systems. All policy compliance reports, such as GLBA, HIPAA, PCI, Sarbanes-Oxley, etc. would fall into that category. One of the most powerful tools of Ecora Auditor Professional, FFRs can provide either the broad picture of an entire network and analyze its compliance with certain criteria, or dig deep into a given set of systems and find details of interest. Typically FFR generation is automated, so the customer is presented with an FFR when certain events are triggered, for example every 1st of the month, etc. Detailed information regarding FFRs can be found here.

Change Reports

Change Reports look into the evolution of a given system over time. They are a valuable tool when analyzing changes that occurred to a system of interest over time, and thus are important for any change management project. Change Management allows you to choose two new or existing data or report sets (by date or by system) and compare them against each other. Typically all Change Reports are is automated, so the customer receives a notification (with or without the actual Change Report only when certain change occurs.

Change reports are described in detail here.

Baseline Reports

Baseline Reports are generalized type of change management reports, where an entire set of systems are compared against a "Gold Standard" system, or a baseline. This type of reports are especially valuable tool in large environments of hundreds or thousands of servers and workstations. For example if the customer wants to analyze the antivirus definitions state of his or her workstation network, they can compare the installed antivirus definitions on each machine (which is usually performed via analyzing the corresponding registry key(s) and as a standalone task is achieved through a Configuration Report) against a baseline. This type of report can be configured such that only machines that deviate from the baseline are reported, facilitating the IT professionals in charge.

Generally, all Baseline Reports are fully automated so the customer receives notification only when systems deviate from the set "gold standard". Baseline Reports are detailed here.

Reports: Logic and Workflow

Generating a report is the final and perhaps most important step in using Auditor Professional. During each collection a dataset is collected and written into the Auditor Professional Database. Thus the database contains hundreds or thousands of datasets, sometimes collected from many modules (e.g. Windows, Unix, SQL, Oracle, etc.), from which specific information needs to be extracted, consolidated and structured into an easy to read report. This is achieved trough a spreadsheet user interface, where the customer selects the relevant group and subgroup of attributes (i.e. the subgroup Servers under the Windows group of attributes) and connects them in a concise report by applying certain criteria (i.e. by filtering the information to their taste). Furthermore, the customer decides how many datasets need to be included in the report, e.g. the most recent, all datasets collected in the last 2 weeks, etc. Once the customer makes their choice, based on it a SQL query is produced by Auditor Professional, which pulls the relevant information from the database and combines it in a report.

There are two general ways of approaching the report creation in Ecora Auditor Professional:

• Modifying an existing canned report, or

• Starting a new report from scratch

In practice, almost all of the custom reports desired by the customers can be generated from the hundreds of canned reports included in Auditor Professional. Typically, only 10 to 20% of the relevant canned report would need to be customized to complete the task at hand. Therefore, the best approach to creating a custom report would be as follows:

1. Determine the type of information you would like to report, thus determining the type of report. For example, if you want to analyze your network for PCI compliance, you would have to choose Fact-Finding Reports as your starting point, while if you would like to analyze your system for outdated antivirus definitions you would have to choose Baseline Reports as your starting point.

2. Browse or search the canned reports under the corresponding section selected in step 1.

3. Select the report, which is the most relevant to your task. You don't have to browse through the entire selection of canned reports, just choose one that is close enough to the task at hand.

4. Open the report for editing and add/remove the columns you want.

5. Add the filters you need, for example filter by domain, user group, etc.

6. If you are fluent in SQL scripting, you may view and modify the SQL query by pressing the View SQL button, however keep in mind that once the SQL script is modified, the report cannot be edited via the spreadsheet-like interface anymore. Avoid editing the SQL script directly, if at all possible

7. Generate a sample report to verify if you have consolidated the desired data, and if the correct filters are applied. If not, proceed with steps 5 to 7 until you are satisfied.

8. Save the customized report under a new folder within Auditor Pro, e.g. Custom Reports, etc.

9. Automate the process.