Security audit report

Security Audit Report

Report on relevant security information

Description

Two Reports and eight Agent Procedures to get a good overview on the following:
1. Antivirus status
2. Installed antivirus and antimalware products including version and if it is up to date
3. Guest account status on endpoints
4. Endpoint BitLocker status
5. Endpoint Firewall status
6. File table overview and list any endpoints with insecure file tables
7. The status of SMB1 on endpoints
8. The status of machines that have USB mass storage allowed or disabled
9. List of machines that is vulnerable to Meltdown
10. A list of all local admins on each endpoint
11. A list of VSA users their last login and their Roles and Scopes
12. A list of all network shares on every endpoint
13. Top five machines missing patches (Software Management module)
14. Top five products with vulnerabilities on the network (Software Management module)
15. Patches pending approval by KB number (Software Management module)
16. Pending patches by impact and number of machines affected (Software Management module)
17. List of critical patches pending approval that is older than thirty days (Software Management module)
18. Machines out of the compliance policy (Software Management module)

The second report lists all endpoints that BitLocker is enabled and report the Recovery Key. The Agent procedures included documents all data to the asset in custom fields.

This pack should help get you on your way to build your own agent procedures, custom fields, and report parts relevant to your business.

NOTE: If you get an error importing the Security Audit Report it is most likely because you do not have at least one of the following three modules: Kaseya Antivirus (KAV), Kaseya Antimalware (KAM), or Software Management on your VSA instance. If this is the case you can import the XML file called Security_Audit_Report__No_KAV__KAM__or_KSM_modules_.xml. This report has the components that require those modules removed.

Developer
  • Name: Sidney Sahdala
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Security Audit Report
  • 226 Downloads
  • Released on June 4th, 2018
  • Reviews

    Security Audit Report has no reviews.

    Discussion
    Gravatar for Stefano Benini
    Stefano Benini 4 months ago

    Hello,

    I receive this error when I import the report Security_Audit_Pack_Reports.xml:

    Unexpected error - System.ApplicationException: The message key 'ReportDesignerInstanceAddFailed for : Failed to retrieve DataSet 'Out of Compliance'    at Kaseya.ImportCenter.Report.ReportDesignerDataSetInstance..ctor(XmlNode reportDataSetInstanceNode, Decimal partitionId)

       at Kaseya.ImportCenter.Report.ReportDesignerInstance..ctor(XmlNode reportInstanceNode, Decimal partitionId)

       at Kaseya.ImportCenter.Report.ReportImporter.ImportCustomReport(XmlNode reportNode, Boolean systemLoad, ImportResponse response, Boolean overRide, Int32 sortOrder, String treeFullPath) ' is not in the message file ImportCenter/ImportCenterMessages.xml

       at Kaseya.ImportCenter.MessageMap.GetMessage(String key)

       at Kaseya.ImportCenter.ViewImportLogDetail.LoadGrid()

    Gravatar for Tim inman
    Tim inman 4 months ago

    Hi

    When I downloaded and installed the nly repor tthat shows is the Bit Locker one, the Security Audit one is not available

    Gravatar for Sidney Sahdala
    Sidney Sahdala 4 months ago

    If you are having problems importing the reports check which version of VSA you are using. I made a separate XML called Security_Audit_Pack_Reports.xml that should have both reports. I just did a test import on a 9.5.0.7 test box and it created a folder in Infocenter > Reporting > Reports in the Shared folders called Security Reports and both showed up. I tried importing to a previous version and the fields just didn't map properly. 

    Can you try to make sure you create the custom fields first and import the reports as a Master user and let me know the outcome, please?

    Gravatar for Sidney Sahdala
    Sidney Sahdala 4 months ago

    Hi Stefano,

    Is the Software Management module showing up on your VSA?

    It looks like it may not be because the error is referencing a report part that is installed when the module is added. If not your Account Manager can activate it for you. 

    Thanks!

    Gravatar for Tim inman
    Tim inman 4 months ago

    Hi Sidney - let me try again and will get back to you - the agent procedures work fine just the reports not working

    Also the version we are on is 9.4.0.37

    thanks

    tim


    Gravatar for Sidney Sahdala
    Sidney Sahdala 4 months ago

    I found out that the report import will fail if you do not have the Kaseya Antivirus, Antimalware, and Software Management modules on your VSA instance. I will be adding more reports to the ZIP file without the Antivirus, Antimalware, and Software Management components.

    Gravatar for Tim inman
    Tim inman 4 months ago

    Thanks as we do not use the Kaseya Antivirus, Antimalware, and Software Management modules

    Gravatar for Sidney Sahdala
    Sidney Sahdala 4 months ago

    Hi Tim, I updated the ZIP file and added a new XML file for a report without the KAV, KAM, and Software Management components.

    Gravatar for Brandon H
    Brandon H 3 months ago

    This is really great Sidney, I already have it installed and using it as is.  I don't suppose you could add procedure to tell whether TLS 1.0/1.1 are disabled?  Would be great for customers with PCIDSS compliance needs..  I would be happy to donate something for the cause.  

    Gravatar for Sidney Sahdala
    Sidney Sahdala 3 months ago

    Great idea, I'll work on that... I'm on vacation... sorry for the delay in my response.

    Gravatar for Rey Marquez
    Rey Marquez 3 months ago

    I'm also only getting a Bitlocker module, which works great by the way. Would you mind confirming that the other procedures are there also?

    Gravatar for Scott Wolff
    Scott Wolff 2 months ago

    Unfortunately, I am only getting the Bitlocker Agent Procedure showing up, but both reports are there.  Bitlocker Procedure works great and shows up in the custom field, and report.  Would love to have the agent procedures show up for the other ones to see how they look too.

    Gravatar for Sidney Sahdala
    Sidney Sahdala 2 months ago

    I tested the import again and it seems to work for me. Which version on VSA are you using?

    Gravatar for Scott Wolff
    Scott Wolff 2 months ago

    Hey Sidney, thanks for getting back to me, and I apologize for the delay in responding.  I wanted to try a reboot of the server first, so it would not waste any of your time if this fixed the issue.  We were able to find a maintenance window this weekend to reboot our VSA server, and after the reboot all the Agent Procedures appeared in their own custom folder.  Not sure what the hangup was since the import center said everything was successful, but appears the issue was with our server.  All agent procedures, reports, and custom fields work perfect.  Thanks for your work on putting this together and posting it on the Automation Exchange!

    Gravatar for Curtis Duck
    Curtis Duck about 1 month ago

    The Spectre/Meltdown test does not work correctly. I tested the link to download from MS and it fails. After correcting this it still does not appear to be working correctly.

    Gravatar for Sidney Sahdala
    Sidney Sahdala 22 days ago

    Hi Curtis, I see that Pedro P. Polakoff III from CWPS posted a newer version of the Spectre/Meltdown Check. He says something wasn't right with our method. You can download it here https://automationexchange.kaseya.com/products/524. Ill have to find a way to implement it in this report. I haven't tested his solution but if it stores the information in a custom field then it should be easy to report on. 

    Gravatar for Ian Shaffer
    Ian Shaffer 3 days ago

    I'm getting the following message when I attempt to import the audit pack reports (same as the first comment in this list):

    Unexpected error - System.ApplicationException: The message key 'ReportDesignerInstanceAddFailed for : Failed to retrieve DataSet 'Out of Compliance'    at Kaseya.ImportCenter.Report.ReportDesignerDataSetInstance..ctor(XmlNode reportDataSetInstanceNode, Decimal partitionId)

       at Kaseya.ImportCenter.Report.ReportDesignerInstance..ctor(XmlNode reportInstanceNode, Decimal partitionId)

       at Kaseya.ImportCenter.Report.ReportImporter.ImportCustomReport(XmlNode reportNode, Boolean systemLoad, ImportResponse response, Boolean overRide, Int32 sortOrder, String treeFullPath) ' is not in the message file ImportCenter/ImportCenterMessages.xml

       at Kaseya.ImportCenter.MessageMap.GetMessage(String key)

       at Kaseya.ImportCenter.ViewImportLogDetail.LoadGrid()

    Gravatar for Sidney Sahdala
    Sidney Sahdala 3 days ago

    Hi Ian,

    There are two reports, one you need Software Management, Kaseya Antivirus (KAV), and Kaseya AntiMalware (KAM). If you dont have all these modules then that will fail. Import the second XML file called Security_Audit_Report__No_KAV__KAM__or_KSM_modules_.xml.

    Let me know how it goes.

    Gravatar for Curtis Duck
    Curtis Duck 3 days ago

    I corrected the report he was not stepping out enough spaces to parse the information correctly in the Spectre/Meltdown text files. This is working after adding the correct spacing in his procedures.

    Gravatar for Ian Shaffer
    Ian Shaffer 3 days ago

    Sidney,

    I just was licensed for Software Management 15 minutes ago. It's working now. :D

    Thanks!