28 Replies Latest reply on Dec 24, 2013 10:15 AM by damiancbessemer

    Policy Reporting

      In the Cirrus version 3, SolarWinds is adding Policy Reporting.  Included within Cirrus will be numerous out-of-the-box policy reports.  We want to ensure we include the types of policy reports our customers would want to see included.  Please let me know what types of rules you would like to see included in these default policy reports.  An example would be as follows:

      Business Logic - Show me all Cisco devices with public as a read only community string

      Syntax - snmp-server community public RO

      Please email comments to Haley_Oyler@Solarwinds.Net

      Thank you,
      Haley Oyler
        • Re: Policy Reporting
          irishjd

          Hi Haley,

          We are a Dept. of the Army shop, and as such have to comply with DISA Security Technical Implementation Guides (specifically the  Network STIG V7R1). Any chance that you guys could get with DISA and come up with compliance reports for the STIGs?

          Jon

            • Re: Policy Reporting

              I second Jon's request!!!  The policy reporter policies seem to aim at SOX requirements.  I would like to see policies checks applicable to goverment requirements (FISMA, DISCAP).  Policy compliance include; NSA/DISA Stigs, CIS at least for now.  We're currently having to use the CIS Router Auditor Tool (RAT) tool in order to provide compliance reports.   Any assistance would be greatly appreciated.  

                • Re: Policy Reporting
                  irishjd

                  Not to sound like I am begging (but I am ;-), is there any chance that the DoD/Government compliance reports (i.e. STIG, DIACAP, FISMA, etc.) will be added? We really, really, really need these compliance reports in our environment. Currently, the only way we can do these is manually (RAT works on the routers, but that is all). When you have several hundred devices to maintain, this becomes an unsurmountable task. Please add these compliance reports!

                  Jon

                    • Re: Policy Reporting

                      Has anyone had any luck transposing the DISA STIG's into NCM Policies & Rules? The reason I ask is, I am trying to do the same.

                      If anyone has had any success and would be willling to exchange rules, please let me know.

                       

                      Thanks,

                      Jeff :) 

                        • Re: Policy Reporting
                          irishjd

                          Unfortunately not, and I have not received any feedback from SW about my request to have it added. Now that SW is on the "approved software" list for DoD, I know that a lot of us DoD folks are probably using it. These reports would be a HUGE bennefit for us all!

                          Jon

                            • Re: Policy Reporting
                              chris.lapoint

                              We're absolutely looking at improvements to Policy Reporting in future releases.   In addition to more out of the box reports, we really want to give users the ability to share rules, policies, and reports they've written to help populate content more quickly.    If you have Policy Reports that you've already written that you'd be willing to share, please let me know.

                                • Re: Policy Reporting
                                  dmjcomputing

                                  Has anyone got an update on the Policy Reports for STIGs.  I am too looking for this feature.

                                    • Re: Policy Reporting
                                      irishjd

                                      One of these days, I am going to try to sit down and see what I can do. Unfortunately, regex has always baffled me, so I am not sure if I will have any luck or not. If I do get something working, I'll definitely post it here.

                                      Jon

                                        • Re: Policy Reporting
                                          dmjcomputing

                                          I would like to see some of these worked out.  I know everyone is busy doing other things, but regex also has baffled me.  I hope we can get some of these posted.

                                            • Re: Policy Reporting
                                              christineb

                                              Hi Dmjcomputing - policy reporting enhancements are top of the list of things we are working on right now. We plan to include all sorts of new features. I know you all have been asking for this for a while, and rest assured we are on it. 

                                              --C

                                                • Re: Policy Reporting

                                                  I know you say you're "working on it", which is good, but judging by the traffic here it seems to be moving slowly.

                                                   

                                                  In the meantime, a few comments:

                                                   

                                                  You include a number of canned "Policy Reports". I know these are probably intended just as *examples*, but that's not really clear. When you include rules that have hard-coded IP addresses, like for a syslog destination or an NTP server, they will of course always fail. If one has a manager who takes a look at the product, says "Oooh, compliance reports", then hits you up with hundreds of violations because in our environment, we are not actually logging to 10.10.10.1, or most of our devices are not in Central Standard Time, it's awkward.

                                                   

                                                  Oh, also, your NTP rules require Daylight Saving Time settings which have been obsolete for two years.

                                                    • Re: Policy Reporting
                                                      christineb

                                                      GeorgeK - thanks for your input. We're definitely working on enhancing the functionality - and I understand what you mean about updating the "out-of-the-box" rules and reports as well. We're on it. Thanks for your patience!

                                                      --Christine

                                                    • Re: Policy Reporting
                                                      darrell.gray

                                                      Hello, I work with General Dynamics. I have been trying to compile the DISA STIG into NCM with no luck and was wondering if you all have any new developements towards this?

                                                      Thanks

                                                      Darrell

                                                        • Re: Policy Reporting
                                                          christineb

                                                          Hi Darrell - we're in beta right now and should be approaching the RC phase quite soon. I will be reaching out to everyone on this thread to see if you would be interested in participating in the RC. 

                                                          --Christine

                                                            • Re: Policy Reporting
                                                              irishjd

                                                              Hi Christine,

                                                              Please count me in as well. Might I also suggest that you add IAVA compliance?

                                                              Jon

                                                                • Re: Policy Reporting
                                                                  christineb

                                                                  Hi Jon - are you wanting us to add the report, or just the ability to support those rules? Could you let me know what you're looking for so I can be sure we're tracking it correctly? 

                                                                  --Christine

                                                                    • Re: Policy Reporting
                                                                      irishjd

                                                                      A report would be great! IAVA's are alerts sent out to inform the DoD user community of security issues with software. Most of them are for programs and OS'es, but they do send them out for hardware as well. Specifically, we would be interested in IAVA compliance on our network equipment. Thus, if an IAVA was issued stating that all Cisco 2690 switches must be running IOS version x.x.x by date XYZ, we could run a report to see if any of our Cisco 2690's were not compliant. Does this make sense?

                                                                      Jon

                                                                  • Re: Policy Reporting
                                                                    darrell.gray

                                                                    That would be great! We have to go through an inspection once a year and its a pain to manually STIG 500+ devices.

                                                                     

                                                                    Thanks again

                                                                    Darrell

                                                                    • Re: Policy Reporting
                                                                      darrell.gray

                                                                      Dont meen to seem pushy, but we have an inspection coming up in a month and was wondering when the RC might be released?

                                                                      Thanks

                                                                      Darrell

                                                                        • Re: Policy Reporting
                                                                          christineb

                                                                          Hi Darrell - pushy only means you're looking forward to the next NCM and that's what we like to hear! I can't say exactly when, but what I can say is it's weeks, not months. I promise this thread will be the first to know when we reach RC phase. I'm sorry I can't give out exact dates, but you know how it is with public companies... lots of rules. 

                                                                          --Christine

                                                                            • Re: Policy Reporting
                                                                              darrell.gray

                                                                              Hello Christine, Any update on the release of NCM with the DISA Stig built in? Also, Could I possibly get a DISA Stig template I could load into my current NCM if the new release is going to be a while?

                                                                              Thanks

                                                                              Darrell

                                                  • Re: Policy Reporting
                                                    christineb

                                                    If there is anyone on this thread that is interested in joining the 6.1 RC - please send me a note. We are starting to provision it now. 

                                                    --Christine

                                                      • Re: Policy Reporting
                                                        irishjd

                                                        Hi Christine,

                                                        I was just doing some research and ran across something I was not aware of that relates to this. There are now multiple STIGs for different classes of devices and for which layer they are operating at. Most of them were just updated in October, and here is a listing off all of the Networking STIGs that are currently in effect:

                                                        Network Infrastructure STIG Version 8 Release Memo March 24, 2010196 KBPDF
                                                        Network Firewall Version 8, Release 4 Manual STIGOctober 29, 20102,075 KBZIP
                                                        Network L2 Switch Version 8, Release 4 Manual STIGOctober 29, 20102,050 KBZIP
                                                        Network IDS/IPS Version 8, Release 4 Manual STIGOctober 29, 20102,016 KBZIP
                                                        Network Infrastructure Router L3 Switch Version 8, Release 4 Manual STIGOctober 29, 20102,215 KBZIP
                                                        Network Other Devices Version 8, Release 4 Manual STIGOctober 29, 20102,020 KBZIP
                                                        Network Perimeter Router L3 Switch Version 8, Release 4 Manual STIGOctober 29, 20102,325 KBZIP
                                                        Network Policy Version 8, Release 4 Manual STIGOctober 29, 20102,050 KBZIP
                                                          • Re: Policy Reporting
                                                            christineb

                                                            Hi Jon - we're focusing on Cisco right now. However, we hope that with the new ability to share compliance content within the community, there will quickly be additions available. I would imagine that compliance reports might require some customization for each individual environment, no matter how comprehensive they are - so we focused on providing a good foundation and making the reports easy to build on. 

                                                            Once we get the report out - we'll definitely be listening for where we should focus enhancements.

                                                            --Christine

                                                        • Re: Policy Reporting
                                                          damiancbessemer

                                                          Hello,

                                                           

                                                          Is there a CIS compliant reporter?

                                                           

                                                          Thank You