Reports

Reports is a powerful reporting engine that provides insights across the enterprise to view residual risk from an infinite number of perspectives.

To access and navigate Reports:

1. Click Reports from the left menu; POAM Data is shown by default 
2. Click between POAM Data and Scan Data in the top menu; orange button indicates the active tab/data 
3. View report thumbnails
4. Hover over graph data for more information. 
5. View full reports of individual charts by clicking View Full Report or expanding the Dashboard menu to the left and selecting from the dropdown options

POAM Data Charts, Graphs, and Filters

POAM Data – Top Systems displays the top 10 systems that have the most vulnerabilities on POAMs.

POAM Data – Top Vulnerabilities displays the top 10 most prevalent vulnerabilities across multiple systems. By default, this represents the number of unique systems with this vulnerability.

Risk by System displays all the systems with vulnerabilities on POAMs.  

Risk Timeline displays risk fluctuation. The left side of the “Today” line represents actual change based upon opening/closing of POAM items whereas the right side of the “Today” line shows the expected risk closures based upon scheduled completion date (SCD).

Task Queue Summary displays the current responsibility of the vulnerabilities based upon roles.

Risk by Dependency shows the reasons why vulnerabilities are open.

Risk by IAVA/System displays the IAVAs that are open on a POAM for one or more systems.

Workload Distribution displays the total workload a user or group based upon their role (SA/ISSO/etc.).

POAM Data Filters

Click View Full Report or expand the Dashboard menu to select individual POAM Data charts. 

The Full Report allows you to view and filter the data to provide a more custom view. There are various filtering options, each allowing multi-selection of the filter value. The chart and the data displayed below the chart change as you alter the filters.

The Unique Systems dropdown allows you to view total number of unique vulnerabilities per system, cumulative vulnerabilities across assets, and vulnerabilities by assets. 

Examples:

• A system that is missing 1 update on each of the 5 servers would display as 1 unique vulnerability, 5 cumulative, and 5 assets.  
• A system that is missing 10 updates on 1 asset would display as 10 unique, 10 cumulative, and 1 asset.
• As system that is missing 10 updates on each of 5 servers would display as 10 unique, 50 cumulative, and 5 assets.

The second dropdown allows you to view Currently Vulnerable assets and Total on POAM, meaning all assets added to a POAM, including those that are remediated and no longer vulnerable. 

When filtering data: 

1. Enter filter criteria (varies by graph/report)
2. Click Apply Filters to view vulnerabilities  

Program Office filter options:

This filter allows users to view reports of specific program offices. The user can select one or multiple program offices.

System filter options:

This filter allows users to view reports of specific systems. The user can select one or multiple systems. Selecting a program offices will show all related systems by default in a report. Users will only have systems that are related to selected program offices as available filter options.

Status filter options:

• All: Other than Closed vulnerabilities 
• Open
• Closed
• Risk Acceptance Requested: Vulnerabilities requested for risk acceptance, but not yet accepted
• Risk Accepted
• Remediated, Pending Verification: Vulnerabilities that are remediated but awaiting review and closure

Severity filter options: 

• All 
• Category I: Associated with and equivalent to High STIG vulnerabilities
• Category II: Associated with and equivalent to Moderate STIG vulnerabilities
• Category III: Associated with and equivalent to Low STIG vulnerabilities
• Informational
• Very Low
• Low
• Moderate
• High
• Very High

Scheduled Completion Date (SCD) filter options:

• All 
• Past Due
• SCD within 30 days 
• SCD within 60 days 
• Custom Range

Dependency Category and Dependency Item filter options: 

Ryskview allows the user to assign each vulnerability to a Dependency, which is divided by larger categories.  Not all vulnerabilities are associated with a dependency, so this may not include all vulnerabilities on all POAMs. 

Note: You can only filter by Dependency Item if a Dependency Category is selected. 

Cascade Filters: The Cascade toggle allows the user to filter Systems by Program Office if authorized to view more than one Program Office.

Additional filters include:

• Role: Vulnerabilities assigned by roles
• User or group: Vulnerabilities assigned by specific users or groups
• IAVA
• Vulnerability ID
• Asset type

Customize and Save Report Filters

Report have the ability to filter the graph results and save those filter options. In the top right corner of the page, there is a drop down menu called saved filters. To save custom graphs, which you can do for each graph in the POAM and Scan Data Reports:

1. Apply the filters. 
2. Click Save Filters dropdown. 
3. Select ‘Save Current Filters’.
4. Create a title for the saved filter and select save.

Note: Select the Heart to make that filter the default.

To recall saved graphs:

1. Click Save Filters dropdown.
2. Click the saved graph by its title.

Export Data

Each graph offers an export option so you can obtain specific details, perform additional analysis, or send the information to a POC or vendor without access to Ryskview.

• CSV: an amenable format for further manipulation of the data; for example, once exported into a CSV, you can create a PivotTable for further analysis
• EMASS V1 POAM: eMASS standard POAM format for importing into eMASS

Scan Data Charts, Graphs, and Filters

Scan Data shows all vulnerabilities that are directly from the scans and have not been added to a POAM.  

Scan Data – Top Systems displays the Top 10 systems that have the most vulnerabilities. As this is limited to the Top 10 Systems, it does not show all the data for all the Systems.

Scan Data – Top Vulnerabilities displays the most prevalent vulnerabilities across multiple systems. By default, this shows the number of Unique Systems per vulnerability.

Scan Data – Risk by System displays all the systems with vulnerabilities.  

Scan Data- Risk Timeline displays risk fluctuation based upon scans. This is good for understanding patching cycle and whether the overall trend is up or down.

Scan Data – Risk by IAVA

Displays the total vulnerabilities broken down by IAVA.

To filter scan data, click View Full Report or expand the Dashboard menu to select individual Scan Data charts. 

The Full Report allows you to view and filter the data to provide a more custom view. There are various filtering options, each allowing multi-selection of the filter value. As you alter the filters, the chart and the data displayed below the chart change.

The filters that differ from the POAM Data filters include:

• Rysk Score: Slide to filter by Ryskview-assigned score ranges 
• Past Due without POAM: Displays vulnerabilities that are past due unless altered
• Last Seen: Filters a subset of vulnerabilities based upon the last time they were seen on a vulnerability scan