Rogue Report
Configuration Assurance
Last updated
Configuration Assurance
Last updated
The Rogue Report helps you see if you’re compliant with policies such as whether each user is using required software such as antivirus or vulnerability scanners. You might assume that each user is using these applications, but the reality is that there may be many places where you lack coverage. You can’t address these issues unless you know where you lack coverage.
Configuration Assurance leads to a reduction of risk, and ensures you are getting the most value from your investments in cybersecurity products.
The Rogue Report gives you a visual representation of what your coverage looks like based on the different data sources that are integrated into Epiphany, and helps you find devices that don't have the required applications installed.
In the left navigation menu, expand Asset Tools and then select Rogue Report.
The top area shows tiles representing each data source integrated into Epiphany.
The overlapping circles show your coverage. In the image below, you can see coverage for Windows Azure, Crowdstrike, and Tenable. The large area in the middle indicates devices covered by all three platforms. Roll your mouse over the circles and you can see circles indicating devices covered by only Windows Azure and Crowdstrike, and devices covered only by Windows AD and Tenable. If you look cloesly, you can see devices only covered by Windows Azure. Notice at the top of the image it shows the number of devices covered by each platform.
If you roll your mouse over each of the circles, text displays at the bottom of the circles indicating how many devices have coverage represented by each segment. In the image above, only 9 of the devices are covered by Windows Azure, CrowdStrike, and Tenable.
Ideally, all of the devices that are reporting into Windows Azure should also be reporting to Crowdstrike and Tenable - the circles should be sitting on top of each other to represent full and complete coverage.
This helps you understand the intersection of the Azure and Tenable datasets - in this example, only 15 devices are being reported by the two systems.
The tools on the Rogue Report page help you find out where the outliers are in order to identify gaps in compliance. You can drill down further into the dataset using the Host List and the Query Builder and use advanced searches following the information in the Search and Query Guidelines section.
The ideal state is where the populations of all data sources match - the circles completely overlap. The further the circles are apart, the more the datasets differ and the more devices have less than an optimal suite of products reporting their data.
In the data sources shown in tiles at the top, select View Detail to see a report of each user in the data source.
For example, in the windows_ad tile, select View Detail. The reports shows the name of each user using Windows AD, their operating system, and IP address. It also shows dates for when the data was acquired and when the data was last viewed.
You can modify the diagram further by selecting which products to compare using the filter below - for example to view only Azure and Tenable, remove the Crowdstrike option by clicking