The admin user has access to all query builders and default reports. The admin role allows access to the default CAS reports, but not to the CAS query builders. The cas role allows access to both the default CAS reports and the query builders.
This section describes how to access the CAS Query Builders from the administrator and user portals. It does not cover how to use the query builders or report builders, please see Queries or Reports for additional assistance.
From the administrator portal:
Click on the Tools tab
Click on the Report Building tab
Select one of the following menu items from the left hand column menu
CAS Changes Tracking
CAS Host History Tracking
CAS Config Tracking
CAS Templates Tracking
From the user portal:
Click on the Assess/Harden tab.
You will be taken to another panel where a new lower set of tabs will be displayed for the Assess/Harden process flow.
Click on the Config. Change Control tab.
Select one of the following items in the process flow
Track CAS Results or CAS results tracking builder
Track changes to CAS configuration or CAS config. tracking builder
From the administrator portal:
Click on the TAP Monitor tab
Click on the CAS tab
Select one of the following CAS reporting domains from the left hand column menu
Changes
Host History
Configuration
Templates
From the user portal:
Click on the Assess/Harden tab.
You will be taken to another panel where a new lower set of tabs will be displayed for the Assess/Harden process flow.
Click on the Change Reports tab.
Select one of the following CAS reporting domains from the left hand column menu
Changes
Host History
Configuration
Templates
For each of the CAS reporting domains described in the table below, the following sections describe the entities (template items), attributes and default reports.
CAS Reporting Domains
|
Domain |
Description |
|
Track CAS template definitions. Templates identify items to be monitored for changes. Monitored items can be files, environment or registry variables, OS or SQL script output sets, or the set of logged on users. | |
|
Tracks CAS host configurations, where a configuration is the application of one or more template sets to a specific database server host. From configuration instances you can see which items within template sets are enabled or disabled, or exactly which files are selected and monitored (or not) by file name pattern templates. | |
|
Tracks CAS host events (server down, client up, etc.) | |
|
Tracks changes to monitored items (files, registry variables, etc.) |
The CAS Templates domain tracks CAS templates.
CAS Templates Domain Entities
|
Entity |
Description |
|
Template Set |
Describes a template set definition |
|
Template |
Describes a template item within a template set |
A Template Set entity is created for each template set, which is a set of template items for a particular operating system or database.
Template Set Entity Attributes
|
Attribute |
Description |
|
Template Set Id |
A unique identifier for the template set, numbered sequentially |
|
OS Type |
Operating system: Unix or Windows |
|
DB Type |
Database Type: Oracle, MS-SQL, DB2, Sybase, Informix, or N/A for an operating system template |
|
Template Set Name |
The template name |
|
IsDefault |
Indicates whether or not this template is the default for the specified OS Type and DB Type combination |
|
Editable |
Indicates whether or not this template can be modified. The default Guardium templates cannot be modified. In addition once a template set has been used in a CAS instance, it cannot be modified. In any case, a template set can always be cloned and the cloned set can be modified |
|
Timestamp |
Date and time the template was last updated |
A template entity is created for each template item within a template set.
Template Entity Attributes
|
Attribute |
Description |
|
Template Id |
A unique identifier for the item template within the set of all item templates |
|
Access Name |
Depending on the Audit Type, this is the OS or SQL script, environment or registry value, or a file name or a file name pattern |
|
Audit Type |
The type of monitored item |
|
Audit Frequency (Min) |
The maximum interval (in minutes) between tests |
|
Use MD5 |
Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked. |
|
Save Data |
Indicates if the Keep data checkbox has been marked. If so, previous versions of the item can be compared with the current version |
|
Description |
Optional description of the template |
|
Timestamp |
Date and time this template was last updted |
|
Defaulte Report |
Description |
|
CAS Templates Report |
Lists CAS templates |
This report lists CAS templates. By default, all template items are listed. You can limit the output by using any of the following runtime parameters, all of which select all values by default.
Runtime Parameters
|
Entity |
Attribute |
Operator |
Default Value |
|
Template |
Access_Name |
Like |
% |
|
Template Set |
Template_Set_Name |
Like |
% |
|
Template |
Audit_Type |
Like |
% |
The CAS Config domain tracks CAS Instances and their association to the various host as well as which CAS Items are enabled or disabled.
CAS Config Domain Entities
|
Entity |
Description |
|
Host |
Identifies a CAS host (a database server) and the curent status of CAS (online/offline). This entity is also available in the CAS Host History domain |
|
Instance Config |
For each host, an Instance Config entry describes a CAS instance, which contains database connection parameters (if needed) and identifies the template set used by the instance. It provides current status of the instance (in use, enabled, or disabled) and the date of the last revision |
|
Monitored Item Details |
Identifies an item (a file or an environment variable, for example) monitored by a CAS instance. It contains the item definition and indicates whether or not the item is enabled |
A Host entity is created the first time that CAS is seen on a database server host. It is updated each time that the online/offline status changes.
Host Entity Attributes
|
Attribute |
Description |
|
Host Name |
Database server host name (may display as IP address) |
|
OS Type |
Operating system: UNIX or WIN |
|
Is Online |
Online status (Yes/No) when record was written |
|
|
|
An Instance Config entity is created each time that an instance configuration is defined. This entity defines how the CAS instance connects to the database (if necessary), and identifies the template set used by the instance. It provides current status of the instance (in use, enabled, or disabled) and the date of the last revision.
Instance Config Entity Attributes
|
Attribute |
Description |
|
DB Type |
Database type: Oracle, MS-SQL, DB2, Sybase, Informix; or N/A for an operating system instance |
|
Instance |
The name of the instance |
|
User |
The user name that CAS uses to log onto the database; or N/A for an operating system instance. |
|
Port |
The port number CAS uses to connect to the database; or empty for an operating system instance |
|
DB Home Dir |
The home directory for the database; or empty for an operating system instance |
|
Template Set Id |
Identifies the template set used by this instance |
|
Status |
In Use, Enabled, or Disabled |
|
Last Status Change |
Timestamp for the last status change |
|
Last Status Change Date |
Date for the last status change |
|
Last Status Change Time |
Time for the last status change |
|
Last Status Change Weekday |
Weekday for the last status change |
A Monitored Item Details entity is created for each monitored item in a CAS instance.
Monitored Item Details Entity Attributes
|
Attribute |
Description |
|
Template ID |
Identifies the item template for this monitored item |
|
Monitored Item |
Depending on the Audit Type, this is the OS or SQL script, environment, or registry variable, or file name. Regarding a file pattern defined in an item template, there will be a separate monitored item detail entity for each file that matches the pattern, but there is no monitored item details entity for the file pattern itself. If a file pattern is used, it is always available in the Template Content attribute. |
|
Audit Type |
Type of monitored item: OS Script or SQL Script: The actual text or the path to an operating system or SQL script, whose output will be compared with the output produced the next time it runs Environment Variable or Registry Variable: An environment variable or a (Windows) registry variable File: A specific file or a pattern to identify a set of files |
|
Enabled |
Indicates whether or not the template is enabled |
|
In Synch |
Indicates whether or not the template item definition on the server matches the template item definition on the CAS host |
|
Audit Frequency |
The maximum interval at which the item is to be tested |
|
Use MD5 |
Indicates whether or not the comparison is done by calculating a checksum using the MD5 algorithm and comparing that value with the value calculated the last time the item was checked. The default is to not use MD5. If MD5 is used but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison will be skipped. Regardless of whether or not MD5 is used, both the current value of the last modified timestamp for the item and the size of the item are compared with the values saved the last time the item was checked. |
|
Save Data |
When marked, previous version of the item can be compared with the current version |
|
Description |
Optional description of the instance |
|
Template Content |
The template entry that is the basis for this monitored item, set from the Template entity Access Name attribute when the instance was created. Typically this will be the same as the monitored item, but in the case where a file pattern was used in the template, this will be the file pattern |
|
Default Report |
Description |
|
CAS Instances |
Lists CAS instances |
|
CAS Instance Config |
Lists CAS instance configuration changes |
This report lists CAS instance definitions (a CAS instance applies a template set to a specific CAS host). The default sort order for this report is non-standard. The sort keys are, from major to minor: Host Name (ascending), Instance (ascending) and Last Status Change (descending). You can limit the output by using any of the following runtime parameters, which select all values by default.
Runtime Parameters
|
Entity |
Attribute |
Operator |
Default Value |
|
Host |
Host_Name |
Like |
% |
|
Host |
OS_Type |
Like |
% |
|
Instance Config |
DB_Type |
Like |
% |
|
Instance Config |
Instance |
Like |
% |
This report lists CAS instance configuration changes. The default sort order for this report is non-standard. The sort keys are, from major to minor: Host Name (ascending), Instance (ascending) and Last Status Change (descending). You can limit the output by using any of the following runtime parameters, which select all values by default.
Runtime Parameters
|
Entity |
Attribute |
Operator |
Default Value |
|
Host |
Host_Name |
Like |
% |
|
Host |
OS_Type |
Like |
% |
|
Monitored Item Details |
Template_Id |
Like |
% |
|
Report |
Description |
|
Report Details |
Displays the monitored items included in the count of monitored item column |
The CAS Host History domain tracks CAS host events (Client up, Server down, etc).
CAS Host History Domain Entities
|
Entity List |
Domain Description |
|
Host |
Identifies a CAS host (a database server) and the current status of CAS (online/offline). This entity is also available in the CAS Config domain |
|
Host Event |
Date and time of an event in the CAS client/server relationship (Client up, server down, etc.). |
A single (CAS) host entity is created the first time that the named host is seen. It is updated each time that the online/offline status changes. This entity is also available in the CAS Config domain.
Host Entity Attributes
|
Attribute |
Description |
|
Host Name |
Database server host name |
|
OS Type |
Operating system: Unix or Windows |
|
Is Online |
Current online status (Yes/No) |
A host event entity is created each time an event is detected or signaled (see the event types, below).
Host Event Entity Attributes
|
Attribute |
Description | ||||||||||||
|
Event Time |
Date and time that the event was recoreded | ||||||||||||
|
Event Type |
Identifies the event being recorded:
|
|
Default Report |
Description |
|
CAS Host History Report |
Lists CAS events for each CAS host |
This report lists CAS host events. The default sort order for this report is non-standard. The sort keys are, from major to minor: Host Name (ascending), Instance and Event Time (descending). You can limit the output by using any of the following runtime parameters, which select all values by default.
Runtime Parameters
|
Entity |
Attribute |
Operator |
Default Value |
|
Host |
Host_Name |
Like |
% |
|
Host |
OS_Type |
Like |
% |
|
Host Event |
Event_Type |
Like |
% |
The CAS Changes domain records changes to monitored items.
CAS Changes Domain Entities
|
Entity |
Description |
|
Monitored Changes |
Created each time a monitored item changes |
|
Host Configuration |
Identifies a monitored item within the CAS instance |
|
Saved Data |
Contains saved data for the change |
This entity is created each time a monitored item changes. It identifies the monitored item within the CAS instance, and points to the saved data for the change.
Monitored Changes Entity Attributes
|
Attribute |
Description | ||||
|
Change Identifier |
Unique identifier for the change | ||||
|
Sample Time |
Timestamp (date and time on host) that sample was taken | ||||
|
Saved Data Id |
Identifies the Saved Data entity for this change | ||||
|
Audit State Label Id |
Identifies the Host Configuration entity for this change | ||||
|
Timestamp |
Date and time this change record was created on the server (Guardium appliance server clock) | ||||
|
Owner |
Unix only. If the item type is a file, the file owner | ||||
|
Permissions |
Unix only. If the item type is a file, the file permissions | ||||
|
Size |
File size, but there are special values as follows:
| ||||
|
Last Modified |
Timestamp for the last modification, taken from the file system at the sample time | ||||
|
Last Modified Date |
Date for the last modification | ||||
|
Last Modified Time |
Time for the last modification | ||||
|
Last Modified Weekday |
Day of week for the last modification | ||||
|
Last Modified Year |
Year for the last modification | ||||
|
Group |
Unix only. If the item type is a file, the group owner |
A Host Configuration entity is created for each item in a CAS instance.
Host Configuration Entity Attributes
|
Attribute |
Description |
|
Audit State Label Id |
Unique numeric identifier for the configuration item |
|
Host Name |
Database server host name or IP address |
|
OS Type |
Operating sytsem: Unix or Windows. |
|
DB Type |
Database type: Oracle, MS-SQL, DB2, Sybase, Informix, or N/A if the change is to an operating system instance |
|
Instance Name |
Name of the template set instance |
|
Type |
Type of monitored item that changed. OS Script or SQL Script: A change triggered by the OS script contained in the monitored item template definition. Environment Variable: An environment variable (Unix only) Registry Variable: A registry variable (Windows only) File: A specific file. There is no host configuration entity for a file pattern defined in the template set used by the instance. Instead, there is a separate host configuration entity for each file that matches the pattern. |
|
Monitored Item |
The name of the changed item, from the Description (if entered), otherwise a default name depending on the Type (a file anme, for example). |
A Saved Data entity is created each time a change is detected for an item being monitored, if the Keep data box is marked for that item in the item template definition.
Saved Data Entity Attributes
|
Attribute |
Description |
|
Saved Data Id |
Unique numeric identifier for the saved data item |
|
Saved Data |
The actual data saved |
|
Timestamp |
Timestamp for when the saved data entity was recorded in the server database |
|
Change Identifier |
Identifies the monitored changes entity for this saved data entity |
|
Default Report |
Description |
|
CAS Change Details |
For each monitored item, lists changes by owner |
|
CAS Saved Data |
For monitored items with the optional Keep data box checked, lists the data for each changed detected |
For each monitored item, the changes are listed in order by owner. You can limit the output by using the following runtime parameter, which selects all values by default.
Runtime Parameters
|
Entity |
Attribute |
Operator |
Default Value |
|
Host Configuration |
DB_Type |
Like |
% |
|
Host Configuration |
Host_Name |
Like |
% |
|
Host Configuration |
Instance_Name |
Like |
% |
|
Host Configuration |
Monitored_Item |
Like |
% |
|
Host Configuration |
OS_Type |
Like |
% |
|
Host Configuration |
Type |
Like |
% |
|
Report |
Description |
|
Record Details |
Displays the saved data included in the Count of Saved Data column |
For monitored items with the optional Keep data box checked, this report lists the data saved for each change detected. This report is sorted by host name, and then by the most recent modification time. You can limit the output by using the following runtime parameters, each of which by default selects all values.
Runtime Parameters
|
Entity |
Attribute |
Operator |
Default Value |
|
Host Configuration |
Host_Name |
Like |
% |
|
Host Configuration |
Monitored_Item |
Like |
% |
|
Monitored Changes |
Saved_Data_Id |
Like |
% |
|
Report |
Description |
|
View Difference |
Displays the difference between the selected data and prior version |