Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

On this page:

Table of Contents


Info

Summary: This page provides instructions for configuring and using the Report Generation feature.

...

The Report Generation feature allows you to to generate reports on the fly direct from  from the CAST Security Dashboard interface. Various reports can be generated, however, some require some configuration before some configuration before they will work

Info

Changing the language in reports

From ≥ 2.8, reports can be generated in the following languages:

  • German
  • Italian
  • Spanish
  • French
  • Chinese

To ensure that reports are generated in one of these languages, ensure that the Dashboard is localized to the chosen language using the User > Change Language menu, then generate a report. Some of the items in the generated reports will then be in the chosen language:

Image Added 

Accessing the Report Generation feature

From the Side Menu bar, click the following icon:

Image RemovedImage Added

Available report categories

Various Following types of report categories are available:Image Removed

CategorySame format as the associated CAST Report Generator templates.(tick)

Available reports include:

Image Removed

CategoryReleaseEnabled by default?CAST Report Generator for Dashboards required?Additional configuration required?Output formatAvailable reports
Security Reports(tick)(tick)(tick) See section below.≥ 2.8(tick) (error)(error) PDF

Image Added

≥ 2.7(tick)(error)(error)PDF

Available reports include:

Image Modified

Info
Note that the default list of reports can be customized.
Industry Compliance Reports(tick)(tick)


≤ 2.6(tick)(tick)(tick) See section below.Same format as the associated CAST Report Generator templates.
Info
Note that the default list of reports can be customized.

Miscellaneous Reports 

(tick)(error)(error)

Miscellaneous Reports 

≥ 2.8(tick)(error)(error)

PDF

Image Added

≤ 2.7(tick)(error)(error)

Inline in the browser

Can be downloaded in Excel format.

Available reports include:

Image Modified

Custom

Reports (error)(tick)(tick)

Reports

≥ 2.7Not available.≤ 2.6(error)(tick)(tick) See section below.Same format as the associated CAST Report Generator templates.This category enables you to define your own custom reports via CAST Report Generator templates.

Security and Industry Compliance Reports

...

  • CISQ
  • CWE
  • OWASP
  • STIG (Security Technical Implementation Guide)
  • PCI (Payment Card Industry)
  • NIST (National Institute of Standards and Technology)
  • OMG (Object Management Group)
Info

CISQ reports are removed (in versions ≥ 2.4.0) from the default report list.

Configuration process

Anchor
config1
config1

...

≥ 2.7

When using ≥ 2.7 no additional configuration is required as all reports are generated by the dashboard in PDF format.

Info

Templates (in .json format) are stored in the Dashboard installation files in the "config/templates" folder within the installed "data" location:

Image Added

≤ 2.6

These reports are based on templates provided with CAST Report Generator and therefore CAST Report Generator for Dashboards (v. ≥ 1.109.0) must be present on the server hosting running Apache Tomcat in hosting your Security Dashboard in order for the reports to function. Some additional configuration is also required as explained below.Assuming In addition the report.properties file in your deployed Dashboard must be modified. See Report Generation configuration and CAST Report Generator - CAST Report Generator for Dashboards is present on the host machine, the next step is to configure the dashboard. Edit the following file with a text editor:

Code Block
languagetext
%CATALINA_HOME%\webapps\CAST-Security\WEB-INF\report.properties

Find the following options and modify as explained below:

Code Block
languagetext
# Set the Report Generator path
# If this variable is not set then the document generation is considered as disabled.
# The path is probably something such as (Linux/Windows):
#report.reportGenerator=dotnet /opt/report-generator/CastReporting.Console.Core.dll 
#report.reportGenerator=dotnet c:\\ReportGenerator\\CastReporting.Console.Core.dll

# Set the directory of reports
#report.directory=/tmp/reports
#report.directory=c:\\temp\\reports

# Set the current Web Service URL. The current REST API called back by the Report Generator.
report.webServiceURL=http://localhost:8888/CAST-RESTAPI/rest

...

report.reportGenerator=dotnet

Add a new line pointing to the location of the CastReporting.Console.Core.dll (part of CAST Report Generator for Dashboards) on the server hosting Apache Tomcat. You can also uncomment and modify an example line. For example:

Code Block
languagetext
report.reportGenerator=dotnet c:\\ReportGeneratorforDashboards\\CastReporting.Console.Core.dll
Note
Note that the path to CastReporting.Console.Core.dll when using Microsoft Windows must always use double back slashes (\\) or single forward slashes (/) - the single back slash (\) is not valid.

...

report.directory=

Add a new line pointing to the temporary folder where the reports will be generated on the server hosting Apache Tomcat. You can also uncomment and modify an example line. For example:

Code Block
languagetext
report.directory=c:\\temp\\reports
Note

Note that:

  • the path to the temporary folder when using Microsoft Windows, must always use double back slashes (\\) or single forward slashes (/) - the single back slash (\) is not valid.
  • The user that Apache Tomcat is running as must have read/write access to this location. In Linux environments, typically the "rw-" permission is sufficient.

...

report.webServiceURL=

Modify the existing line to point to the RestAPI in your CAST Security Dashboard deployment. This is used by the CAST Report Generator for Dashboards. For example:

Code Block
languagetext
report.webServiceURL=http://<server>:<port>/<dashboard>/rest

Generation process

Choose a report type from the  Security Reports or Industry Compliance Reports category and click the Generate Report button:

Image Removed for more detailed instructions about the configuration process.

Generation process

Choose a report type from the  Security Reports and click the Generate Report button:

Version 2.8

Image Added

Version ≤ 2.7

Image Added

The report file name should contain the:

  • application name
  • snapshot version
  • report type

For example: MEUDON_NEW-Snapshot-2022-07-07T12-02-59-ISO-5055 Compliance Report.pdf (MEUDON is an Application name).

Behaviour in ≥ 2.8 

Below screen is displayed with an option to select the REPORT CATEGORY: Security or Miscellaneous.

Image Added


Info

Reports can be sorted and searched using the options: REPORT TYPE ^ and Search.

Image Added

Clicking the GENERATE button will display the below screen with the following message: Report generation started in new window (allowing you to continue using Security Dashboard while the report is being generated as explained in Behaviour in ≥ 2.7 releases):

Image Added

Behaviour in ≥ 2.7 releases

A new tab will be opened in your browser (allowing you to continue using Security Dashboard while the report is being generated):

Image Added

The report will be generated in PDF format and auto downloaded to the default "downloads" folder used by your browser:

Image Added

If the generation fails, a message is displayed:

Image Added

Behaviour in ≤ 2.6 releases

The report will be generated and auto downloaded with to the default "downloads" folder used by your browser. Reports are generated using the same format as the associated CAST Report Generator templates. The report file name should contain the:

  • application name
  • snapshot version
  • report type

For example: MEUDON-Computed on 201903061327-OWASP-2017-Top10 - Summary.docx (MEUDON is an Application name).

A  A notification message is displayed when the report is generated:

...

If the report fails to generate, a notification is also displayed with the error message. Please refer this page about error messages handling: Report Service - 1.9.0.

This example shows that CAST Report Generator for Dashboards has not been configured:

...

This category provides reports that can easily show where the biggest changes in violations between snapshots have occurred:

In versions ≥ 2.8 

Image Added

Info

The options available for Miscellaneous Reports and their behaviour remain same for version 2.8 as in versions ≤ 2.7.

In versions ≤ 2.7 

These reports are provided inline in the browser and do not require CAST Report Generator for Dashboards nor any additional configuration

These reports are provided inline in the browser and do not require CAST Report Generator for Dashboards nor any additional configuration. Reports can be downloaded in Excel format:

...

Drill down to violation source code is also possible for some reports:

Report options

The following options are available for Miscellaneous Reports:

CategoryReleaseDetails
Filter on Health Measure

Version 2.8

REPORT TYPE can be sorted using the button "^". Search option helps to find a specific report type. For some reports it is possible to filter results on a specific Health Measure. By default, the TQI measure will be active, but it is possible to choose a different measure if necessary:

Image Added

Versions ≤ 2.7

For some reports it is possible to filter results on a specific Health Measure. By default, the TQI measure will be active, but it is possible to choose a different measure if necessary:

Image Added

Info
Note that not all reports can be filtered in this way.


Download reports

Version 2.8

Report results can be downloaded in Excel format:

Image Added

Versions ≤ 2.7

Report results can be downloaded in Excel format:

Image Added

Critical flag

Version 2.8

Indicates whether the related rule is critical or not:

Image Added

Versions ≤ 2.7

Indicates whether the related rule is critical or not:

Image Added

Image Added

All versions

Click to drill down to violation's source code (not available in all reports).

Image Added

Click to drill down to the selected object and view it in the Application Investigation view.

Custom Reports

Info

In ≥ 2.7, the option to generate Custom Reports using CAST Report Generator for Dashboards has been removed.

This category enables you to define your own custom reports via CAST Report Generator templates. The category is disabled by default (i.e. it does not contain any report templates). The templates you want to generate must be present on the server hosting Apache Tomcat in the "Templates" sub folder of your CAST Report Generator for Dashboards deployment location.

Anchor
config2
config2
Adding custom reports

...

Code Block
languagetext
%CATALINA_HOME%\webapps\CAST-Security\security\resources\ced.json
For v.≥ 1.18: CATALINA_HOME\webapps\CAST-Security\security\resources\ed.json

Find the following configuration section:

...

Code Block
languagetext
%CATALINA_HOME%\webapps\CAST-Security\engineering\resources\ced.json
For v.≥ 1.18: CATALINA_HOME\webapps\CAST-Engineering\engineering\resources\ed.json

Find the following configuration section:

...