4 Replies Latest reply on Dec 16, 2009 1:09 PM by tpbehm

    Founstone Reporting

    subhani

      Apparently foundstone has put all their weight in improved scanning techniques which is a good thing however its Ticket Management (remediation) as well other related reporting fuctions are very week .If I want to see a report that shows me How many Tickets are in Foundstone  per scan alongwith count by Ticket status i.e  If Windows Scan has 500 tickets out of which 300 are closed ,100 are auto-closd ,50 are false positive and 50 are ignored than I have to get this report manually .I can't get this data from foundstone as a predefined query or report whereas it is quite possible because it used an SQL database at the backend .My suggestions in this regards are

       

      a) Mcafee should Work on Foundstone Reporting from a Security Administrator point of view .See what kind of reports he will be needing on day to day basis .If they want ,they can open a thread here and we are willing to provide our feedback .

       

      b) Mcafee should also provide another feature where all the remediation tickets are consolidated and can be grouped by Vulnerability or by Server Or by Owner .Due to absense of any such feature ,one ends up having 50-100 tickets for one unpatched server and he has to update each ticket one by one .

       

      c) If a System Administrator has 300 High vulnerabilities due to a missing service pack and he has 300 tickets assigned ,he can't verify them in bulk .he has to open each ticket and verify it one by one .He should have the option to verify all of them in bulk and tickets should closed for which vuln. is verified .

        • 1. Re: Founstone Reporting

          Hi Shahzad,

           

          I expect your questions/concerns around Remediation are covered in the other thread on the subject:

           

          http://community.mcafee.com/message/104188#104188

           

          I welcome any further details around "Reporting" for consideration.

           

          -Cathy

          • 2. Re: Founstone Reporting
            subhani

            You are right .I put my comments first there however I thought that the particular discussion was closed so my points may go unnoticed .So I put them here again so that if any one else has some comments ,they can put it here as well . Will it be possible for you to explain the Specifications about the remediation improvement that is currently under progress.

            • 3. Re: Founstone Reporting
              subhani

              Here are a few things that I would like to be covered in Reporting .

               

              a) Apart from the Scan report , we should be able to generate the following reports .

               

                          1. Remediation Activity report ( how many tickets per scan were generated ,how many closed ,how many open ,how many false positive etc.)

                          2. Audit Report ( Stating the configuration change activities by FS Administrators)

                         3. Top 15 Vulnerable Machines from all data Or from an existing Scan (this one is available but as a part of full report)

               

               

              From functionality point of view .an Administrator should be able to do the following .

               

                       1. change the Tickets Status from assigned to closed Or whatever is applicable  in BULK

                       2. Verify if the Vuln. has been resolved ( again in bulk and without opening the ticket itself)

              • 4. Re: Founstone Reporting

                I also have few pain points with FS reporting. I see the product develop in many areas, but reporting seems not to follow the trend.

                 

                When creating custom reports (generate report), there are too few filtering options with some annoyances. E.g. it's not possible to report based on Windows domain, IP address field requires different IP format than scan configuration and there's no (convenient) way to tell the reporting that I want to see assets and/or vulnerabilities detected after a certain date.

                 

                //tb