Generic selectors
Exact matches only
Search in title
Search in content
post
page
How can we help?
Print

Workspace Reports

NP-View provide reports that present network information related to the open workspace.  These reports are available to all users and can be accessed from the main menu. All of the reports are continuous scroll and can be searched by table or column. Searches can be combined between the table and columns.

 

Access rules

This report provides a summary of all device rules loaded into the workspace.

  • Action: (RULE_ACTION) Permit or deny.
  • Application: (RULE_APPLICAITON) Filtered application name associated with the rule (only for next-gen firewall).
  • Bindings (ACL): (RULE_ACL) Name of the access list under which the rule is defined.
  • Description: (RULE_DESCRIPTION) Remarks from configs associated with rules.
  • Details: Links to the config file and connectivity path table for the selected rule.
  • Destination: (RULE_DESTINATION) Object group destination for the rule.
  • Device: (RULE_DEVICE) Device host name as defined in a configuration file.
  • Dst Binding: (RULE_DST_BINDING) Outbound interface to which the rule is bound.
  • Dst Criticality: RULE_DST_CRIT) Criticality of the object group destination (or the parent zone containing the object group destination) as defined by the user on the topology map.
  • Enabled: (RULE_ENABLED) Rule is enabled (True / False).
  • Hit Count: (RULE_ACL_HITS) Number of times the ACL was accessed (only implemented for Cisco so far and requires importing logs).
  • Line #: Line number(s) in the configuration text file where the rule can be found.
  • Risk: (RULE_RISK_DESC) Compliance or security risk associated with rule based on NP and user defined policies / requirements.
  • Risk Criticality: (RULE_RISK_CRIT) Criticality assigned by the triggered rule.
  • Rule: (RULE_NAME) Name of the rule found in the configuration. If the rule doesn't have a name, the value is RULE_X where X is the rule index.
  • Src Binding: (RULE_SRC_BINDING) Inbound interface to which the rule is bound.
  • Service: (RULE_SERVICE) Object group service associated with the rule.
  • Source: (RULE_SOURCE) Object group source for the rule.
  • Src Criticality: (RULE_SRC_CRIT) Criticality of the object group source (or the parent zone containing the object group source) as defined by the user on the topology map.
  • Type: (RULE_TYPE) Type of rule (regular or VPN).
  • User: (RULE_USER) Filtered user name associated with the rule.
  • + Comment: (RULE_COMMENT_AUTHOR, RULE_COMMENT_CRITICALITY, RULE_COMMENT_DESCRIPTION) Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each asset

A rule with a strikethrough shows that the rule is disabled. It is based on the parsed field “enabled” that can be either “true” or “false”. Columns can be displayed or hidden using the feature in the upper right corner of the report.

By clicking on +, additional details for each rule is presented including: User-defined comment (justification) and justification tag, Click on the +Add to add a new comment or the trash can to delete a comment.

Access rules are uniquely tagged within NP-View for linkage to comments and risks.  The tag is created using a hash of the below fields.  If any of these fields change, the rule ID will change and previously linked comments and risks will no longer be associated with this rule.

  • Action
  • Application
  • Binding (ACL)
  • Dst Binding
  • direction
  • Enabled
  • scope
  • Service
  • Src Binding
  • Type

Asset inventory

This report provides a summary of all assets loaded into the workspace including: Firewalls, Routers, Switches, Gateways and Hosts.

  • Alias: List of alternative names identified in configuration(s), separated by ":".
  • Category: User assigned category from the topology map.
  • Created At: Time and date when the device was added to the workspace.
  • Created By: Files used to create the device or host.
  • Criticality: User assigned criticality from the topology map.
  • Description: Description from the configuration file if available.
  • IP address: IP address of the device, gateway, or host.
  • Label: Initially mirroring the Name field but can be changed by the user on the topology map and represented in this field.
  • Name: Device host name as defined in a configuration file.
  • OS: Host operating system derived from third party data files,
  • Services: Host services derived from third party data files,
  • Type: Device type; firewall, router, switch, gateway, host, unmapped host.
  • Updated At: Time and date when the device was last updated (configuration change).
  • Updated By: Type of file used to update the device.
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each asset.

If an IP address is displayed as 0.0.0.0 this device has an IP address assigned by DHCP and while the device was detected, an IP address could not be extracted.

Unmapped hosts have enough information for identification but not for mapping purposes on the topology map.

 

Object groups

Object groups classify users, devices, or protocols into “groups” and apply those groups to access control lists (ACLs) to create access control policies for those groups.  This report provides a summary of network ACL object groups including:  Host IP addresses,  network address of group members, and nested object groups.

  • Name: (OBJECT_NAME) Name of the object group which may include:
    • Any IP address--includes a range from 0.0.0.0 to 255.255.255.255
    • Host IP addresses
    • Hostnames
    • Other network object groups
    • Ranges of IP addresses
    • Subnets
  • Origin: (OBJECT_ORIGIN) Name of the device containing the object definition
  • Type: (OBJECT_TYPE) Address, Service, Zone or Protocol
  • Value: (OBJECT_VALUE) Content of the object group
  • Unused Status: (OBJECT_STATUS) Cisco status column for if the rule is unused.  true = unused.
  • + Comment: (OBJECT_COMMENT, OBJECT_CRITICALITY, OBJECT_DESCRIPTION) Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each ass

 

Risks & Warnings

When a potential risk or warning is identified, it is logged in the “Risks and Warnings” table with a time and date stamp. Each potential risk is assigned a “type” (Risk or Warning) and a Criticality (High, Medium, Low) based on the active policies in the Policy manager. Additionally, the device name and a description of the infraction is listed with the status (New, Confirmed, Resolved, False Positive, Will Not Fix or Fixed).

Risk & Warning Status and Life Cycle

For new risks or warnings, the expectation is that the user will review each item, determine if the issue needs to be addressed and they can manually change the action status accordingly.

  • confirmed: new risks or warnings that are acknowledged by the user as a valid problem to address
  • resolved: risks or warnings that are closed because the problem has been addressed
  • false positive: risks or warnings that are closed because they are not a valid problem to address
  • will not fix: risks or warnings that are closed because it was decided to not address them

Upon subsequent network updates, the system will adjust the status if required. For example:

  • If the user marks a risk as Resolved and upon the next network update the risk is still identified, the status will automatically be changed to Confirmed.
  • If upon the next network update the risk is no longer identified, the status will be changed to Fixed. Fixed items are removed from the list after a period of 7 days.

  • Time: (RISKWARNING_TIMESTAMP) Date and Time the potential risk was identified:
  • Type: (RISKWARNING_TYPE) Risk or Warning.
  • Criticality: (RISKWARNING_CRITICALITY) High, Medium or low as defined by the identifying policy and requirements.
  • Workspace: (RISKWARNING_WORKSPACE) Name of the workspace containing the potential risk or warning.
  • Device: (RISKWARNING_DEVICE) Name of the device containing the potential risk or warning.
  • Description: (RISKWARNING_DESCRIPTION) Description of the potential risk or warning.
  • Status: (RISKWARNING_STATUA) Current status as defined above.
  • Action: Action options as defined above.
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each asset

 

Time Series Comparison

Several of the reports have a time series comparison function which can be activated by clicking the “Compare” button which is displayed at the top of the page. This function is used to compare changes over a period of days.

The user can select a time frame (7, 30, 90 or 356 days or a custom day span). The user can select one or more devices to include in the report and then show the comparison. The comparison function uses the state of the configuration as of 23:59.99 for the selected days.  If compared to the current day, the current configuration at the time the report is run will be used.

Once the parameters are selected, the “Show Comparison” button should be selected.

The data will be displayed using the format of the selected table. The user can filter on added, removed or unchanged rules. Added rules will be highlighted in green, removed rules will be highlighted in red and unchanged rules will be highlighted in light blue.

Clicking the “Compare” button will clear the selections and reset the table.

 

Conditional Formatting

The reports use highlighting to help the user quickly identify important information.  The highlighting is controlled by the Table Highlight tab under the Policy manager function.

Default highlighting requirements have been provided and each can be viewed by selecting a requirement from the list. An example is below:

Policies and Requirements are global in nature and changes made when within one workspace apply to all workspaces.  For example, if a Policy, Requirement or Device is deactivated in one workspace, that update applies to all workspaces. Default policies and requirements can be “Enabled or Disabled” by clicking the blue bubble and “Run” by clicking the “Run” button. Default policies and requirements cannot be edited or deleted.

When comments are added to any table and assigned a criticality, the Comment Count columns will display the number of comments for each table row and the cell color will reflect the highest criticality comment. High = Red, Medium = Orange, Low = Blue.

 

Rule Name Text Match Action
Rule Destination - High Dst Criticality = High 'Destination' cell = Red, Text = White
Rule Destination - Low Dst Criticality = Low 'Destination' cell = Blue, Text = Black
Rule Destination - Medium Dst Criticality = Medium 'Destination' cell = Orange, Text = Black
Rule Destination - Untrusted Dst Criticality = Untrusted 'Destination' cell = Gray, Text = Black
Rule Destination Binding - High Dst Binding = High 'Dst Binding' cell = Red, Text = White
Rule Destination Binding- Low Dst Binding = Low 'Dst Binding' cell = Blue, Text = Black
Rule Destination Binding - Medium Dst Binding = Medium 'Dst Binding' cell = Orange, Text = Black
Rule Destination Criticality - High Dst Criticality = High 'Dst Criticality' cell = Red, Text = White
Rule Destination Criticality- Low Dst Criticality = Low 'Dst Criticality' cell = Blue, Text = Black
Rule Destination Criticality - Medium Dst Criticality = Medium 'Dst Criticality' cell = Orange, Text = Black
Rule Risk - High Risk Criticality = High 'Risk' cell = White, Text = Red
Rule Risk - Low Risk Criticality = Low 'Risk' cell = White, Text = Blue
Rule Risk - Medium Risk Criticality = Medium 'Risk' cell = White, Text = Orange
Rule Risk Criticality - High Risk Criticality = High 'Risk Criticality' cell = Red, Text = White
Rule Risk Criticality - Low Risk Criticality = Low 'Risk Criticality' cell = Blue, Text = Black
Rule Risk Criticality - Medium Risk Criticality = Medium 'Risk Criticality' cell = Orange, Text = Black
Rule Source - High Src Criticality = High 'Source' cell = Red, Text = White
Rule Source - Low Src Criticality = Low 'Source' cell = Blue, Text = Black
Rule Source - Medium Src Criticality = Medium 'Source' cell = Orange, Text = Black
Rule Source - Untrusted Src Criticality = Untrusted 'Source' cell = Gray, Text = Black
Rule Source Binding- High Src Criticality = High 'Src Binding' cell = Red, Text = White
Rule Source Binding - Low Src Criticality = Low 'Src Binding' cell = Blue, Text = Black
Rule Source Binding - Medium Src Criticality = Medium 'Src Binding' cell = Orange, Text = Black
Rule Source Binding - Untrusted Src Criticality = Untrusted 'Src Binding' cell = Gray, Text = Black
Rule Source Criticality - High Src Criticality = High 'Src Criticality' cell = Red, Text = White
Rule Source Criticality - Low Src Criticality = Low 'Src Criticality' cell = Blue, Text = Black
Rule Source Criticality - Medium Src Criticality = Medium 'Src Criticality' cell = Orange, Text = Black
Rule Source Criticality - Untrusted Src Criticality = Untrusted 'Src Criticality' cell = Gray, Text = Black

 

Report Personalization

The table reports can be personalized by each user.  Individual columns can be sorted ascending or descending as well as pinned to the left or right which will fix the column during scrolling.

The report can also be personalized by adding or removing columns. By clicking the hamburger menu in the upper right, a list of columns will be displayed. The user can enable and disable specific columns for viewing.  After selection is final, click the save button to retain the settings.

Displayed columns can also be personalized.  The user can change the column size (drag between columns) and order of the columns (drag from header).

The updated configuration will apply to all reports of the same type across workspaces by user when the save button in the upper right is selected.

Note:  Select reports have data export and import capabilities.  Details on these features can be found here.

 

System Logs

The system logs features shows a detailed sequence of tasks attempted and completed.  This log is primarily used for system debugging and contains information, errors and warnings derived during system operation.  The system log feature has three views, Workspace, User, and System.  The System view is accessible only by the Administrator and shows the overall operation of system across users and workspaces.  The workspace and user views are available to the Administrator and Workspace Admin.  The user view shows the actions taken by the current user on the open workspace.   The Workspace view shows system actions for the open workspace.  The views can be filtered to show only information, errors, warnings or all.  Errors are generated when a system operation fails to complete.  Warnings are generated during data parsing and when policy / requirement infractions are identified.

 

Background Tasks

The background task functions shows the status of each task spawned by a data import, merge or analysis. A parsing task indicates the imported file is being normalized and hosts inferred.  Merge tasks combine the blueprints into the topology map. Analysis defines all of the paths and reviews the paths against the active policies / requirements to identify infractions for review. If a task gets stuck, the user can select the “i” indicator and cancel a specific task.

Change Tracking

As modifications are made to the network and the updated configuration files are imported, the NP-View automatically detects the changes and logs them in the Change Tracking table. For each change, the timestamp, action, device, and description are recorded.

The actions recorded are as follows:

File import – for each file uploaded, of the following statuses will be displayed

  • successful import” – file imported successfully
  • ignored file: <filename> – unknown file type, ignored
  • failed import” – file failed to import, review help center for reason

Topology map – for each file uploaded, of the following statuses will be displayed for the topology map

  • device path information” – triggered if the connectivity matrix changes
    • Path can be added or removed
    • Assets refers to destination IP addresses
    • Services refers to the unique ports (or any) associated with the imported device
    • Details on the above can be viewed in the Connectivity paths
  • topology updated” – indicates the topology map has been successfully updated
  • topology failure” – indicates the topology map has failed, review help center for reason

Connectivity Paths – for each file uploaded, of the following statuses will be displayed for the workspace

  • workspace analysis updated” – all other tables have been successfully updated

Changes are displayed by calendar day. At the top of the table is a drop down that allows the user to select which day to review. The default is the current day.

The change tracking table can be searched, sorted by any column, switched to a list view, exported, and configured with alternate columns if required. These functions are available in the upper right corner of the table.

 

Connectivity Paths

This report provides a summary of network paths and their analysis results:

  • Destination: IP address of the destination
  • Device Sequence: (PATH_DEV_SEQUENCE) Name of device which contains the rule sequence
  • Ports: The ports that are open along the path
  • Protocol: (PATH_PROTOCOL) The protocol enabled on the path
  • Rule Sequence: (PATH_RULE_SEQUENCE) Access list sequence of rules and reference line number within the configuration file
  • Source: IP address of the source
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each asset.

The IP groups are highlighted with light colors to allow for quick scanning of the table.

 

Compare path history

This interactive report provides a network path comparison between two points in time. When a configuration file is added to the system and is different from the previously imported file, a new “Version” is created.  The user can select two versions to compare.  The resulting table will display the changes between the two files. Removals in the left column and adds in the right column.

Previous Identifying Risks
Next Data Collection Automation
Table of Contents