4. Reports & Dashboards
NP-Live and NP-View provide reports that present network information related to the open workspace. These reports are available to all users and can be accessed from the left menu.
This report provides a summary of all device rules loaded into the workspace.
A rule with a strikethrough shows that the rule is disabled. It is based on the parsed field “enabled” that can be either “true” or “false”. Columns can be displayed or hidden using the
feature in the upper right corner of the report.
By clicking on +, additional details for each rule is presented including: User-defined comment (justification) and justification tag, Click on the +Add to add a new comment or the trash can to delete a comment.
This report provides a summary of all assets loaded into the workspace including: Firewalls, Routers, Switches, Gateways and Hosts.
If an IP address is displayed as 0.0.0.0 this device has an IP address assigned by DHCP and while the device was detected, an IP address could not be extracted.
Unmapped hosts have enough information for identification but not for mapping purposes on the topology map.
As modifications are made to the network and the updated configuration files are imported, the NP-Live and NP-View automatically detects the changes and logs them in the Change Tracking table. For each change, the timestamp, action, device, and description are recorded.
The actions recorded are as follows:
File import – for each file uploaded, of the following statuses will be displayed
- “successful import” – file imported successfully
- “ignored file: <filename>” – unknown file type, ignored
- “failed import” – file failed to import, review help center for reason
Topology map – for each file uploaded, of the following statuses will be displayed for the topology map
- “device path information” – triggered if the connectivity matrix changes
- Path can be added or removed
- Assets refers to destination IP addresses
- Services refers to the unique ports (or any) associated with the imported device
- Details on the above can be viewed in the Connectivity paths
- “topology updated” – indicates the topology map has been successfully updated
- “topology failure” – indicates the topology map has failed, review help center for reason
Connectivity Paths – for each file uploaded, of the following statuses will be displayed for the workspace
- “workspace analysis updated” – all other tables have been successfully updated
Changes are displayed by calendar day. At the top of the table is a drop down that allows the user to select which day to review. The default is the current day.
The change tracking table can be searched, sorted by any column, switched to a list view, exported, and configured with alternate columns if required. These functions are available in the upper right corner of the table.
This report provides a summary of network paths and their analysis results:
The IP groups are highlighted with light colors to allow for quick scanning of the table.
Compare path history
This interactive report provides a network path comparison between two points in time. When a configuration file is added to the system and is different from the previously imported file, a new “Version” is created. The user can select two versions to compare. The resulting table will display the changes between the two files. Removals in the left column and adds in the right column.
Object groups classify users, devices, or protocols into “groups” and apply those groups to access control lists (ACLs) to create access control policies for those groups. This report provides a summary of network ACL object groups including: Host IP addresses, network address of group members, and nested object groups.
Note: The parsing algorithms between NP-View Java and the NP-Live platform differ slightly in that default but unused groups displayed in NP-View have been filtered out in NP-Live.
Risks & Warnings
When a potential risk or warning is identified, it is logged in the “Risks and Warnings” table with a time and date stamp. Each potential risk is assigned a “type” (Risk or Warning) and a Criticality (High, Medium, Low) based on the active policies in the Policy manager. Additionally, the device name and a description of the infraction is listed with the status (New, Confirmed, Resolved, False Positive, Will Not Fix or Fixed).
Risk & Warning Status and Life Cycle
For new risks or warnings, the expectation is that the user will review each item, determine if the issue needs to be addressed and they can manually change the action status accordingly.
- confirmed: new risks or warnings that are acknowledged by the user as a valid problem to address
- resolved: risks or warnings that are closed because the problem has been addressed
- false positive: risks or warnings that are closed because they are not a valid problem to address
- will not fix: risks or warnings that are closed because it was decided to not address them
Upon subsequent network updates, the system will adjust the status if required. For example:
- If the user marks a risk as Resolved and upon the next network update the risk is still identified, the status will automatically be changed to Confirmed.
- If upon the next network update the risk is no longer identified, the status will be changed to Fixed. Fixed items are removed from the list after a period of 7 days.
All of the above tables are continuous scroll and can be searched by table or column. Searches can be combined. The report can also be personalized by adding / removing columns, changing column size and order of the columns. The updated configuration can be globally saved by user by selecting the save button in the upper right.
NP-Live provides a Dashboard that presents summary information related to the active workspace. The Dashboard is available to all users and can be accessed from the main menu on the top-left corner. The Dashboard contains the following widgets:
Topology Summary: Count of all Networks, Paths, Rules and Object Groups for the devices loaded into the workspace. This widget drills to the appropriate report (Connectivity Paths, Access Rules, Object groups).
Asset Summary: Count of all devices loaded into the workspace including: Firewall, Switch, Host, Gateway and Routers. This widget drills to the Asset Inventory report filtered by the device type selected.
Best Practice Summary: Summary of issues identified that do not follow industry best practice including: Unused Groups, Unjustified Rules, ACL w/o Deny, Unnamed Nodes. The Best Practice report can be launched from this widget.
Network Access Overview: Provides a summary of Paths and the associated services on those paths. This widget drills into the Connectivity Paths for the service selected.
Change Tracking: Provides a summary of workspace changes for a specific day and has three components:
- Risks & Warnings shows a summary or workspace related Risks, Changes, Warnings, Errors, and Comments. The filter lets the user select to view by type, status and criticality.
- Path Summary shows the number of paths added or removed.
- File Upload shows a summary of the number of new files added and files removed from the workspace.
The calendar function allows the user to select day for which to view the change tracking information
Policies: Provides a summary of Active and Disabled Policies as well as Active and Disabled Requirements. This provides visibility into unmonitored devices and unused requirements.
The system logs features shows a detailed sequence of tasks attempted and completed. This log is primarily used for system debugging and contains information, errors and warnings derived during system operation. The system log feature has three views, Workspace, User, and System. The System view is accessible only by the Administrator and shows the overall operation of system across users and workspaces. The workspace and user views are available to the Administrator and Workspace Admin. The user view shows the actions taken by the current user on the open workspace. The Workspace view shows system actions for the open workspace. The views can be filtered to show only information, errors, warnings or all. Errors are generated when a system operation fails to complete. Warnings are generated during data parsing and when policy / requirement infractions are identified.
The background task functions shows the status of each task spawned by a data import, merge or analysis. A parsing task indicates the imported file is being normalized and hosts inferred. Merge tasks combine the blueprints into the topology map. Analysis defines all of the paths and reviews the paths against the active policies / requirements to identify infractions for review. If a task gets stuck, the user can select the “i” indicator and cancel a specific task.
Next: Connectors and Notifications
Next, please proceed to the Connectors and Notifications section to learn how to set up data collection connectors and real time notifications. If you have any question, please don’t hesitate to contact firstname.lastname@example.org.