6. Workspaces, Reports & Dashboard

You are here:
< All Topics

Workspaces

When first entering NP-View HTML or NP-Live, the user will be presented with the home page through which workspaces are available. Workspaces are used to organize devices into functional segments for analysis and visualization. Creating a workspace (+Add New Workspace) or selecting an existing workspace will open the Workspace canvas into which device configurations can be imported and organized.  Tip: one or more device configurations can be dropped onto the workspaces page to begin the workspace creation process.

Workspace Users (Groups)

Each user will be assigned by the administrator to one of three user groups, Administrator, Workspace Admin and Viewer.  Administrator and  Workspace Admin’s can create and view workspaces.  To create a new workspace, the user will click “+Add New Workspace”, name the workspace and select the compliance framework to assign to the workspace.  After clicking the “Create Workspace” button, a new, empty workspace will be created where the user can begin importing configuration files. Workspaces are designed to allow the user to segment their network devices for easy reporting and visualization. Once a workspace is created, users can share the workspace with other users by name or user group, transfer ownership of a workspace to a different user or export the workspace.  Viewers have no authoring capability and can only view workspaces that have been shared with them by Administrators or Workspace Admin’s.

Note:  The share workspace feature has a known issue where users added to a user group post sharing of a workspace with the group will not be automatically added to the share. The resolution is to either add the user to the required workspaces or unshare and reshare the workspace with the group.

Note:  If a workspace is shared with a user, the workspace cannot be transferred to the shared user.  The workspace must first be unshared prior to attempting the transfer.

Workspace Export

Administrators and Workspace Admin’s can export a workspace for backup and retention purposes.  Using the share workspace features, the user an select to export the workspace.  Once export is selected, a background task will be initiated to create a downloadable image.  This process can take several minutes depending on the complexity of the workspace.  Once processing is complete, the user can return to the share function screen and download the image. The user also ahs the ability to delete the image from the server.

Workspace Import

Administrator and Workspace Admin’s can import a previously saved workspace or project file from NP-View Gen I (Java).  From the workspace screen, the user will create a new workspace.  Once created, the user can drag and drop the backup image (or project file) to the workspace for processing.  If the user loads a backup workspace into an existing workspace, the workspace contents will be replaced with the contents of the uploaded image. When a workspace or project file is imported, complete end-to-end processing of the data is required and may take several minutes for the topology to render.

Tip: one or more saved workspace or NP-View Gen I projects can be dropped onto the workspaces page.  A new workspace will be created with the name of the file and the information loaded into the new workspace.

Workspace Reports

NP-Live and NP-View provide reports that present network information related to the open workspace.  These reports are available to all users and can be accessed from the left menu.

Asset inventory

This report provides a summary of all assets loaded into the workspace including: Firewalls, Routers, Switches, Gateways and Hosts.  The table includes:

  • Alias: List of alternative names identified in configuration(s), separated by “:”.
  • Category: User assigned category from the topology map.
  • Created At: Time and date when the device was added to the workspace.
  • Created By: Files used to create the device or host.
  • Criticality: User assigned criticality from the topology map.
  • Description: Description from the configuration file if available.
  • Hostname: Device name as defined from a host file.
  • IP address: IP address of the device, gateway, or host.
  • Label: Initially mirroring the Name field but can be changed by the user on the topology map and represented in this field.
  • Name: Device host name as defined in a configuration file.
  • OS: Host operating system derived from third party data files,
  • Services: Host services derived from third party data files,
  • Type: Device type; firewall, router, switch, gateway, host, unmapped host.
  • Updated At: Time and date when the device was last updated (configuration change).
  • Updated By: Type of file used to update the device.
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each asset.

If an IP address is displayed as 0.0.0.0 this device has an IP address assigned by DHCP and while the device was detected, an IP address could not be extracted.

Unmapped hosts have enough information for identification but not for mapping purposes on the topology map.

Rule table

This report provides a summary of all device rules loaded into the workspace.  The table includes:

  • ACL: Name of the access list under which the rule is defined.
  • ACL Hits: Number of times the ACL was accessed (only implemented for Cisco so far and requires importing logs).
  • Action: Permit or deny.
  • Application: Filtered application name associated with the rule (only for next-gen firewall).
  • Compared Result: Used only when a previous version of the ruleset is selected to show rules added / unchanged / removed.
  • Description: Remarks associated with rules.
  • Details: Links to the config file and pat table for the selected rule.
  • Destination: Object group destination for the rule.
  • Device: Device host name as defined in a configuration file.
  • Dst Binding: Outbound interface to which the rule is bound.
  • Dst Criticality: Criticality of the object group destination (or the parent zone containing the object group destination).
  • Enabled: Rule is enabled (True / False).
  • Line #: Line number(s) in the configuration text file where the rule can be found.
  • Risk: Compliance or security risk associated with rule based on NP and user defined policies / requirements.
  • Rule: Name of the rule found in the configuration. If the rule doesn’t have a name, the value is RULE_X where X is the rule index.
  • Src Binding: Inbound interface to which the rule is bound.
  • Service: Object group service associated with the rule.
  • Source: Object group source for the rule.
  • Src Criticality: Criticality of the object group source (or the parent zone containing the object group source).
  • Type: Type of rule (regular or VPN).
  • User: Filtered user name associated with the rule.
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each asset

A rule with a strikethrough shows that the rule is disabled. It is based on the parsed field “enabled” that can be either “true” or “false”. Columns can be displayed or hidden using the

feature in the upper right corner of the report.

By clicking on +, additional details for each rule is presented including: User-defined comment (justification) and justification tag, Click on the +Add to add a new comment or the trash can to delete a comment.

Rapid Rule Population

To facilitate rapid rule population, the rule table can be exported to a .csv file by clicking the “Export” button on the upper left corner. Each comment will be tagged with the priority, author and time/date stamp as shown below in the export. OK = Low, To Review = Medium and To Revise = High.

[Low]Rule Justification Comment 1 By alan- Jan 11 2021 03:36 pm

Multiple comments for the same rule will be separated by the || (or) function

[Low]Rule Justification Comment 1 By alan- Jan 11 2021 03:36 pm || [To Review]Rule Justification Comment 2 By alan- Jan 11 2021 04:36 pm

To add a new comment, delete the existing comment in the file and add the new text with the optional criticality. For example:  [High] This is a critical comment. If no cititicality is assigned, the criticality will default to “Low”. The new comment will be appended to the existing comment list with a new date and time stamp. Existing comments will not be modified. The updated file can be imported with the “Import” button.

Note, only the comment field will be imported, other changes made to config file will be ignored. Commas used within a comment will be replaced with periods to be properly parsed as a .csv file.

Object group table

Object groups classify users, devices, or protocols into “groups” and apply those groups to access control lists (ACLs) to create access control policies for those groups.  This report provides a summary of network ACL object groups including:  Host IP addresses,  network address of group members, and nested object groups. The table includes:

  • Name: Name of the object group which may include:
    • Any IP address–includes a range from 0.0.0.0 to 255.255.255.255
    • Host IP addresses
    • Hostnames
    • Other network object groups
    • Ranges of IP addresses
    • Subnets
  • Origin: Name of the device containing the object definition
  • Type: Address, Service or Protocol
  • Value: Content of the object group
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each ass

The parsing algorithms between NP-View Java and the NP-Live platform differ slightly in that default but unused groups displayed in NP-View have been filtered out in NP-Live.

Path table

This report provides a summary of network paths including:

  • Destination: IP address of the destination
  • Device Sequence: Name of device which contains the rue sequence
  • Ports: The ports that are open along the path
  • Protocol: The protocol enabled on the path
  • Rule Sequence: Access list sequence of rules and reference line number within the configuration file
  • Source: IP address of the source
  • + Comment: Drop down for user entered comments (or justification) and criticality levels (low, medium, high).
  • Comment Count: Label less column that indicates the number of comments available for each ass

The IP groups are highlighted with light colors to allow for quick scanning of the table.

Compare path history

This interactive report provides a network path comparison between two points in time. When a configuration file is added to the system and is different from the previously imported file, a new “Version” is created.  The user can select two versions to compare.  The resulting table will display the changes between the two files. Removals in the left column and adds in the right column.

Report Personalization

All of the above tables are continuous scroll and can be searched by table or column.  Searches can be combined.  The report can also be personalized by adding / removing columns, changing column size and order of the columns.  The updated configuration can be globally saved by user by selecting the save button in the upper right.

Workspace Dashboard

NP-Live provides a Dashboard that presents summary information related to the active workspace.  The Dashboard is available to all users and can be accessed from the main menu on the top-left corner.  The Dashboard contains the following widgets:

Topology Summary: Count of all Networks, Paths, Rules and Object Groups for the devices loaded into the workspace.  This widget drills to the appropriate report (Path table, Rule table, Object group table).

Asset Summary:  Count of all devices loaded into the workspace including: Firewall, Switch, Host, Gateway and Routers.  This widget drills to the Asset Inventory report filtered by the device type selected.

Best Practice Summary:  Summary of issues identified that do not follow industry best practice including:  Unused Groups, Unjustified Rules, ACL w/o Deny, Unnamed Nodes.  The Best Practice report can be launched from this widget.

Network Access Overview: Provides a summary of Paths and the associated services on those paths. This widget drills into the Path table for the service selected.

Change Tracking: Provides a summary of workspace changes for a specific day and has three components:

  • Risks & Warnings shows a summary or workspace related Risks, Changes, Warnings, Errors, and Comments.  The filter lets the user select to view by type, status and criticality.
  • Path Summary shows the number of paths added or removed.
  • File Upload shows a summary of the number of new files added and files removed from the workspace.

The calendar function allows the user to select day for which to view the change tracking information

Policies: Provides a summary of Active and Disabled Policies as well as Active and Disabled Requirements.  This provides visibility into unmonitored devices and unused requirements.

System Logs

The system logs features shows a detailed sequence of tasks attempted and completed.  This log is primarily used for system debugging and contains information, errors and warnings derived during system operation.  The system log feature has three views, Workspace, User, and System.  The System view is accessible only by the Administrator and shows the overall operation of system across users and workspaces.  The workspace and user views are available to the Administrator and Workspace Admin.  The user view shows the actions taken by the current user on the open workspace.   The Workspace view shows system actions for the open workspace.  The views can be filtered to show only information, errors, warnings or all.  Errors are generated when a system operation fails to complete.  Warnings are generated during data parsing and when policy / requirement infractions are identified.

Table of Contents