CIS scan reports

The Scans page displays all scans run within the defined scan data retention period.

The Scan reports tab on the Scans page provides the following information:

  • Name - the name given to the scan when it was run.
  • Scan type - ad hoc or scheduled.
  • Environment - for example, production.
  • Nodes scanned - the total number of nodes included in the scan.
  • Compliance - the percentage of nodes that passed compliance in the scan.
  • Time started - the date and time stamp when the scan was initiated.

Click the row assigned to any scan to go to its Scan report page, which provides details.

For more information on defining the scan data retention period, see Scan data retention policy.

CIS scan report details

The Scan report page provides detailed information on a selected CIS scan.

The metrics bar at the top of the Scan report page is divided into two sections: Compliance scan status and Puppet Enterprise job status.

The Compliance scan status section provides a brief overview of the number of nodes that have passed and failed compliance, the error percentage, the rules that couldn't be evaluated across nodes, and the scan initiation date and time.

The Puppet Enterprise job status section shows the number of nodes that ran the CIS scanner job successfully, the number that failed to run the scanner job, and the number of nodes that showed an error for the scanner job.

On the Scans page, you can click Run an ad hoc scan to kick off a new scan.

More detailed information on the success and failure of rules is given on the Scan report page on the Nodes tab. The Rules tab provides detail on the performance of individual rules in the scan.

Rules tab

On the Scan report page, the table on the Rules tab lists all the rules that were assessed as part of the latest scan. The table provides information on the rule profile and the number of nodes on which the rule failed. To view details about a rule, hover over the rule and click View report.

Nodes tab

The table on the Nodes tab lists all nodes that were part of the latest scan. The table provides information on the node profile, and the percentage of rules in compliance on each node. To view details about a node, hover over the node and click View report.