About IBM Tivoli Endpoint Manager for Security and Compliance Analytics

Security and Compliance Analytics (SCA) is a web-based reporting and analysis application that aggregates the results of your security configuration checks and is used for auditing and evaluating success toward continuous compliance with those checks. It includes role-based access permissions, and provides users with flexible, historical report filters, measured values, exceptions management, and saved reports. SCA is based on the TEM Analytics platform. Additional information is available on the Security and Compliance Analytics documentation page.

TEM SCA Overview Report TEM SCA Computers Report

 

 

 

About the SCA Reports

Each report is automatically scoped to the logged-in user's permissions, so each user sees only the computers and content he or she is entitled to see. Furthermore, each report displays historical check results data and is extensively configurable. Using any of the hundreds of asset inventory attributes and metadata about the checks, checklists, and exceptions, the user may add and remove visible columns, apply filters, and change the date ranges displayed for each report. The report templates are:

I. OVERVIEWS

A) Deployment Overview

One per deployment, but like all other report types, scoped based on the logged-in user's permissions; it displays aggregate information about the entire deployment: all computers X all checklists X all check results X all exceptions.

B) Checklist Overviews

Each checklist in a deployment has a checklist overview, scoped based on the logged-in user's permissions; each checklist overview displays the aggregate information about the given checklist: all computers reporting data for the checks in the checklist X all check results X all exceptions for checks in the given checklist.

C) Check Overviews

Each check in the deployment has a check overview, scoped based on the logged-in user's permissions; each check overview displays the aggregate information about the given check: all computers reporting data for the check X all check results X all exceptions for computers evaluating the given check.

D) Computer Overviews

Each computer in the deployment has a computer overview; each computer overview displays the aggregate information about the given computer: all check results for the computer X all exceptions for checks excepted for the given check.

E) Computer Group Overviews

Each computer group in a deployment has a computer group overview, scoped based on the logged-in user's permissions; each computer group overview displays aggregate information about the group: all children groups x computer members of the group X all checklists applicable to the group X all check results for all computers in the group X all exceptions applied to all computers in the group.

II. LIST REPORTS

A) Checklists Lists

Each deployment has a master checklist list report, each computer has a checklist report, and each computer group has a checklist list report; each checklist report displays a list of checklists within the applicable scope; each checklist in the list displays checklist metadata and the aggregate compliance score for each checklist (computers X checks X check results for the computers reporting results for checks in the checklist X exceptions applied to computers reporting data for any checks in the checklist)

B) Check Lists

Each deployment has a master check list and each computer group has a check list; each check list displays the list of checks within the applicable scope of computers along with check metadata and the aggregate compliance score for each check in the check list (computers X check results for the computers reporting results for the check X exceptions applied to any computer reporting data for the check)

C) Computer Lists

Each deployment has a master computer list report, each checklist has a computer list report, each computer group has a computer list report, and each check has a computer list report; each computer list report displays a list of computers within the applicable scope; each computer in the list displays computer metadata and the aggregate compliance score for each computer

D) Computer Group Lists

Each deployment has a master computer groups list report, each computer group has a computer group list report (if it has child groups), each checklist has a computer group list report, each computer has a computer group list report, and each check has a computer group list report; each computer group list report displays a list of groups within the applicable scope; each computer group in the list displays computer group metadata and the aggregate compliance score for each computer group (computers in the group X check results for the computers in the group X exceptions applied to computers in the computer group)

III. CHECK RESULTS LISTS

This is the most atomic level in the system: each check result for each computer is represented in the list. Each deployment has a master check results list report, each computer has a check results list report, each checklist has a check results list report, each check has a check results list report, and each computer group has a check results list report; each line item in a check results list report represents a check-computer pair, displaying check and computer metadata as well as the check compliance status for the computer.

IV. EXCEPTIONS LISTS

Each deployment has a master exceptions list report, each checklist has an exceptions list report, each check has an exceptions list report, each computer has an exceptions list report, and each computer group has an exceptions list report; each exceptions list report displays the list of exceptions applied to computers within the give scope along with computer metadata, check metadata, and information about the exception (reason, start date, expiration, status, etc).

 

 

About the TEM Analytics API

 

IBM® Tivoli® Endpoint Manager for Security and Compliance Analytics 1.1 and later supports an HTTP-based data API. This API provides remote-able access to all of the roll-ups and data elements included in the analytics warehouse.

The SCA server supports an HTTP-based data API. Using this API, you make authenticated HTTP GET requests to the Tivoli Endpoint Manager Analytics server, and receive responses containing JSON-encoded representation of the requested resource. Using URL query parameters, you can apply filters to the data, specify what order it should be returned in, and select a subset of columns or rows. This API provides remote-able access to all of the roll-ups and data elements included in the analytics warehouse.

Although SCA includes a rich reporting and graphical visualization UI, the historical security compliance data housed in a Tivoli Endpoint Management (TEM) SCA deployment may be valuable in other applications, such as a security monitoring tool, security data aggregator, governance risk and compliance application, or various enterprise dashboards. This API is used to programmatically and interactively pull data from the warehouse into these other applications.
 
More information is available on the TEMA API page.