Viewing results
With IBM Cloud® Security and Compliance Center, you can view the results of a compliance evaluation in the dashboard or by using the API.
Before you begin
Before you get started, be sure that you have the required level of access to view results. To view results, you need the Operator platform role or higher. You must also have access to the credentials that are needed to access your resource configurations.
Understanding the dashboard
As you evaluate your resources, the results are returned via the service UI in graphical and detailed formats.
When you visit the dashboard, there are three graphical representations of data that has been aggregated from your scans. You see the:
- Success rate
- The rate at which your configurations pass the evaluation that is conducted. Note: The number of evaluations conducted does not always match the number of billable evaluations, as there is no charge for assessments evaluated as unable to perform. Be sure to look for the billable evaluations in each scan result if you need to estimate your cost.
- Total controls
- The total number of controls that have been evaluated in the past 30 days.
- Total evaluations
- The total number of evaluations that have been run in the past 30 days. An evaluation is the check of one resource against one assessment.
Viewing detailed results in the dashboard
To view the information of a scan, you can use the Security and Compliance Center UI.
You can filter results by tag. Tags are defined at the platform level. For help creating tags, see Working with tags.
- In the IBM Cloud console, click the Menu icon > Security and compliance to access Security and Compliance Center.
- Click Dashboard.
- In the Detailed results section, find the row for the specific Scope and Profile combination that you want to view results for and click View in the Results column.
A page opens with an Overview of your results. To further investigate, you can view the results by Control or by Resource. Check out the following table to see what information is available in each tab.
Description | |
---|---|
Overview | On the overview tab, you are provided with a graphical representation of your compliance for your selected scan.
Success rate: The rate at which your configurations pass the evaluation that is conducted. Total controls: The total number of controls that were evaluated during this scan. Drift: The difference in results for your selected evaluation timeframe. |
Controls | On the Controls tab, you are provided with an overview of the controls that were evaluated. The controls and their compliance status are listed for the time that the scan was done. |
Resources | On the Resources tab, you are provided with the results for each specific resource that was evaluated. \n
In the JSON tab, you can see the assessment definition.
|
Viewing detailed results with the API
To get a report summary, you can use the Security and Compliance Center API.
curl -X GET
--location --header "Authorization: Bearer {iam_token}"
--header "Accept: application/json"
"https://us-south.compliance.cloud.ibm.com/instances/{instance_id}/v3/reports/{report_id}/summary"
(securityAndComplianceCenterApi *SecurityAndComplianceCenterApiV3) GetReportSummary(getReportSummaryOptions *GetReportSummaryOptions) (result *ReportSummary, response *core.DetailedResponse, err error)
GetReportSummaryOptions getReportSummaryOptions = new GetReportSummaryOptions.Builder()
.reportId(reportIdForReportLink)
.build();
Response<ReportSummary> response = securityAndComplianceCenterApiService.getReportSummary(getReportSummaryOptions).execute();
ReportSummary reportSummary = response.getResult();
System.out.println(reportSummary);
const params = {
reportId: reportIdForReportLink,
};
let res;
try {
res = await securityAndComplianceCenterApiService.getReportSummary(params);
console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
console.warn(err);
}
response = security_and_compliance_center_api_service.get_report_summary(
report_id=report_id_for_report_link,
)
report_summary = response.get_result()
print(json.dumps(report_summary, indent=2))
A successful response returns the detailed report from your scan, along with other metadata. For more information about the required and optional request parameters, check out the API docs.
Viewing detailed results with the CLI
To get a report summary, you can use the Security and Compliance Center CLI. For more information, see the CLI reference.
ibmcloud security-compliance report summary
--report-id=exampleString
--x-correlation-id=exampleString
--x-request-id=exampleString
Viewing detailed results with Terraform
To get a report summary, you can use Terraform.
data "ibm_scc_report_summary" "scc_report_summary" {
report_id = "report_id"
}
For more information, check out the Security and Compliance Center Terraform reference.
Understanding statuses
When you view results in Security and Compliance Center, each evaluation produces a result of pass
, fail
, unable to perform
, or user_evaluation_required
. Check out the following table to
learn more about what each result means.
Result | Description |
---|---|
Pass | Your resource was compliant with the defined standard. |
Fail | Your resource was not compliant with the defined standard. |
Unable to perform | The assessment could not be performed. Potential reasons include the resource not existing in your account, a misconfiguration, or an error on behalf of Security and Compliance Center. |
User evaluation required | The assessment has not yet been automated. To validate that you are meeting the standard, you must check your resource manually. |
Downloading a report
If you need to keep your results for long periods of time, or provide information to key stakeholders, you can download a report.
- In the IBM Cloud console, click the Menu icon > Security and compliance to access Security and Compliance Center.
- Click Dashboard.
- Find the row for the specific Scope and Profile combination that you want to view results for and click the Results link. A page with the details of the latest evaluation opens.
- Click Download report.
A CSV with your evaluation results is downloaded to your local system.