Report types - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

Address Manager can create the following types of reports. Parameters describes items you can select or specify to define the scope of a report. Sorting indicates the values by which you can sort the information in the report.

User Profile

Description Parameters and Sorting
Lists information for the selected users, including login name, telephone number, email address, security and history privileges, access rights, and workflow settings. Use this report to create a record of user information. User—select a user that you want to include in the report.

Server List

Description Parameters and Sorting
Lists all servers within a configuration, including the server interfaces, type, roles, and object tags. Use this report to document the servers in a configuration.
  • Select Configuration—select the configuration you are working on from the drop-down list.
  • Select Tagselect a tag associated with the servers. Selecting different tags will display servers only associated with the specified tag.
  • Sort Byselect a sorting option.

Unused Object Tags

Description Parameters and Sorting
Lists all tags that have been defined but not assigned to objects. Parent tags or tag groups are included to illustrate the tag hierarchy. Use this report to locate unused tags.
  • Select Tag Groupselect a tag group within which you want to locate unused tags.
  • Sort Byselect sorting options.

Used Object Tags

Description Parameters and Sorting
Lists all tags applied to objects and the number of times the tag is used. Parent tags or tag groups are included to illustrate the tag hierarchy. Use this report to review tag usage and to catalog tagged objects.
  • Select Tag Group—select a tag group within which you want to locate all tags applied to objects.
  • Sort By—select sorting options.

All object Tags

Description Parameters and Sorting
Lists all tags in a tag group. Use this report to review tags within a tag group.
  • Select Tag Group—select a tag group within which you want to review all tags.
  • Sort By—select sorting options.

Configuration Change Detail

Description Parameters and Sorting
Lists a summary of configuration changes made by a selected user. The report provides a summary overview of changes made by the user. Use this report to review change history for a selected user within the specified time frame.
Note: This report can't be scheduled.
  • Start Date—specify the start time and date.
  • End Date—specify the end time and date.
    Attention: If your preferred browser locale does not match the configured Address Manager system language locale, you may experience issues with the date component within Address Manager. If you cannot configure the date component, you must update the browser locale to match the configured Address Manager system language locale. By default, the Address Manager system language locale is configured to English [en-US].

    For more information on supported Address Manager system languages and configuring the Address Manager locale, refer to Setting system language.

    Note: The start and end time and date can't be greater than the current Address Manager server time.
  • User—select a user who you want to generate a summary of configuration changes against.
  • Sort By—select sorting options.

Subnet DHCP Pool Utilization

Description Parameters and Sorting
Lists the utilization levels for all DHCP services on all subnets within an IP block. Use this report to monitor DHCP traffic loads and evaluate DHCP design.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select IPv4 Block or Network—select one or more IPv4 blocks or networks for which you want to generate a report.

Block/Network DHCP Utilization

Description Parameters and Sorting
Lists DHCP utilization percentage and number of addresses in use for each selected block or network. This report doesn't contain detailed DHCP Pool information or information broken down by DHCP Range. Use this report for an overview of how DHCP is operating across a block or network.
  • Select Configuration—select the configuration you are working on from the drop-down list.
  • Select IPv4 Block or Network—select one or more IPv4 Blocks or networks for which you want to generate a report.
  • Show Graphical representation—select this option to include a graphical usage chart in the report instead of percentage and number format.
  • Sort By—select a sorting option.

Block Network Utilization

Description Parameters and Sorting
Lists the IP utilization for a given IP block, broken down by individual networks. This report differs from other DHCP utilization reports by including statically configured devices. Use this report to evaluate IP utilization for both DHCP and statically configured devices within a block.
  • Select Configuration—select the configuration you are working on from the drop-down list.
  • Select IPv4 Block or Network—select one or more IPv4 blocks or networks for which you want to generate a report.

Current DHCP Usage

Description Parameters and Sorting
Lists current DHCP usage for a network between specified times and dates, including IP addresses, the type of lease, the time the lease was granted, and the MAC address of the client. Use this report to review current DHCP leases and usage.
Note: This report can't be scheduled.
  • Start Date—specify the s start time and date.
  • End Date—specify the end time and date.
    Attention: If your preferred browser locale does not match the configured Address Manager system language locale, you may experience issues with the date component within Address Manager. If you cannot configure the date component, you must update the browser locale to match the configured Address Manager system language locale. By default, the Address Manager system language locale is configured to English [en-US].

    For more information on supported Address Manager system languages and configuring the Address Manager locale, refer to Setting system language.

    Note: The start and end time and date can't be greater than the current Address Manager server time.
  • Select Configuration—select the configuration you are working on from the drop-down list.
  • Select IPv4 Network—select an IPv4 network within which you want to review current DHCP leases and usage.
  • Sort By—select sorting options.

DNS View/Zones by Host DNS Server

Description Parameters and Sorting
Lists all DNS views and zones listed according to the servers for which they have deployment roles. Use this report to evaluate DNS strategy along with the statistics on the number of zones, servers, and records.
  • Select Configuration—select the configuration you are working on from the drop-down list.
  • Sort By—select sorting options.

SOA Records

Description Parameters and Sorting
Lists all DNS Start of Authority (SOA) records which have been defined as deployment options within Address Manager. Use this report to determine if SOA records assigned to a lower level object are overriding those assigned to a higher level object.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select View—select a DNS view.
  • Select Zone—select a zone.
  • Sort By—select sorting options.

Past Deployment

Description Parameters and Sorting
Lists all deployments that have occurred on a server. Use this report to audit and troubleshoot changes to the network.
Note: This report can't be scheduled.
  • Start Date—specify the start time and date.
  • End Date—specify the end time and date.
    Attention: If your preferred browser locale does not match the configured Address Manager system language locale, you may experience issues with the date component within Address Manager. If you cannot configure the date component, you must update the browser locale to match the configured Address Manager system language locale. By default, the Address Manager system language locale is configured to English [en-US].

    For more information on supported Address Manager system languages and configuring the Address Manager locale, refer to Setting system language.

    Note: The start and end time and date can't be greater than the current Address Manager server time.
  • Sort By—select sorting options.

Deployment Data Validations

Description Parameters and Sorting
Lists the result of deployment data validation including performed time, validation type, DHCP/DNS Server lists, validation status and log. Use this report to audit the deployment data validation issues.
  • Select Configuration—select the configuration you are working on from the drop-down menu.

Tagged Objects

Description Parameters and Sorting
Lists all objects assigned a specified tag.
  • Select Tag—select a tag.

Objects with a User-Defined Field Value

Description Parameters and Sorting
Lists all objects that have a specified value in a User-Defined field. You can match an exact value or use wildcards to match multiple values.
  • Select Object Type—select an object type for which you want to generate the report.
  • Select User Defined Field—select an user-defined field that you want to look for in the object type specified above.

DNSSEC Signing Summary

Description Parameters and Sorting
Lists DNSSEC signing information for DNS zones, including: whether or not signing is enabled; the DNSSEC Signing Policy assigned to the zone; the start, expiry, and next rollover times for Zone Signing Keys (ZSKs); and the start, expiry, and next rollover times for Key Signing Keys (KSKs).
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select View—select a DNS view containing DNS zones that you want to review.
  • Signed Zone Only—select this option to review signed DNS zones only.

Block/Network Threshold

Description Parameters and Sorting
Lists IP block or network utilization percentage and number of addresses in use for each selected block or network. This report doesn't contain the detailed information broken down by IP address. Use this report to review the most used or the least used IP addresses in the selected IPv4 blocks or networks.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select IPv4 Block or Network—select one or more IPv4 Blocks or networks that you want to review.
  • Threshold Settings—specify the number of networks and percentage (threshold size) that will be displayed in the report. If you want to review the top 10 networks that are being used more than 90% of time, set 10 networks with the option greater than 90%.
  • Sorting—select sorting options.

Block/Network DHCP Threshold

Description Parameters and Sorting
Lists DHCP utilization percentage and number of addresses in use for each selected block or network. This report doesn't contain the detailed information broken down by DHCP range. Use this report to review the most used or the least used DHCP addresses in the selected IPv4 blocks or networks.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select IPv4 Block or Network—select one or more IPv4 Blocks or networks that you want to review.
  • Threshold Settings—specify the number of networks and percentage (threshold size) that will be displayed in the report. If you want to review the top 10 networks that are being used more than 90% of time, set 10 networks with the option greater than 90%.
  • Sorting—select sorting options.

Subnet DHCP Pool Threshold

Description Parameters and Sorting
Lists the utilization levels for all DHCP services on all subnets within the selected IP block or network. Unlike Subnet DHCP Pool Utilization report type, this report only shows the DHCP services that falls within the specified threshold settings. Use this report to monitor the most used or the least used DHCP traffic loads and evaluate DHCP design.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select IPv4 Block or Network—select one or more IPv4 Blocks or networks that you want to review.
  • Threshold Settings—specify the number of networks and percentage (threshold size) that will be displayed in the report. If you want to review the top 10 networks that are being used more than 90% of time, set 10 networks with the option greater than 90%.
  • Sorting—select sorting options.

IPv4 Reconciliation Result

Description Parameters and Sorting
Lists information for the IP addresses discovered by an IPv4 reconciliation policy according to their IP address state and type. The result will include details of the IP address, Type, Network, FQDN, and Mac address.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • IP Address State—select the state of the IPv4 address.
  • Non-dynamic—an IP address which can be Unallocated, Static, DHCP free, Reserved, or a Gateway.
  • Dynamic—an IP address which can be DHCP Allocated or DHCP Reserved.
  • IP Address Type—select the type of IPv4 address.
  • Reclaim—an IP address that exists in Address Manager but not on the physical network.
  • Unknown—an IP address that exists on the physical network, but not in Address Manager.
  • Mismatch—an IP address that exists in both Address Manager and on the network, but where the MAC address, DNS host name information, VLAN information or connected switch port doesn't match.
  • Policy—select one or more IPv4 Reconciliation policies created at the configuration, IPv4 block, or network level.

Response Policy Zone (RPZ) Activity by Category

Description Parameters and Sorting
Lists information for the DNS-exploiting malware categories. The Response Policy Zone (RPZ) Activity by Category report provides information organized by the type of malware category. The result will include details of the Category, Number of Queries, Target Hosts, Query Sources and Last seen.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select Server—select the server(s) for which you want to generate a report.
  • All Servers—if selected, the Response Policy Zone (RPZ) Activity by Category report will be generated for all servers that are configured with BlueCat Threat Protection.
  • Specific Servers—select this option to generate the report for only servers that you will be selecting. If selected, The Servers field will be activated for you to select servers.
  • Servers—select a server from the drop-down menu and click Add to include the server to the list of servers for which the Response Policy Zone (RPZ) Activity by Category report will be generated. Select a server from the list and click Remove to delete the server from the list. Only the servers with the Response Policy Zone and Threat Protection feature configured will be shown in the drop-down menu.
  • Sorting—select sorting options. Information in the Response Policy Zone (RPZ) Activity by Category report can be sorted by Queries, Target Hosts, Query Sources and Last Seen.

Response Policy Zone (RPZ) Activity by Target

Description Parameters and Sorting
Lists information for target hosts that DNS malwares tried to access. The Response Policy Zone (RPZ) Activity by Target report provides information organized per target host, showing the number of queries and IP address of the query sources. The result will include details of the Target Hosts, Queries, Query Sources and Last seen.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select Server—select the server(s) for which you want to generate a report.
  • All Servers—if selected, the Response Policy Zone (RPZ) Activity by Target report will be generated for all servers that are configured with BlueCat Threat Protection.
  • Specific Servers—select this option to generate the report for only servers that you will be selecting. If selected, The Servers field will be activated for you to select servers.
  • Servers—select a server from the drop-down menu and click Add to include the server to the list of servers for which the Response Policy Zone (RPZ) Activity by Target report will be generated. Select a server from the list and click Remove to delete the server from the list. Only the servers with the Response Policy Zone and Threat Protection feature configured will be shown in the drop-down menu.
  • Sorting—select sorting options. Information in the Response Policy Zone (RPZ) Activity by Target report can be sorted by Queries, Query Sources and Last Seen.

Response Policy Zone (RPZ) Activity by Source

Description Parameters and Sorting
Lists information for DNS malware attack query sources. The Response Policy Zone (RPZ) Activity by Source report provides information organized by Query Source, showing the target hosts to which the query source has attempted to access. The result will include details of the Target Hosts, Queries, Query Sources and Last seen.
  • Select Configuration—select the configuration you are working on from the drop-down menu.
  • Select Server—select the server(s) for which you want to generate a report.
  • All Servers—if selected, the Response Policy Zone (RPZ) Activity by Source report will be generated for all servers that are configured with BlueCat Threat Protection.
  • Specific Servers—select this option to generate the report for only servers that you will be selecting. If selected, The Servers field will be activated for you to select servers.
  • Servers—select a server from the drop-down menu and click Add to include the server to the list of servers for which the Response Policy Zone (RPZ) Activity by Source report will be generated. Select a server from the list and click Remove to delete the server from the list. Only the servers with the Response Policy Zone and Threat Protection feature configured will be shown in the drop-down menu.
  • Sorting—select sorting options. Information in the Response Policy Zone (RPZ) Activity by Source report can be sorted by Queries, Target Hosts and Last Seen.
Note: Response Policy Zone (RPZ) Activity by Category, Response Policy Zone (RPZ) Activity by Target and Response Policy Zone (RPZ) Activity by Source report types are supported on DNS/DHCP Server v8.0.0 or greater. In order to generate this report for earlier software versions, you need to place the following Perl script and Perl module in the /usr/local/bluecat/reports directory in your DNS/DHCP Servers:
  • generateReportWrapper.pl
  • GenerateCSV.pm

To obtain the above files, go to https://care.bluecatnetworks.com/kA140000000L8Pa

Note: In the Objects with a User-Defined Field Value report, you can match a specific value in the user-defined field or you can use wildcards to match multiple values.
  • To match a specific value, type the value in the Value field.
  • The following wildcards are supported in the Value field:
    • ^ —matches the beginning of a string. For example: ^ex matches example but not text.
    • $ —matches the end of string. For example: ple$ matches example but not please.
    • * —matches one or more characters within a string. For example: ex*t matches exit and excellent.