This article provides a list of all the pre-formated reports, and a brief description of what they do.
Venafi Encryption Director (Director) comes standard with three pre-formated reports. With the installation of the SSH Key management Product, 6 more SSH key management reports can be utilized. All reports can be formated for the PDF, or CSV format, and can be delivered by the SMTP, FTP, or SCP protocols.
Reports can be invoked in the reporting tree using either the Webadmin or Winadmin tool. Although it's not called a report, pulling data from the policy tree can be invoked through the policy tree using the Webadmin utility. See the last section of this article for more info. This article focuses on the pre-formated reports you can run in the reports tree.
Certificate Manager reports.
1: Licensing Report- This report shows the current status of product licensing use. The report details are:
- Monitoring Certificates License Count - The number of active certificates configured for monitoring multiplied by the number of additional instances of applications where the certificate is being validated.
- Enrollment Certificates License Count - The number of active certificates configured for enrollment multiplied by the number of additional instances of applications where the certificate is being validated.
- Provisioning Certificates License Count - The number of active certificates configured for provisioning multiplied by the number of instances of applications where the certificate and/or private key is being provisioned.
- Number of unique Agents - The total number of unique agents that have checked in with the product over the past year.
- Symmetric Key License Count - The numbers of active symmetric key objects.
- Managed Certificates - The total number of certificates whose management type is set to the corresponding level (monitoring, enrollment or provisioning) and are enabled for processing.
- Disabled Certificates - The total number of certificates whose processing is disabled, regardless of their management type.
- Base Applications - These application types are included in the base Venafi Encryption Director license. Theses applications are not enumerated.
- Premium Applications - Support for these applications is made available to customers separately from the base. Theses applications are not enumerated.
- Managed Keys - The counts of keys being managed by Venafi Encryption Director.
- Disabled Keys - The total number of keys whose processing is disabled.
- TIP: Note: This report does not count any Certificate or Application objects for which processing is currently disabled.
2: Certificate expiration report- A list of each certificate collated with these columns- Common Name, Contacts, Issuer, Valid To, Mgmnt.
- We also provide a colored coded summary showing how many certificates are due for renewal starting with 5 days, all they way to those already expired.
3: Entitlement report- This report shows a list of users who have access to the encryption management system. This report can take a while to run, because it has to query every object in the tree, For each user, the following information is displayed:
- The identity system that provides the use.
- The name of the user.
- The name of every object in the encryption system.
- Each right the user has to the object.
B: SSH Key reporting.
1: SSH User Key Report- To generate the SSH User Key Report, Director correlates all the public user keys found on your SSH servers with private user keys located on client machines, so the report provides a complete picture of your SSH user key inventory. Because it correlates the public user keys found on the SSH servers with the private keys found on local clients, the SSH User Report can tell you where every user key in your system originates. The report catalogues a list of each discovered key organized with these columns -User, Host, Type, Size, Path.
2: SSH Authorized User Report- The report lists all the user accounts that have access to each SSH server (the server’s authorized users) and, correspondingly, all the user keys associated with each account. It includes:
- Total number of hosts with one or more users with one or more authorized keys.
- Total number of user accounts with one or more authorized keys.
- Total number of unique public and/or private keys.
- Total number of authorizations via public key.
- Total number of authorized keys whose private key location is known.
- Total number of authorized keys whose private key location is unknown.
3: SSH Discrepancy Report - The SSH Discrepancy Report catalogues lost, duplicate, orphaned, and unused SSH keys so you can identify and eliminate risk in your SSH key environment.
- The total number of private keys that have been found in more than one location.
- Uncorrelated authorized user access to keys- Includes instances where public keys authorizing access to user accounts whose private keys were never found.
- Uncorrelated known host-Includes instances of SSH server public keys that are trusted by clients where no corresponding SSH server private keys have been found.
4: SSH Server Summary Report- This report shows all discovered SSH servers, and wether or not they are still active- listening on the right port. To determine risk, it determines the server’s currently supported SSH protocol and indicates if the server allows login with empty passwords, clear text passwords, or public keys.
5: SSH Key Expiration Report - shows all managed SSH keys that have expired or will be expiring within the timeframes designated in the report configuration.
6: SSH Trust Report -provides the same information as the SSH Authorized User Report, but it is presented from the user perspective. The report lists trusted hosts for every SSH user account and correlates the trusted public user keys on SSH servers with the user accounts
Pulling summary data from the Policy tree:
To pull summary data on your certificates, such as common name, status, valid to dates, and key size, without running a report, follow these steps:
- Using the Webadmin tool ( Browser based ) login to your Director server.
- Click on the root of the policy tree.
- Click on the View tab.
- Click on Certificates,
- TIP: You may need to click on the option to 'include sub-Containers'.
- To download this data into any of these forms, click on the export tab over to the right.
- HTML format.
- TAB delimited.
- Comma separated
- XML format.