This article will focus on the Risks & Warnings Report.
NP-View uses reports to present network information related to the open workspace. These reports are available to all users and can be accessed from the main menu. For more information visit the Workspace Reports Overview article.
Accessing the Table
The Risks & Warnings Report can be accessed in two ways. with each way presenting a different data set.
From the main menu: All Risks & Warnings for all devices in the current view.
From the topology: Only Risks & Warnings for the selected device in the current view. Found by clicking a Firewall/ Router/ Switch > its info panel will open > and the user can select Risks Or Warnings from the Data for this Device section.
*From the main menu
*From the info panel
What are Risks & Warnings?
Risk and Warnings are messages generated by default Policies and Requirements in NP-View. These messages are a way of automatically detecting and notifying users of risky or problematic situations on your network. They look for certain criteria, and when found trigger the designated alert. Policies and Requirements are located in the Policy Manager (accessed from the main menu).
NP-View provides sets of default Policies and Requirements that are automatically assigned to all devices when they are imported, and run when network device configuration changes are identified.
Understanding Risks & Warnings Messages
When a potential risk or warning is identified, it will be logged logged in the Risks and Warnings report with a time and date stamp.
Status (New, Confirmed, Resolved, False Positive, Will Not Fix or Fixed). Status definitions are below.
Risk Triage, Status, and Life Cycle
For new risks or warnings, users are expected to
Review each item
Determine if the issue needs to be addressed
Then manually change the status accordingly. To change the status, double click on the status bean, change the status and click the save button.
Status Definitions:
new: new risk or warning identified in the most recent data load.
confirmed: risks or warnings that are acknowledged by the user as a valid problem to address.
resolved: risks or warnings that are closed by the user because the problem has been addressed.
false positive: risks or warnings that are closed by the user because they are not a valid problem to address.
will not fix: risks or warnings that are closed by the user because it was decided to not address them.
Example: Upon subsequent data updates, the system will adjust the status if required. For example:
If the user marks a risk as Resolved and on the next network update the risk is still identified, the status will automatically be changed to Confirmed.
If upon the next update the risk is no longer identified, the status will be changed to Fixed. Fixed items are removed from the list after a period of 7 days.
Commenting on Rules from Risks & Warnings Table
New in NP-View 5.0, the Risks table connects Risks and Warnings directly with the applicable Access Rule. Not only can the status of the Risk be updated, but a comment or justification can be left on the associated rule without ever leaving the Risks & Warnings table.
1. Open the Risks & Warnings table
2. Navigate to the Risk or Waring of your choice
3. In the “Description” column click the plus sign and open the popover for the full description
4. Click the link that says see rule
5. A filtered rules table displaying the relevant rule will open at the bottom of the window for you to investigate and/or make comments on
Risks & Warnings Columns
Time: (RISKWARNING_TIMESTAMP) Date and Time the potential risk was identified and logged.
Type: (RISKWARNING_TYPE) Risk or Warning.
Criticality: (RISKWARNING_CRITICALITY) High, Medium or Low as defined by the identifying policy and requirements.
Workspace: (RISKWARNING_WORKSPACE) Name of the workspace containing the potential risk or warning.
Device: (RISKWARNING_DEVICE) Name of the device containing the potential risk or warning.
Description: (RISKWARNING_DESCRIPTION) Description of the potential risk or warning from the policy manager
Status: (RISKWARNING_STATUS) Current status as defined above.