Device Audit Report

Overview

This report helps you maintain security and compliance across your network by enabling you to:

Identify violations that require remediation.
Ensure devices are regularly and consistently audited.

Live and offline devices

The report can be run on both live and offline devices:

Live devices are devices actively monitored by SecureTrack.
Offline devices are devices not monitored by SecureTrack, but can still be checked in the Device Audit report by uploading a device configuration file.

Live audits are supported for a limited number of vendors, while offline audits can be performed for any vendor using a device configuration file. See Supported live devices.

Custom compliance tests

You can define custom compliance checks for live and offline devices to:

Establish your own rules (e.g., password length, session timeouts).
Audit devices from vendors not directly supported by Tufin.
Monitor devices that cannot connect directly to SecureTrack.

This flexibility allows you to maintain and update compliance checks independently, without waiting for new SecureTrack (STRE) updates.

Individual devices and device groups

You can run this report across individual devices, or predefined device groups including devices from the same device type and vendor. To create device groups, see Working with device groups.

Supported Live Devices

The Device Audit report provides compliance testing for some firewalls managed by Palo Alto Panorama devices, Cisco IOS routers, Cisco ASA firewall devices, Check Point SmartCenter devices, or Fortinet Manager devices. Refer to your account team for the most updated list of supported devices.

The report determines how well the device configurations meet the vendor's CIS Benchmarks requirements (when available, or the vendor's best practices when not available).

Note that for Fortinet and Panorama devices, you only need to open a connection to the management device and not to each managed device.

What Can I See Here?

Report Information

The Report Information section includes details such as the report ID, name, time, domain, and devices selected during report creation.

Total Compliance Result

This section shows the average compliance summary for all devices.

Device Information

For each device, this section includes shows the Audit Compliance Score, Audit Severity Summary, and Audit Results. It shows how well the device configurations meet the vendor's CIS Benchmarks requirements (when available, or the vendor's best practices when not available)

Create a Device Audit Report

Prerequisites

In the Settings > General page, the administrator must configure the outgoing SMTP server and the remote repository.

Before running the Device Audit report, you must define device credentials.
There are ports that are required to run this report. For more information, See Central Cluster Ports.

Procedure

From the Create () menu, click Device Audit.

The Setup page for the report appears.
Complete the common fields for all reports:
- General: Report name.
- Domains and Devices: Select a domain, and then select the devices or device groups.
- Audit:
  
  The options available vary depending on the selected device type. All options in all audit categories are selected by default for inclusion.
  
  Live devices
  For fields in an audit category that require numerical input, indicated by the Edit button, you can configure the value as needed. For example, for AAA audits, you can configure the number of failed attempts for Local Authentication Max Failed Attempts.
- Export Report:
  - Email: Specify the recipients for notification emails. Press Tab or Enter to separate multiple email addresses.
    
    The email message includes a link to the report in STRE.
    
    Select the format of the report to include in the email as an attachment, as PDF, CSV, or both. Reports larger than 4 MB are compressed as .zip files.
  - Remote Repository: STRE can export reports using SFTP. Specify the report format - PDF or CSV.
    
    If the report finished successfully, you can verify that the new files appear in the Reports Folder path, in the remote repository, configured by your administrator (see Send Reports Using SFTP).
- Schedule: Configure the following:
  - Repeats: The frequency at which the report runs: Daily, Weekly, or Monthly.
  - Days of the week: Available for Weekly and Monthly frequencies.
    - For Weekly, runs the report on each selected day at the specified time. For example, if you select Monday, the report runs every Monday.
    - For Monthly, this is one of two scheduling options. Runs report on the first occurrence of the selected day of the week in the month at the specified time. For example, if you select Monday, the report runs on the first Monday of the month.
  - Calendar Month: Available only for Monthly frequencies. This is the second monthly scheduling option. Runs report on the 1st or 15th of the calendar month. Reports based on calendar months run automatically at midnight.
  - Time: The time at which the report should run.
Click one of the following:

: Saves the report. The Saved menu lists all saved and scheduled reports.

: Runs the report. After a report runs, you can view the results in the Repo menu.

Available Report Formats

When viewing the report output, use the Export menu to save the report data.

You can save the data for this report as a CSV file or PDF output file.

The CSV export option is useful when you want to create your own reports based on the specific data from the report configuration.
When you select PDF, check the Export menu again for the PDF is ready status and click the link to view the PDF output.