On This Page
Unauthorized Changes Report
Overview
The Unauthorized Changes report generates a list of rule changes that occurred on one or multiple firewalls between a start and end date. It displays every change in the context of device policies. If a rule change impacts subnets in multiple device zones, the change will be displayed multiple times to demonstrate the impact to all relevant zones.
This report enables you to:
-
Know whether a new access policy has been added outside normal change processes.
-
Complete retrospective analysis of all changes made to a device (or devices) during a specific time frame.
What Can I See Here?
Report Information
This section shows general information about the report including report ID, name, time, domain, and devices.
Device Revision Information
In this section, each row displays a device and its revision information.
Create a Unauthorized Changes Report
Prerequisites
-
In the Settings > General page, the administrator must configure the outgoing SMTP server and the remote repository.
Procedure
-
From the Create (
) menu, click Unauthorized Changes.The Setup page for the report appears.
-
Complete the report fields:
-
General: Report name.
-
Domains and Devices: Select a domain and one or more devices or device groups.
-
Policy: Select a policy. Available when you select a single device. This field is not supported for all devices.
-
Dates: Appears when you select more than one device.
-
Start Date
-
End Date
-
-
Revisions: Appears when you select one or more devices.
Select a Start Revision and End Revision.
For each device, STRE compares the selected Start Revision and End Revision to identify unauthorized changes between those two revisions.
The selected revision number appears in the box in the top-right corner. Use the Search option to find a revision by Revision Number or Date. The format for these search strings is as follows:
-
Revision Number:
ID: <Revision number>Example:
ID: 249 -
Date:
Date: YYYY-MM-DDExample:
Date: 2002-10-24
The Unauthorized Changes report compares only the selected Start Revision and End Revision. It does not list individual changes between each intermediate revision within the selected range.
To view every change between adjacent revisions within a selected range, use the Rule and Objects Changes report.
-
-
Export Report:
-
Email: Specify the recipients for notification emails. Press Tab or Enter to separate multiple email addresses.
The email message contains a link to the report in STRE. Reports can be generated as CSV files, and you can select either option or both (if enabled) to include in the email as an attachment. If the report file is larger than 4 MB, the attachment is compressed as a
.zipfile. -
Remote Repository: STRE can export reports using SFTP. Specify the report format - CSV.
If the report finished successfully, you can verify that the new files appear in the Reports Folder path, in the remote repository, configured by your administrator (see Send Reports Using SFTP).
-
- Schedule: Configure the following:
- Repeats: Select the frequency by which the report should run. Options include Daily, Weekly, and Monthly.
- Days of the week: Select one or more days on which the report should run.
- Time: Indicate the time at which the report should run.
Daily: First and last revisions in the last 24 hours
Weekly: First and last revisions for the last seven days
Monthly: First and last revisions for the last 30 days
For scheduled revisions, STRE calculates the Start and End revisions based on the schedule Repeats setting: -
-
Click one of the following:
: Saves the report. The Saved menu lists all saved and scheduled reports.
: Runs the report. After a report runs, you can view the results in the Repo menu.
Available Report Formats
When viewing the report output, use the Export menu to save the report data.
You can save the data for this report as a CSV file. The CSV export option is useful when you want to create your own reports based on the specific data from the report configuration.
