Skip to content

Main Menu

Contains three subsections presenting an overview of the environment, issues discovered and history trend.

Dashboard

The Runecast Analyzer Main Dashboard is the central page that provides a summary of your virtual environment and detected issues. Navigate to the Runecast Analyzer Web Interface URL https://<appliance IP> and login with valid credentials.

Tip

By default, the local user credentials are as follows:

  • Username: rcuser
  • Password: Runecast!

If you have configured Runecast Analyzer to use Active Directory then you can use an Active Directory account. Make sure to specify the username in one of the following formats:

  • <username>
  • <username@domain.com>

Based on a number of Systems configured (one or multiple), and the selection done on the Context, the Dashboard will provide slightly different views.

Components displayed when only one system type is connected or selected in Context:

  • Analyze now button
  • Configuration Issues by Severity
  • Configuration Issues by Layer
  • Log Issues
  • KBs Applicable
  • Security Compliance
  • Best Practice Adoption
  • Issues History
  • Hosts with Most Issues
  • Analysis Detail

  • Analyze now button
  • Configuration Issues by Severity
  • KBs Applicable
  • Best Practice Adoption
  • Issues History
  • Analysis Detail

  • Analyze now button
  • Badges showing the health status of the resources
  • History of issues for resources
  • Regions of affected resources

  • Analyze now button
  • Configuration Issues by Severity
  • KBs Applicable
  • Security Compliance
  • Best Practice Adoption
  • Issues History
  • Analysis Detail

  • Analyze now button
  • Configuration Issues by Severity
  • KBs Applicable
  • Best Practice Adoption
  • Issues History
  • Analysis Detail

  • Analyze now button
  • Configuration Issues by Severity
  • Best Practice Adoption
  • Security Compliance
  • Vulnerabilities Detected
  • Issues History
  • Analysis Detail

  • Analyze now button
  • Issues by Severity
  • Best Practice Adoption
  • History of Affected Objects
  • Network & Security
  • Storage & Databases
  • Compute & Containers
  • Identity & Subscriptions
  • Analyzed Knowledge Profiles

  • Analyze now button
  • Issues by Severity
  • Vulnerabilities
  • Configuration Issues by Layer
  • Analyzed Knowledge Profiles
  • History of Findings

Components displayed when multiple systems are connected and All Systems is selected in Context:

  • Analyze now button
  • Configuration Issues by Severity
  • Configuration Issues by Layer
  • Log Issues
  • KBs Applicable
  • Security Compliance
  • Best Practice Adoption
  • Issues History
  • Hosts with Most Issues
  • My Systems
  • Vulnerabilities Detected
  • HW Incompatible Hosts

Analyze now button

Click this button to initiate a scan and perform an analysis of all configuration data in your virtual infrastructure. It is recommended that you enable and configure automated scheduled scans – see Automatic scheduler. For more information about the Analyze now button, please check section Connect to a System and Analyze).

Configuration Issues by Severity

The widget located at the top-left corner of the dashboard provides a quick summary on the number of issues found in the environment, grouped by severity. In the All Systems view it provides the summary across all Systems connected.

Configuration Issues by Layer

The widget is located on the left side of the dashboard, below Configuration Issues by Severity. It provides a quick summary of the number of issues found in the environment, grouped by layer and severity. Each severity has a related icon:

  • Critical
  • Major
  • Medium
  • Low

In the All Systems view it provides the summary across all Systems connected.

Key-metric Badges

  • KBs Applicable: Number of Knowledge Base related issues discovered in the Systems configuration. The number of current issues found will be accompanied by an arrow representing the average of the last five scans. Its direction will indicate a trend factoring the current value and average historical values. The historical trending will also be displayed by a sparkline. In the All Systems view this is the number of Knowledge Base related issues discovered across all Systems connected.

  • Best Practice Adoption: The level of Best Practice adoption, based on all best practices enabled as part of the Best Practices view. The Best Practice percentage will be accompanied by an arrow representing the average of the last five scans. Its direction will indicate a trend factoring the current value and average historical values. The historical trending will also be displayed by a sparkline. In the All Systems view this is the level of Best Practice adoption across all Systems connected.

  • Security Compliance: The level of security compliance based on all security checks performed as part of the Security Hardening view. The compliance percentage will be accompanied by an arrow representing the average of the last five scans. Its direction will indicate a trend factoring the current value and average historical values. The historical trending will also be displayed by a sparkline. In the All Systems view this is the level of security compliance across all vCenters connected.

  • Vulnerabilities Detected: The number of Vulnerabilities related issues discovered, based on all vulnerabilities enabled as part of the Vulnerabilities view. The Vulnerabilities percentage will be accompanied by an arrow representing the average of the last five scans. Its direction will indicate a trend factoring the current value and average historical values. The historical trending will also be displayed by a sparkline. In the All Systems view this is the number of Vulnerabilities related issues discovered across all Systems connected.

  • HW Incompatible Hosts: The number of Incompatible Hosts from the hardware point of view (Server, I/O Devices, vSAN Controllers, vSAN Disks) against specific VMware software products in accordance with the references provided by VMware on the VMware Compatibility Guide site. In the All Systems view this is the number of HW Incompatible Hosts discovered across all Systems connected.

  • Log Issues: Number of Knowledge Base related issues discovered in logs. In the All Systems view this is the number of Knowledge Base related issues discovered across all Systems connected.

Issue history

The bar chart provides an overview of the issue count evolving over time.

If the Days view is selected, then each day will be represented by a bar along the x-axis. When hovering over a bar, it will display the number of issues (this is also shown for each severity, represented with the corresponding color) of the last scan during that day. Where no scans were performed during the day, the bar color will be less vivid and on hover the message No analysis on this day will be shown.

If the Weeks view is selected, then each week will be represented by a bar along the x-axis. When hovering over a bar, it will display the number of issues (this is also shown for each severity, represented with the corresponding color) calculated as an average for the entire week. Where no scans were performed during the entire week, the bar color will be less vivid and on hover the message No analysis on this week will be shown.

Hosts with Most Issues

A list displayed below the Issue History shows the hosts having the highest number of issues. The hosts included in the analysis will depend which vCenter(s) are selected in the Context. The issue count will be accompanied by corresponding severity icons.

My Systems / Analysis Detail

At the bottom of the Dashboard more detailed information concerning Systems scan results is available.

When All Systems is selected in the Context, a list of all Systems Runecast Analyzer is configured to scan will be shown. The number of issues found in Logs, KBs and also the percentage for Security Compliance and Best Practices Adoption are visible for each System row where applicable. Expanding any row will show further details about the checks performed and objects analyzed. The Analyze now button is also available in each row providing a quick way to trigger a scan for the selected System. If an AWS connection was established, you can reach its Dashboard by clicking on the Account ID.

When a single System is selected in the Context, a Dashboard widget is shown at the bottom entitled Analysis Detail. This will show further lower-level details for the System selected about the checks performed and objects analyzed.

Generate Report button

A PDF report will be generated reproducing the full dashboard overview (as displayed in the user interface). This provides a colorful and graphical management report that includes the standard badges and statistics showing the overall system health. Additionally, a list of the top 50 Issues is also included.

Inventory View

Browse through your virtual infrastructure objects hierarchically using the Inventory View feature located in the left side of the page. The number of detected issues is shown alongside inventory objects in the tree-view shown. Click on an object to open a detailed list of associated issues. The new list will display on top, apart from the object name, multiple filters to customize it but also a search box and an Export button. To see additional details, select any of the displayed issues by clicking on one of them. Another section will be revealed presenting information regarding findings, description, notes. Use the Ignore button if you want to filter out the current issue against the selected inventory object.

Info

In rare cases, due to permissions inconsistency, it may not be possible to place some analysis objects under their respective parent objects. In such cases, they can be found under the auto generated folder called Orphaned objects in the root of the system inventory tree.

All Issues View

This view combines all types of detected issues into a single chart and table. By default, the list of current issues (at the last scan) is displayed. This view can be customized by using filters and/or selecting previous scans.

At the top of the view, seven dropdown buttons (Severity, Profile, Products, Affects, Layer, Remediable, Customizable) provide the possibility to filter the data displayed. The list of filters applied is displayed directly on the dropdown button label. Filters are applied to the history chart and to the list of results. Two other features are found at the top-right. The Search bar gives the possibility to search for text in Title. The Export button provides the option to export the Result table in different formats (PDF or CSV). If selected, the option Includes Affected Objects with Findings will output each affected object together with low-level results for their specific findings.

The history chart is provided to visualize issue levels or objects number over the last ten scans. Use one of the two view types (Objects or Issues) to switch to the desired view. Each scan is represented by a bar, which will display additional information (date and hour of the scan and the number of issues found) when the user hovers over it.

Image Scanning

When at least one Kubernetes cluster is connected to Runecast Analyzer the Image Scanning option will appear in the menu. This functionality allows you to scan container images on-demand and also use it as a webhook for kubernetes admission controller configuration.

Supported image repositories

If an image is specified without a full URL to its location it will be pulled from https://hub.docker.com/ repository.

Other supported container image reposiories are:

  • Non-authenticated repositories
  • Custom CA signed repositories need to have the certificate trust added to the Runecast Analyzer appliance

Manual scan

Click on the Scan image button, provide a container image name and confirm your action with the Scan button in the dialog.

Tip

Optionally, select an admission policy that will be evaluated as part of the image scan. The policy evaluation result will appear in the main table and also in the scan details modal.

Select a scan from the main table to review the result details. The modal displays found vulnerabilities and also general image configuration.

Kubernetes integration

Runecast Analyzer provides an API endpoint which can be used as a webhook in a Kubernetes admission controller configuration:

https://<runecast-address>/rc2/api/v2/k8s-admission-policy-review/policy/{policyId}

where, the {policyId} is the ID of one of the predefined admission policies.

As any other endpoint in Runecast Analyzer, the request has to be authenticated. Make sure to generate an API Access token of access type Global Admin and configure the Kubernetes admission controller to use bearer token type of authentication for the webhook.

The response from the API endpoint will either allow or deny deployments based on the selected policy. Image scans triggered via kubernetes admissions controller are also visible in the Runecast Analyzer Image Scanning UI. They can be easily discovered based on the Trigger type column data.

To find out more on how to configure Runecast as a Kubernetes validating webhook including step-by-step guide, please see the Kubernetes Integration Examples chapter.

Public API

It's possible to trigger a scan of one or multiple images via the Runecast public API.

curl -X POST -H "Authorization: <your API token>" -H "Content-Type: application/json;charset=UTF-8" https://<appliance IP>/rc2/api/v2/images-scan-requests -d '{"imageNames": ["<image1>","<image2>"],"policyId": 1}'

Note

The policyId parameter in the payload is optional and if specified the scan result will be evaluated against the selected predefined admission policy.

The result of the above API request will look like the following:

{
    "imagesScanId": 454,
    "imageNames": [
        "<image1>",
        "<image2>"
    ],
    "policyId": 1,
    "scanResultCompliesWithPolicy": false
}
The information available in the response can already be used to make decisions if the endpoint, for example, is part of a deployment pipeline. Additionally, using the imagesScanId a further API call can be made to get the complete results:

curl -X GET -H "Authorization: <your API token>" -H "Content-Type: application/json;charset=UTF-8" https://<appliance IP>/rc2/api/v2/images-scans/{imagesScanId}

The response of the above API request will contain detailed information about the overall status and also for each image scanned.

Scans triggered via the public API will be visible in the UI as API trigger type.

Admission policies

Runecast Analyzer comes with a predefiend set of admission policies that can be used to evaluate the result of an image scan. They can be used as part of the manual image scan or via the webhook used in the kubernetes admission controller.