Skip to content

What is an Issue?

In Runecast, an Issue represents a discovered problematic combination of infrastructure values such as configuration settings, log patterns, software and hardware type and versions, etc. The discovered combination of values is considered problematic based on information from various sources including vulnerabilities, industry best practices and security compliance profiles.

Configuration issue

A configuration issue in Runecast has the following properties:

Property Description Issue type
Severity This grades the estimated criticality of the issue based on its general impact and importance. Depending on the specifics of your environment, it is possible that certain issues may have a different importance than the suggested severity. All issues
Profile Profile code, indicating to which knowledge profile the issue belongs to. All issues
Title A short description of the issue. All issues
Products Products supported by Runecast. Refer to the Supported Systems section for details about the supported systems. All issues
Affects The infrastructure quality the issue affects – Availability, Manageability, Performance, Recoverability, Security. All issues
Layer The infrastructure layer the issue affects – Compute, Network, Storage, VM, Management. All issues
Failing The number of infrastructure objects affected by this issue. All issues
Passing The number of applicable infrastructure objects not affected by this issue. All issues
Unanswered The number of applicable infrastructure objects for this issue awaiting manual answer. All issues
Unlicensed The number of applicable infrastructure objects for this issue which are unlicensed and no result is shown. All issues
Filtered The number of applicable infrastructure objects for this issue which are filtered out by the user. All issues
Issue ID Runecast ID of the issue. All issues
Impact Relative representation of the previous counts. Shows the overall portion of affected objects against the healthy ones. All issues
Result Shows the status of the issue: Failed, Passed, Filtered out, Not answered, Unlicensed All issues
Vulnerability ID The identification id set by Information Assurance Support Environment on their rules list. DISA STIG
Control ID The identification id set by Payment Card Industry Security Standards Council on their documentation list. PCI DSS
Milestone Milestones are defined in the PCI DSS standard to enable you to use the "Prioritized Approach" to prioritize higher risk issues. PCI DSS
Rule ID The identification id set by Health Insurance Portability and Accountability Act on their documentation list. HIPAA
Building Block The identification id set by Bundesamt fur Sicherheit in der Informationstechnik on their IT-Grundschutz documentation list. BSI IT-Grundschutz
Recommendation Section The identification id set by Center for Internet Security on their documentation list. CIS
Level The benchmark defines the identification id of the existing configuration profiles. CIS
Scored A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. CIS
Priority The recommended priority codes used for sequencing decisions during security control implementation. NIST
Controls The identification id set by National Institute of Standards and Technology on their documentation list. NIST
Category The area that customers need to strengthen to keep their private data safe. GDPR
Articles The identification id on the GDPR documentation. GDPR
Technical control theme The area that customers need to strengthen to keep their private data safe. Cyber Essentials
ISO controls The identification id set by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) on their documentation list. ISO 27001
TISAX controls The identification id set by TISAX is based on the standard ISO/IEC 27001. The controls themselves are formulated as questions. TISAX
Mitigation strategy The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about. Essential Eight

Once you expand a configuration issue in the Runecast interface, you can view additional properties:

Property Description
Issue Description A detailed description of the issue.
Analysis Findings Provides complete overview of the analyzed objects and their corresponding statuses. Please refer to the Analysis Findings section for details about this view.
Filter out Allows to filter out this issue for any infrastructure objects or system based on your selection.
Custom profiles Access to actions related to Custom Profiles
Reference A link to online resources further describing the issue.
Updated The date when the issue definition was last updated in the Runecast database.

Analysis Findings

The Analysis Findings tab in the issue details view shows information about the analyzed systems and all relevant objects for that issue. Each object can be in one of the following states:

  • Failed
    The objects in this state indicate that they are misconfigured in the context of the issue or a contributing factor to another object in Failed state
  • Passed
    The objects in this state don't have any findings in the context of the issue
  • Filtered out
    The objects in this state are in the scope of a user configured filter
  • Not answered
    The objects in this state are awaiting for a manual answer
  • Unlicensed
    The objects in this state are not licensed

You can use the filter above the systems list to select a specific state.

Log issue

A log related issue in Runecast has the following properties:

Note

Log issues are only applicable for VMware products

Property Description
Severity This grades the estimated criticality of the issue based on its general impact and importance. Depending on the specifics of your environment, it is possible that certain issues may have a different importance than the suggested severity.
Applies to The virtual infrastructure layer the issue affects – Compute, Network, Storage, VM, Management.
KB id ID of the VMware Knowledge Base article.
Products The applicable VMware products for this issue.
Objects The number of objects affected by this issue.
Last seen date The last date and time when the problematic log pattern was detected.
Description A short description of the issue.
Issue ID Runecast ID of the issue.