Skip to content

What is an Issue?

In Runecast, an Issue represents a discovered problematic combination of infrastructure values such as configuration settings, log patterns, software and hardware type and versions, etc. The discovered combination of values is considered problematic based on information from various sources including VMware Knowledge Base articles, official VMware Security Hardening Guide and industry Best Practices.

An issue in Runecast has several fields:

Field Description Applicable to
Severity This grades the estimated importance of the issue based on its general impact and importance. Depending on the specifics of your environment, it is possible that certain issues may have a different importance than the suggested severity.
AppliesTo The virtual infrastructure layer the issue affects – Compute, Network, Storage, VM, Management.
Affects The infrastructure quality the issue affects – Availability, Manageability, Performance, Recoverability, Security.
Products Products supported by Runecast:
  • VMware - vSphere, NSX-V, NSX-T, vSAN, VMware Cloud Director, Horizon, SAP HANA, Pure Storage
  • AWS - EC2, IAM, S3, RDS, Redshift, VPC, CloudFront, Lambda, EFS, AWS Inspector, CloudTrail, EKS, AWS Health, AWS Config, CloudWatch, RDS, Redshift
  • Kubernetes
  • Azure - Azure AD, Storage Account, SQL Server, Postgres Server, MySQL Server, Key Vault, Subscription, Virtual Machine, Disk, AKS, App Services, Network Security Group, Network Watcher
Objects The number of objects (e.g. VMs, Hosts, Datastores, Instances, Buckets) affected by this issue.
Title A short description of the issue.
Count The number of problematic log pattern occurrences within the specified period of time. Log KBs
Last seen date The last date and time when the problematic log pattern was detected. Log KBs
Result Presents the status of security rule based on the findings results: Pass or Fail. Best Practices or Security Compliance
Vulnerability ID The identification id set by Information Assurance Support Environment on their rules list. DISA STIG
Control ID The identification id set by Payment Card Industry Security Standards Council on their documentation list. PCI DSS
Milestone Milestones are defined in the PCI DSS standard to enable you to use the "Prioritized Approach" to prioritize higher risk issues. PCI DSS
Rule ID The identification id set by Health Insurance Portability and Accountability Act on their documentation list. HIPAA
Building Block The identification id set by Bundesamt fur Sicherheit in der Informationstechnik on their IT-Grundschutz documentation list. BSI IT-Grundschutz
Recommendation Section The identification id set by Center for Internet Security on their documentation list. CIS
Level The benchmark defines the identification id of the existing configuration profiles. CIS
Scored A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. CIS
Priority The recommended priority codes used for sequencing decisions during security control implementation. NIST
Controls The identification id set by National Institute of Standards and Technology on their documentation list. NIST
Category The area that customers need to strengthen to keep their private data safe. GDPR
Articles The identification id on the GDPR documentation. GDPR
Technical control theme The area that customers need to strengthen to keep their private data safe. Cyber Essentials
ISO controls The identification id set by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) on their documentation list. ISO 27001
Mitigation strategy The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about. Essential Eight

Once you expand an issue in the Runecast interface, you can view additional fields:

Field Description
Issue ID A unique identifier of each rule.
Source The source describing the issue – Knowledge Base, Security Hardening Guide, Best Practice.
Reference A link to online resources further describing the issue.
Date of last update The date when the issue definition was last updated in the Runecast database.
Impact The relative potential impact of the issue – 1 is low and 3 is high.
Importance The importance of this issue – 1 is low and 3 is high. The issue importance depends on the infrastructure quality it relates to (Availability, Manageability, Performance, Recoverability, Security) and the infrastructure layer it impacts (Compute, Storage, Network, VM, Management). For example, if the issue is Security- or Availability-related and applies to the Compute layer then the Importance will be higher. If the issue impacts Manageability of individual VMs then the Importance will be lower.
Risk rating The sum of Impact and Importance.
Findings This is an important tab that shows the list of affected objects (e.g. VMs, Hosts, Datastores, Instances, Buckets). For each object, the settings that were found to be problematic or the log messages that need to be reviewed are displayed. Click on an object from the affected objects list on the left to see the list of findings listed on the right. The findings list displays the description and current value of each finding that needs to be reviewed. In case of log-related KBs, you can see the exact log messages associated with the described issue.
Note Here you can add a note to any Knowledge Base article, Best Practice or Security Hardening check. The notes are not linked to the actual check (not to a detected issue) – so even if you have a Security Hardening check which is with Pass status, you can still add a note to it.
Ignore You will be able to filter out the current KB/SH/BP against infrastructure objects based on your selection.