What is an Issue?
In Runecast, an Issue represents a discovered problematic combination of infrastructure values such as configuration settings, log patterns, software and hardware type and versions, etc. The discovered combination of values is considered problematic based on information from various sources including VMware Knowledge Base articles, official VMware Security Hardening Guide and industry Best Practices.
An issue in Runecast has several fields:
| Field | Description | Applicable to |
|---|---|---|
| Severity | This grades the estimated importance of the issue based on its general impact and importance. Depending on the specifics of your environment, it is possible that certain issues may have a different importance than the suggested severity. | |
| AppliesTo | The virtual infrastructure layer the issue affects – Compute, Network, Storage, VM, Management. | |
| Affects | The infrastructure quality the issue affects – Availability, Manageability, Performance, Recoverability, Security. | |
| Products | Products supported by Runecast:
|
|
| Objects | The number of objects (e.g. VMs, Hosts, Datastores, Instances, Buckets) affected by this issue. | |
| Title | A short description of the issue. | |
| Count | The number of problematic log pattern occurrences within the specified period of time. | Log KBs |
| Last seen date | The last date and time when the problematic log pattern was detected. | Log KBs |
| Result | Presents the status of security rule based on the findings results: Pass or Fail. | Best Practices or Security Compliance |
| Vulnerability ID | The identification id set by Information Assurance Support Environment on their rules list. | DISA STIG |
| Control ID | The identification id set by Payment Card Industry Security Standards Council on their documentation list. | PCI DSS |
| Milestone | Milestones are defined in the PCI DSS standard to enable you to use the "Prioritized Approach" to prioritize higher risk issues. | PCI DSS |
| Rule ID | The identification id set by Health Insurance Portability and Accountability Act on their documentation list. | HIPAA |
| Building Block | The identification id set by Bundesamt fur Sicherheit in der Informationstechnik on their IT-Grundschutz documentation list. | BSI IT-Grundschutz |
| Recommendation Section | The identification id set by Center for Internet Security on their documentation list. | CIS |
| Level | The benchmark defines the identification id of the existing configuration profiles. | CIS |
| Scored | A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. | CIS |
| Priority | The recommended priority codes used for sequencing decisions during security control implementation. | NIST |
| Controls | The identification id set by National Institute of Standards and Technology on their documentation list. | NIST |
| Category | The area that customers need to strengthen to keep their private data safe. | GDPR |
| Articles | The identification id on the GDPR documentation. | GDPR |
| Technical control theme | The area that customers need to strengthen to keep their private data safe. | Cyber Essentials |
| ISO controls | The identification id set by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) on their documentation list. | ISO 27001 |
| Mitigation strategy | The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversaries they are most concerned about. | Essential Eight |
Once you expand an issue in the Runecast interface, you can view additional fields:
| Field | Description |
|---|---|
| Issue ID | A unique identifier of each rule. |
| Source | The source describing the issue – Knowledge Base, Security Hardening Guide, Best Practice. |
| Reference | A link to online resources further describing the issue. |
| Date of last update | The date when the issue definition was last updated in the Runecast database. |
| Impact | The relative potential impact of the issue – 1 is low and 3 is high. |
| Importance | The importance of this issue – 1 is low and 3 is high. The issue importance depends on the infrastructure quality it relates to (Availability, Manageability, Performance, Recoverability, Security) and the infrastructure layer it impacts (Compute, Storage, Network, VM, Management). For example, if the issue is Security- or Availability-related and applies to the Compute layer then the Importance will be higher. If the issue impacts Manageability of individual VMs then the Importance will be lower. |
| Risk rating | The sum of Impact and Importance. |
| Findings | This is an important tab that shows the list of affected objects (e.g. VMs, Hosts, Datastores, Instances, Buckets). For each object, the settings that were found to be problematic or the log messages that need to be reviewed are displayed. Click on an object from the affected objects list on the left to see the list of findings listed on the right. The findings list displays the description and current value of each finding that needs to be reviewed. In case of log-related KBs, you can see the exact log messages associated with the described issue. |
| Note | Here you can add a note to any Knowledge Base article, Best Practice or Security Hardening check. The notes are not linked to the actual check (not to a detected issue) – so even if you have a Security Hardening check which is with Pass status, you can still add a note to it. |
| Ignore | You will be able to filter out the current KB/SH/BP against infrastructure objects based on your selection. |