SecureAssist Enterprise Portal User Guide August 2016

Similar documents
SecureAssist Enterprise Portal User Guide June 2016

SecureAssist Enterprise Portal User Guide March 2016

SecureAssist Enterprise Portal User Guide April 2017

SecureAssist Enterprise Portal User Guide April 2017

SecureAssist Enterprise Portal User Guide June 2018

SecureAssist Eclipse Plugin User Guide December 2015

SecureAssist IntelliJ Plug-in User Guide June 2016

SecureAssist Rulepack Configurator v User Guide December 2015

SecureAssist Eclipse Plugin User Guide April 2018

Server Installation Guide

SmartPatch. Installation Manual Version 6.x

Release Date September 30, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60654, USA

INSTALL GUIDE BIOVIA INSIGHT 2016

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

APAR PO06620 Installation Instructions

Release Date April 9, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60654, USA

Release Date March 10, Adeptia Inc. 443 North Clark Ave, Suite 350 Chicago, IL 60610, USA Phone: (312)

FUSION REGISTRY COMMUNITY EDITION SETUP GUIDE VERSION 9. Setup Guide. This guide explains how to install and configure the Fusion Registry.

INSTALL GUIDE BIOVIA INSIGHT 2.6

DefendX Software Control-Audit for Hitachi Installation Guide

Contents Overview... 5 Upgrading Primavera Gateway... 7 Using Gateway Configuration Utilities... 9

Perceptive TransForm E-Forms Manager

QuickStart Guide for Managing Computers. Version

IBM Maximo Anywhere Version 7 Release 6. Planning, installation, and deployment IBM

Deploying Intellicus Portal on IBM WebSphere. Version: 7.3

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

MITEL. Live Content Suite. Mitel Live Content Suite Installation and Administrator Guide Release 1.1

QuickStart Guide for Managing Computers. Version 9.73

x10data Application Platform v7.1 Installation Guide

QuickStart Guide for Managing Computers. Version

Early Data Analyzer Web User Guide

QuickStart Guide for Managing Computers. Version 9.32

Oracle Database Express Edition

The Connector Version 2.0 Microsoft Project to Atlassian JIRA Connectivity

Primavera Unifier Installation and Setup Guide. Version /12

Arcot RiskFort Quick Installation Guide

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

Digipass Plug-In for SBR. SBR Plug-In SBR. Steel-Belted RADIUS. Installation G uide

Version Installation Guide. 1 Bocada Installation Guide

NTP Software Defendex (formerly known as NTP Software File Auditor) for NetApp

ER/Studio Enterprise Portal 1.1 Installation Guide

Oracle ILM Assistant Installation Guide Version 1.4

Deploying Intellicus Portal on IBM WebSphere

The Connector. Version 1.2 Microsoft Project to Atlassian JIRA Connectivity. User Manual

Silk Performance Manager Installation and Setup Help

HPE Security Fortify Plugins for Eclipse

Install and upgrade Qlik Sense. Qlik Sense 3.2 Copyright QlikTech International AB. All rights reserved.

2017/11/10 10:40 1/2 Setup. Be aware of the updating procedure of VISUAL PLANNING, see UPDATE VISUAL PLANNING

Product Documentation. ER/Studio Portal. Installation Guide. Version 1.5 Published October 8, 2009

NTP Software File Auditor for Hitachi

Artix Orchestration Installation Guide. Version 4.2, March 2007

AvePoint Online Services for Partners 2

Oracle Retail Customer Engagement Cloud Service (Relate) Installation Guide - Installer Release 11.4 E Revision 2

Kaseya 2. Installation guide. Version R8. English

Empirica Signal. Windows 2003/2008 Server Installation and Upgrade Instructions. Release January 2016

Live Data Connection to SAP Universes

McAfee epolicy Orchestrator Release Notes

Central Administration Console Installation and User's Guide

Ellucian Recruiter Integrating Recruiter with Banner. Recruiter Release 3.1 Banner Student Release September 27, 2013

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

About One Identity Quick Connect for Base Systems 2.4.0

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

ZL UA Exchange 2013 Archiving Configuration Guide

Desktop Installation Guide

Kony MobileFabric. Sync Windows Installation - Manual - WebSphere. On-Premises. Release 7.2. Document Relevance and Accuracy

Laserfiche Rio 10.3: Deployment Guide. White Paper

Perceptive Data Transfer

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

HR-Lite Database & Web Service Setup Guide

Remote Support 19.1 Web Rep Console

Oracle Cloud Getting Started with Remote Data Connector for Oracle Analytics Cloud

Testing and Restoring the Nasuni Filer in a Disaster Recovery Scenario

Arcot WebFort Quick Installation Guide

Bomgar Vault Server Installation Guide

Working with Database Connections. Version: 7.3

1Integrate for ArcGIS Installation Guide. Server Edition

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

akkadian Provisioning Manager Express

BLUEPRINT TEAM REPOSITORY. For Requirements Center & Requirements Center Test Definition

akkadian Global Directory 3.0 System Administration Guide

Configuring Shared Links for Web Access

IWeb. Installation Guide. v5.16.5

Using ZENworks with Novell Service Desk

DocAve. Release Notes. Governance Automation Service Pack 7. For Microsoft SharePoint

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

User Manual. (updated March 27, 2014) Information in this document is subject to change without notice.

IBM Maximo Anywhere Version 7 Release 6. Planning, installation, and deployment IBM

Rapid Recovery License Portal Version User Guide

Dell Statistica. Statistica Enterprise Server Installation Instructions

Desktop Installation Guide

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Chesar Frequently Asked Questions (FAQs) Part A - Technical questions. Chesar. Frequently Asked Questions (FAQs) Part A Technical questions

WebsitePanel User Guide

Management Console User Guide

Installation Guide Worksoft Certify

Log & Event Manager UPGRADE GUIDE. Version Last Updated: Thursday, May 25, 2017

Issued March FLY for Dropbox Installation and Configuration Guide

AvePoint Permissions Manager

Central Administration Console Installation and User's Guide

Transcription:

SecureAssist Enterprise Portal User Guide August 2016

Copyright 2016 by Codiscope, LLC. All rights reserved. No part or parts of this documentation may be reproduced, translated, stored in any electronic retrieval system, transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the copyright owner. Codiscope retains the exclusive title to all intellectual property rights relating to this documentation. The information in this documentation is subject to change without notice and should not be construed as a commitment by Codiscope. Codiscope makes no representations or warranties, express or implied, with respect to the documentation and shall not be liable for any damages, including any indirect, incidental, consequential damages (such as loss of profit, loss of use of assets, loss of business opportunity, loss of data, or claims for or on behalf of user s customers) that may be suffered by the user. Codiscope and the Codiscope logo are trademarks of Codiscope, LLC. Other brands and products are trademarks of their respective owner(s). Codiscope, LLC 20 Park Plaza, Suite 1400 Boston, MA 02116 Phone: + 1 (617) 804-5428 info@codiscope.com www.codiscope.com

Table of Contents SecureAssist Enterprise Portal Setup... 1 Installation... 1 Main and Reporting Databases... 1 Database Setup... 1 Initial Configuration... 10 Upgrade Instructions... 13 1 Log in to SecureAssist...19 Getting Started... 19 Portal Navigation... 19 2 Statistics...20 Project Statistics... 20 User Statistics... 23 Timeseries... 24 3 Reports...26 Project Reports... 26 User Reports... 31 4 Rulepacks...35 5 Manage...38 Portal Users... 38 Plugin User Groups... 39 Roles... 41 Account... 43 6 Settings...44 LDAP Configuration... 44 Feature Configuration... 45 Plugin Users... 47 7 More Support...48 Appendix A: Roles and Associated Permissions...49 Appendix B: Permission Descriptions...50 Appendix C: Audit Log...51 Appendix D: API Functionality...52 Authentication... 53 Generate Project Report... 55 Get Project List... 59 Number of Active Developers... 61 Number of Projects Scanned... 62 Number of Project Defects... 63 Top Number of Findings... 65 Most Viewed Guidance... 67

August 2016 Page 1 of 68 SecureAssist Enterprise Portal Setup The SecureAssist Enterprise Portal is a centralized portal that allows organizations to manage SecureAssist plugin licenses, rulepacks, and tool settings. It also provides centralized reporting on security vulnerabilities found by users and how those change over time. Installation This section describes the installation of the Codiscope SecureAssist Enterprise Portal and Codiscope SecureAssist Eclipse update site. The Portal and update site can be deployed on the same application server, or they can be deployed on separate servers. This document assumes that they are installed on the same server. Main and Reporting Databases Starting with SecureAssist Enterprise Portal v3.0, users now have the option to set up a separate, secondary database for reporting. This enables better Enterprise Portal performance for larger SecureAssist deployments. When the reporting database is configured, all scheduled and active reporting requests will execute against it. The main database will still handle registration, activation, rulepack requests, and so on. The use of a secondary reporting database is optional. If you choose to set up only one database for the SecureAssist Enterprise Portal, all reporting requests will be directed to the main database. Important! The following points are critical to implementing databases in the Portal. If the reporting database is configured, then replication MUST be set up between the main database and the reporting database in order for data to be consistent between them. If no replication is set up, the executed reports will not have any data in them. The main database and the reporting database MUST be set up in two separate locations/on two different hypervisors to ensure reporting requests do not influence the functionality and performance of main database hypervisor/server. Database Setup Configure Main Database Connection If the reporting database is configured, the replication between the main database and the reporting database MUST be set up prior to the database import into the main database. The following image displays the Database Connection screen.

August 2016 Page 2 of 68

August 2016 Page 3 of 68 Configure Database Database MySQL Oracle Instructions Configure MySQL Database and User 1. Run the mysql command from the command prompt as a MySQL super user: mysql -u root -p 2. Create an empty CSA Portal database schema. Replace portal_csa with a database name of your choice: CREATE DATABASE portal_csa; 3. Create CSA Portal database user: GRANT ALL PRIVILEGES ON portal_csa.* TO csauser @ localhost IDENTIFIED BY csauserpassword ; Optional: Replace portal_csa with the name of the database that you have created in the step above. Additionally, replace csauser and csauserpassword with the username and password of your choice. If the SecureAssist Enterprise Portal is not running on the same server as your MySQL database server, replace localhost with the hostname or IP address of the SecureAssist server. Running MySQL Database Import Script If a reporting database is set up, the replication between the main database and reporting database MUST be set up prior to database import in the main database. If you are using a Production Database ONLY, without a Reporting Database, please follow these steps. 1. Create CSA Portal database schema and import the database by running the following command from the command prompt as a MySQL super user. Production Database is portal_csa mysql -u root -p portal_csa < path_to/portal_csa_mysql.sql mysql -u root -p portal_csa < path_to/portal_csa_mysql_aggregation.sql Replace portal_csa with database schema created in step 2 above. Replace path_to with path to portal_csa_mysql.sql file. If you are using a Production Database WITH a Reporting Database, please follow the steps below. 1. Create CSA Portal database schema and import the database by running the following command from the command prompt as a MySQL super user. Production Database is portal_csa Reporting Database is portal_csa (same name as primary database but to be replicated to a different location) Production Database command: mysql -u root -p portal_csa < path_to/portal_csa_mysql.sql Reporting Database command: mysql -u root -p portal_csa < path_to/portal_csa_mysql_aggregation.sql Replace portal_csa with database schema created in step 2 above. Replace path_to with path to portal_csa_mysql.sql or portal_csa_mysql_aggregation file. Configure Database and User (Oracle 12c Only) If operations and reporting are on different databases, then repeat this process on both databases. 1. Open sqlplus `sqlplus / as sysdba` and run the rest of these steps from there. (If you would like to use a different schema identifier than portal_csa, replace portal_csa with your custom schema name in the database scripts as well as in the commands below.) 2. CONNECT system/manager AS sysdba;

August 2016 Page 4 of 68 Database Instructions 2. ALTER SESSION SET "_oracle_script"=true 3. CREATE USER portal_csa IDENTIFIED BY Passw0rd DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP; 4. GRANT CREATE SESSION, RESOURCE, CREATE VIEW, CREATE MATERIALIZED VIEW, CREATE SYNONYM TO portal_csa; 5. ALTER USER portal_csa2 QUOTA UNLIMITED ON USERS; Configure Database and User (all versions EXCEPT Oracle 12c) 1. To modify database name, user, and password (password change is required), modify the Oracle specific SQL script located at <CSA_Portal_Package>/DatabaseScripts/portal_csa_oracle.sql. (Please make sure to modify this script with desired username and password prior to running the database import process.) 1. In order to modify credentials of user that will be used to connect to CSA Portal database, modify following line in the SQL Script: CREATE USER portal_csa IDENTIFIED BY Passw0rd DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP; Optional: Replace portal_csa and Passw0rd with username and password of your choice. Make sure to update all following lines with updated information: connect portal_csa/passw0rd; Running SQL Database Import Script 1. Log in to SQL*Plus as sysdba using following command: sqlplus /as sysdba 2. To log output of SQL script execution, turn on spool: spool /<path>/<to>/log.txt ; 3. Execute SQL script: @/<path>/<to>/portal_csa_oracle.sql 4. Turn off spool: spool off; 5. Exit from SQL*Plus: exit; 6. Review log file with SQL script execution output to validate that there are no errors.

August 2016 Page 5 of 68 Configure Reporting Database Connection SecureAssist Enterprise Portal currently officially supports MySQL replication ONLY. For MySQL Database Server replication documentation, please refer to these sites: MySQL 5.6: http://dev.mysql.com/doc/refman/5.6/en/replication.html MySQL 5.7: http://dev.mysql.com/doc/refman/5.7/en/replication.html Database replication is needed for the reporting database to work properly. Replication MUST be set up prior to database connection setup. Database import needs to occur into the Production Database and into Reporting Database prior to Enterprise Portal database setup. Configure Secure HTTP SecureAssist Enterprise Portal supports HTTP and Secure HTTP (HTTPS). Codiscope strongly recommends using HTTPS. For information on configuring the Apache Tomcat web server to use HTTPS, refer to your web server s documentation. Prior to installation or upgrading, Codiscope recommends configuring a minimum heap size of 1 GB. Deploy SecureAssist Portal These instructions are for an Apache Tomcat application server that sets the minimum and maximum heap size to 1024 MB. Increase Tomcat Heap Size for a Command-Line Tomcat Instance 1. Create a file named "setenv.bat" or "setenv.sh" in the %CATALINA_HOME/bin folder and set the CATALINA_OPTS to the memory settings. a. On Windows: "set CATALINA_OPTS='-Xms1024 Xmx1024m -Xss1024k -XX:PermSize=256m -XX:MaxPermSize=512m - XX:+UseConcMarkSweepGC - XX:+CMSClassUnloadingEnabled'" b. On Linux: "export CATALINA_OPTS='-Xms1024m Xmx1024m -Xss1024k -XX:PermSize=256m - XX:MaxPermSize=512m -XX:+UseConcMarkSweep GC - XX:+CMSClassUnloadingEnabled'" Increase Tomcat Heap Size for a Windows Service Tomcat Instance 1. Execute Tomcat<version#>w.exe in the %CATALINA_HOME%\bin\ directory and enter 1024 in the Initial memory pool and Maximum memory pool fields.

August 2016 Page 6 of 68 Deploy Using Tomcat Manager If your instance of Tomcat is running in the Tomcat Web Application Manager, you can use its browser interface to deploy the Portal. 1. In %CATALINA_HOME%/conf/tomcat_users.xml, create a role named manager-gui and assign a user to this role. Afterwards, restart your Tomcat instance. <tomcat-users><role rolename= manager-gui /><user username= USERNAME password= PASSWORD roles= manager-gui /></tomcat-users> 2. In your internet browser, navigate to the Tomcat home page (by default located at http://apache_tomcat_hostname:8080/). 3. Click on the Manager App link. You will be asked to enter your username and password (from step 1, above). 4. Enter your username and password. The Web Application Manager page will load.

August 2016 Page 7 of 68 5. Navigate to the WAR file to deploy section and click Browse. 6. Select the CSA Portal web application WAR file, click Open, then click Deploy. After Tomcat has finished deploying the Portal, it is listed in the Applications section and ready to use.

August 2016 Page 8 of 68 Deploy on a Running Tomcat Server To deploy the SecureAssist Enterprise Portal on a running Tomcat server, follow these steps. 1. Set the autodeployattribute to true in your server.xml file inside Tomcat s /conf/ directory. The host will deploy the web application when the WAR file is copied to the deployment directory. The default deployment directory is %CATALINA_HOME%/webapps. 2. To deploy the Portal, copy CSA_Server.warfile to %CATALINA_HOME%/webapps. 3. After Tomcat has finished deploying the Enterprise Portal, create the CSA_Server directory under %CATALINA_HOME%/webapps. Deploy Using WebSphere To deploy the SecureAssist Enterprise Portal on a WebSphere (8.5.X) application server, follow these instructions. (Prior to the application deployment, we recommend setting the heap space to at least 1 GB.) 1. Increase Heap Space. a. Start the WebSphere Application Server administrative console. b. Navigate to Servers > Application servers > server1 > Java and Process Management > Process Definition > Java Virtual Machine. c. Set the initial and maximum heap sizes to at least 1024 MB. d. Click Apply. e. Click OK. f. Click Save Save directly to the master configuration. g. Restart WebSphere. 2. Deploy SecureAssist Enterprise Portal EAR File. a. Start the WebSphere Application Server administrative console. b. On the navigation menu on the left side of the screen, select Global Deployment Settings from the Applications section. c. Check the Monitor directory to automatically deploy applications checkbox. d. Click Apply. e. Click Save "Save directly to the master configuration." f. Restart WebSphere. g. After WebSphere restarts, copy the EAR file to WebSphere/AppServer/ profiles/appsrv04/monitoreddeployab leapps/servers/server1. h. After several minutes, start the WebSphere Application Server administrative console. i. To verify the application has been deployed and is running, select Applications > Applications Types > WebSphere enterprise applications from the navigation menu. j. Navigate to http://<server>:<port>/csa_server/ (e.g. http://localhost:9080/csa_server/).

August 2016 Page 9 of 68 3. Optional. Import SSL certificate to support Secure LDAP. a. Start the WebSphere Application Server administrative console. b. On the navigation menu on the left side of the screen, select SSL certificate and key management from the Security section. c. In the Related Items section, click Key stores and certificates. d. Select NodeDefaultKeyStore and in the Additional Properties section click Signer Certificates. e. In the Signer Certificate table, click Retrieve from Port. f. Provide you LDAPS server host name, port, and alias for the key, then click Retrieve signer information. g. Click OK. h. Click Save "Save directly to the master configuration." i. Navigate back to Key stores and certificates and repeat steps (d) through (h) for NodeDefaultTrustStore. j. Restart Websphere. Install MySQL Database Connector The MySQL Connector/J (official JDBC driver for MySQL database) is required to connect the SecureAssist Enterprise Portal to a MySQL database. This step is not necessary when using an Oracle database. To install the MySQL connector, follow these steps. 1. Navigate to http://dev.mysql.com/downloads/connector/j/ and download MySQL Connector/J. 2. Extract mysql-connector-java-5.x.x-bin.jar file from the archive downloaded in previous step and copy it into the /CSA_Server/WEB- INF/lib directory. Deploy Codiscope SecureAssist Eclipse Update Site To deploy the SecureAssist Eclipse update site local to the portal, simply copy the /update folder that came with the Portal and place it right next to your CSA_Server folder. To deploy it to a server remote to the Enterprise Portal, simply ensure the update directory is accessible via HTTP or HTTPS. To configure the portal to display the update site URL, modify the value of the eclipseupdateurl to the update site URL and the value of the eclipseupdatetext to how you would like the link to be displayed. This should be done in the index.jsp and login.jsp files in the WEB_INF/jsp/includes directory of your SecureAssist deployment. The server will need to be restarted for the change to take effect. Important! When deploying the update site local to the portal, place the /update folder next to the CSA_Server directory, NOT inside it.

August 2016 Page 10 of 68 Initial Configuration Configure Logging The Log4j configuration file is stored at /CSA_Server/WEBINF/classes/log4j.xml file. You can edit this file to make it suitable for the deployment environment. In the log4j.xml there are two configurable log4j appenders that can be customized by the portal administrator: Appender file : A general purpose log. By default appends to CSA_PORTAL.log. Appender audit : A log for auditing portal user activity. By default appends to CSA_PORTAL_AUDIT.csv. (See Appendix C for details.) For more information about configuring log4j, refer to the log4j documentation. Note: Any changes made to the logging configuration file will take effect only after restarting the Tomcat Application Server or WebSphere Application Server.

August 2016 Page 11 of 68 Initial Configuration After the successful deployment of the SecureAssist Enterprise Portal, open your browser and navigate to http://<host>:<port>/csa_server to finish the configuration of the portal. The following table describes the items you will need to configure. Item License Terms Product License Database Setup Description Read terms and conditions and click I Agree to continue. The SecureAssist Enterprise Portal license is tied to a specific server and can be used only on that single server. If re-hosting is needed, please contact Codiscope support at support@codiscope.com The server license will be sent to you as a part of the SecureAssist fulfillment email. After receiving the server license file, click Browse and select server license file, then click Upload on the license activation/upload screen during the Enterprise Portal setup. Before setting up the database connection, you must set up the database schema and create a database user as described in the Configure Database section above. Complete all fields and click Save. Examples: Database Type: MySQL Production Database Server: jdbc:mysql://<db_server>:3306 Database/Schema Name: portal_csa Database User: csauser Reporting Database (optional) Server: jdbc:mysql://<db_server>:3306 Database/Schema Name: portal_csa Database User: csauser Database Type: Oracle Server: jdbc:oracle:thin:@<db_server>:1521:orcl Database/Schema Name: portal_csa Database User: portal_csa Administrator Account Setup In the last step of the initial configuration, the administrator account must be created. Select either LDAP User or Local User in Administrator Type and then complete the appropriate fields: Local User. Enter Username, Password, and Password Confirmation, then click Save. LDAP User. Enter Authentication & Security settings, Server settings, LDAP Login settings, and administrator credentials (Username, Password, and Password Confirmation), then click Save. You can initially set up a local user account and configure an LDAP connection of your portal later on. After LDAP is set up, you can disable your original local user account. Upon successful initial configuration, you will be redirected to the Index page and will be able to log in using the administrator credentials you created.

August 2016 Page 12 of 68 Configure Link on Index Page The Index page contains a section with the link to the location from where the SecureAssist Eclipse IDE plugin can be installed or updated. Additionally, you can have separate links for IntelliJ and Visual Studio, but this is not required. In order to configure the link, navigate to /CSA_Server/WEB-INF/jsp/includes/. Open file index.jsp and edit the following line so that the value equals the correct URL from which the plugin can be installed. If you do not want the link to be displayed, leave the value as empty.

August 2016 Page 13 of 68 Upgrade Instructions This section contains the instructions for upgrading the SecureAssist Enterprise Portal from your current version to the latest one. Please take a look at the following sections for database and server upgrade instructions. Both the application server and database components must be upgraded for proper Portal function. Note: In order to upgrade to SecureAssist 2.4 or 2.4.1 from any previous version, you must be re-issued a new Enterprise Portal license. Please reach out to support@codiscope.com for a new license for SecureAssist 2.4 or 2.4.1. If you are performing an upgrade from version 2.5 to a later version, you can simply use the License.jar file that was provided to you with the installation of SecureAssist 2.5 or later. Application Upgrade Follow these instructions to upgrade the Portal. Important! It is critical to stop your Apache Tomcat or WebSphere Application Server prior to your database upgrade. Note: If you have modified any configuration (for example, the hibernate.cfg files) in order to resolve bugs, you must make these same modifications in the upgrade deployment. Note: SecureAssist 3.0 has made additions to the cron.properties file located in %CATALINA_HOME%/webapps/CSA_Server/WEB-INF directory. If you have made changes to your cron.properties file and plan to use it after upgrading it, you will need to include these changes into your restored cron.properties file. The additions to be included are: com.cigital.csa.cron.aggregate.enable=true com.cigital.csa.cron.aggregate.interval=24 com.cigital.csa.cron.aggregate.hour=0 com.cigital.csa.cron.aggregate.minute=0 com.cigital.csa.cron.aggregate.second=0 Tomcat Application Server 1. Stop Apache Tomcat. 2. Create backup directory. 3. Backup following directories/files: a. Copy following directories and files to backup folder: - %CATALINA_HOME%/webapps/CSA_Server/key-file - %CATALINA_HOME%/webapps/CSA_Server/stats - %CATALINA_HOME%/webapps/CSA_Server/rulepacks - %CATALINA_HOME%/webapps/CSA_Server/WEB- INF/lib/mysql-connector-java-5.x.x.jar b. Copy following files from %CATALINA_HOME%/webapps/CSA_Server/WEB-INF/ folder to backup folder: - cron.properties

August 2016 Page 14 of 68 - db.properties - <company_name>-secureassist-prikey.der - SecureAssist.license - classes/log4j.xml (optional, see step 9c ) 4. Delete CSA_Server.war file from %CATALINA_HOME%/webapps folder. 5. Delete %CATALINA_HOME%/webapps/CSA_Server folder. 6. Copy new CSA_Server.war file to %CATALINA_HOME%/webapps folder for server deployment, or deploy.war file from Tomcat Manager. 7. Upgrade database by following instructions in the Database Upgrade section below. 8. Start Apache Tomcat. 9. Restore the following directories/files. a. Copy following directories to %CATALINA_HOME%/webapps/CSA_Server: - <backup>/key-file - <backup>/stats - <backup>/rulepacks b. Copy following files to %CATALINA_HOME%/webapps/CSA_Server/WEB-INF: - <backup>/cron.properties (please see note at the beginning of the section regarding additions to this file) - <backup>/db.properties - <backup>/<company>-secureassist-prikey.der - <backup>/secureassist.license c. Copy file <backup>/log4j.xml to %CATALINA_HOME%/webapps/CSA_Server/WEBINF/ classes. Note: If you are upgrading from a version prior to 2.3, the Log4j configuration file in release 2.3 contains additional loggers to improve logging configuration. We recommend configuring new log4j.xml instead of replacing it with the previous version of the file. 10. Ensure that all directories and files copied from the backup folder are readable and writable by a user running Tomcat (e.g., chown tomcat:tomcat path/to/file). 11. Copy MySQL Connector (mysql-connector-java-5.x.x.jar) to %CATALINA_HOME%/webapps/CSA_Server/WEB-INF/lib/. Note: If you are not using MySQL, you do not need to obtain a copy and install it. 12. Remove Apache Tomcat work cache (e.g., /var/cache/tomcat6/work/catalina/localhost/csa_server/*, <tomcat>/work/catalina/localhost/csa_server/*). 13. Restart Apache Tomcat. Websphere Application Server 1. Stop WebSphere Application Server (WAS). 2. Create backup directory. 3. Backup following directories/files: a. Copy following directories and files to backup folder: - /CSA_Server/key-file - /CSA_Server/stats - /CSA_Server/rulepacks - /CSA_Server/WEB-INF/lib/mysql-connector-java-5.x.x.jar b. Copy following files from /CSA_Server/WEB-INF/ folder to backup folder:

August 2016 Page 15 of 68 - cron.properties - db.properties - <company_name>-secureassist-prikey.der - SecureAssist.license - classes/log4j.xml (optional, see step 9c) 4. Delete CSA_Server.EAR file from WAS Server1 folder. 5. Delete CSA_Server folder. 6. Copy new CSA_Server.EAR file to WAS Server1 folder for server deployment. 7. Upgrade database by following instructions in the Database Upgrade section below. 8. Start WebSphere Application Server (WAS); New CSA_Server.EAR file is deployed on restart. 9. Restore the following directories/files. a. Copy following directories to /CSA_Server: - <backup>/key-file - <backup>/stats - <backup>/rulepacks b. Copy following files to /CSA_Server/WEB-INF: - <backup>/cron.properties (please see note at the beginning of the section regarding additions to this file) - <backup>/db.properties - <backup>/<company>-secureassist-prikey.der - <backup>/secureassist.license c. Copy file <backup>/log4j.xml to /CSA_Server/WEBINF/ classes. Note: If you are upgrading from a version prior to 2.3, the Log4j configuration file in release 2.3 contains additional loggers to improve logging configuration. We recommend configuring new log4j.xml instead of replacing it with the previous version of the file. 10. Copy MySQL Connector (mysql-connector-java-5.x.x.jar) to /CSA_Server/WEB-INF/lib/. Note: If you are not using MySQL, you do not need to obtain a copy and install it. 11. Restart WebSphere Application Server (WAS). Database Upgrade Depending on your current version of SecureAssist Portal, a few upgrade scripts may need to be run. SecureAssist Enterprise Portal supports the following upgrade paths (upgrade scripts can be found at the Enterprise Portal archive/databasescript/upgrade/). Note: The aggregation scripts should be run on the reporting database, whereas other scripts should be run on the operational database. If your SecureAssist instance has operations and reporting on the same database, install both on the same instance. Important! If configuring a secondary reporting database, don t forget to configure replication prior to database configuration. Versions Upgrade Paths 3.0.1 to 3.0.3 3.0.1_to_3.0.2 '3.0.2_to_3.0.3'

August 2016 Page 16 of 68 Versions Upgrade Paths 3.0 to 3.0.3 Run these scripts in the following order: 3.0_to_3.0.1 3.0.1_to_3.0.2 '3.0.2_to_3.0.3' 2.5.1 to 3.0.3 Run these scripts in the following order: 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.5.0 to 3.0.3 Run these scripts in the following order: 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.4.1 to 3.0.3 Run these scripts in the following order: 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.4.0 to 3.0.3 Run these scripts in the following order: 2.4.0_to_2.4.1 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.3.7, 2.3.8 or 2.3.9 to 3.0.3 Run these scripts in the following order: 2.3.7_to_2.4.0 2.4.0_to_2.4.1 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.3.6 to 3.0.3 Run these scripts in the following order: 2.3.6_to_2.3.7 2.3.7_to_2.4.0 2.4.0_to_2.4.1 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3'

August 2016 Page 17 of 68 Versions Upgrade Paths 2.3.1 to 3.0.3 Run these scripts in the following order: 2.3.1_to_2.3.6 2.3.6 to 2.3.7 2.3.7_to_2.4.0 2.4.0_to_2.4.1 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.3 to 3.0.3 Run these scripts in the following order: 2.3_to_2.3.1 2.3.1_to 2.3.6 2.3.6_to_2.3.7 2.3.7_to_2.4.0 2.4.0_to_2.4.1 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 2.2 to 3.0.3 Run these scripts in the following order: 2.2_to_2.3.1, 2.3.1_to_2.3.6 2.3.6_to_2.3.7 2.3.7_to_2.4.0 2.4.0_to_2.4.1 2.4.1_to_2.5.1 2.5.1_to_3.0.1 3.0.1_to_3.0.2 Skip the aggregation upgrade script. `portal_csa_[db]_aggregation.sql`, where [db] is either mysql or oracle, depending on your database software. '3.0.2_to_3.0.3' 3.0.2 to 3.0.3 '3.0.2_to_3.0.3'

August 2016 Page 18 of 68 Follow these instructions to upgrade the database. Database MySQL Oracle Instructions If you are upgrading from any version prior to 3.0, you only have a single Production Database without replication. If you are using a Production Database ONLY, without a Reporting Database, please follow the steps below. 1. Run the following commands for database upgrade. Production Database is portal_csa mysql -u root -p portal_csa < path_to/upgrade/{from_to_versions}/mysql_upgrade_{version}_to_{version }.sql mysql -u root -p portal_csa < /portal_csa_mysql_aggregation.sql If you are using or would like to upgrade to Production Database WITH a Reporting Database, please follow the steps below. 1. Run the following commands for database upgrade. Production Database is portal_csa Reporting Database is portal_csa (replicated in the different location) Production Database command: mysql -u root -p portal_csa < path_to/upgrade/{from_to_versions}/mysql_upgrade_{version}_to_{version }.sql Reporting Database command: mysql -u root -p portal_csa < /portal_csa_mysql_aggregation.sql Configure Database and User 1. To modify database name, user, and password (password change is required), modify the Oracle specific SQL script located in <CSA_Portal_Package>/DatabaseScripts/portal_csa_oracle.sql. (Please make sure to modify this script with desired username and password prior to running the database import process.) 2. In order to modify credentials of user that will be used to connect to CSA Portal database, modify following line in the SQL Script: CREATE USER portal_csa IDENTIFIED BY Passw0rd DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP; Optional: Replace portal_csa and Passw0rd with username and password of your choice. Make sure to update all following lines with updated information: connect portal_csa/passw0rd; Running SQL Database Import Script 1. Log in to SQL*Plus as sysdba using following command: sqlplus /as sysdba 2. To log output of SQL script execution, turn on spool: spool /<path>/<to>/log.txt ; 3. Execute SQL scripts: @/<path>/<to>/oracle_upgrade_{version}_to_{version}.sql and @/<path>/<to>/portal_csa_oraclel_aggregation.sql 4. Turn off spool: spool off; 5. Exit from SQL*Plus: exit; 6. Review log file with SQL script execution output to validate that there are no errors.

August 2016 Page 19 of 68 1 Log in to SecureAssist Enter your username and password on SecureAssist s login screen at http://<host>:<port>/csa_server. (The administrative user account was configured in the last step of the Enterprise Server setup and configuration.) Getting Started When you first log onto the Portal, it opens on the Get Started screen by default. The screen displays these features. Feature Learn how it works Install the SecureAssist Plugin Activate Description Provides a link to the SecureAssist Support screen and its related documentation. Provides links for the download of Eclipse, Visual Studio, and IntelliJ plugins. Provides direction for activating your SecureAssist plugin license. Portal Navigation The navigation menu on the left side of the application allows you to access any of the SecureAssist functional areas at any time. Those functional areas are: Statistics An instant-reporting function that displays the number and types of issues identified and reviewed, guidance searched, and history of vulnerabilities remediated by project or by individual user. Reports Allows administrators to produce various predefined reports for projects or for groups of users. Rulepacks Lists the various rulepacks loaded in the Portal for distribution to the licensed SecureAssist clients. Manage Contains screens for administering users, groups, roles, and your personal account. Settings Contains various settings for configuring the application and viewing license agreements. Get Started The homepage. The following chapters will describe the functionality of the SecureAssist Enterprise Portal in more detail.

August 2016 Page 20 of 68 2 Statistics Statistics covering plugin functionality and user activity are periodically sent to the Portal. This information is stored on the Portal server in a database, and there are numerous pre-defined charts and graphs that can be viewed and exported. Project Statistics The Project Statistics screen allows you to instantly view statistical information by project. Run Statistics for a Selected Project 1. Navigate to the Project Statistics window. The Select a Project flyout will automatically open. (To manually open the flyout, click the Select a Project button.) 2. Locate a project by either scrolling though the list of projects AND/OR Typing text into the search box to filter the selection AND/OR Clicking the filter icon to filter choices by Java,.Net, or PHP. 3. Click Select next to the desired project. The dialog closes, and the Project Statistics Options window populates with default information. The following table describes the selection criteria on the Project Statistics Options window.

August 2016 Page 21 of 68 Field/Feature Project File Date Range Description Displays the currently selected project for which statistics will be provided. To select a different project, click Change. Displays the currently selected files in the project (by default, All Files). To change the file selection, click Change. Displays the selected range of dates for which statistics will be provided (defaults to the current date). To update, click in the date boxes to select a new start and/or end date. Type Sort by Show Chart Download CSV Choose one of the following three types of statistics: Top Findings The ten most frequent findings for the selected project. File Scan Allows you to choose an individual file in a project for which you wish to see statistics. (When selected, Sort by no longer is an option.) Suppression Displays issues suppressed by end users, per project and per project file. Choose to sort results by one of the following: Category Category of rules that were triggered/fired. Title Name of specific rule. Click this button to display a chart based on the selected criteria. Once a chart is displayed, click this button to save the data to a CSV file. 4. From the Project Statistics Options window, make your criteria selections.

August 2016 Page 22 of 68 5. Click Show Chart. SecureAssist displays a chart based on your selections. 6. If desired, filter the report results by user: a. In the Filters pane, click on one or more users to highlight them. b. Click Update. The report updates to display data for the selected users only. Note: For the file scan statistic, data is shown only for a single a user. 7. If desired, click Download CSV to save the data to a CSV file.

August 2016 Page 23 of 68 User Statistics The User Statistics screen allows you to view statistics information for a single user. When you access this screen, you will see a list of all your plugin users (the list is populated by your client licenses). Find a User 1. To quickly find a user in the user list, enter text into the Find a User box. The list will automatically filter to show only those user names that contain the text. Run Statistics for a Single User 1. Locate the name of the desired user in the list, then click the Get Statistics button next to it. The User Statistics Options window displays default information. The following table describes the selection criteria on this window. Field/Feature User Date Range Type Sort by (available only when Top Findings or Issues Suppressed is selected) Select a Project (available only when Issues Reviewed or Issues Suppressed is selected) Description Displays the currently selected user for which statistics will be provided. To select a different user, click Change. Displays the selected range of dates for which statistics will be provided (defaults to the current date). To update, click in the date boxes to select a new start and/or end date. Choose one of the following types of statistics: User Session Displays the user s distinct sessions on a timeline. Hovering over a start or end point will display a timestamp. Scanned File Types Pie chart that displays scanned files by type. Searched Guidance Chart displays the guidance categories and the number of times each was searched by the user in a given timespan. Also indicates the rulepack in which the guidance was found. Top Findings The ten most-frequent findings for the selected user. Issues Reviewed Chart shows the number of issues found and reviewed by the user. Requires the selection of a project. Issues Suppressed Displays issues suppressed by the user for a given timespan, project, and file. Requires the selection of a project. Choose to sort results by one of the following: Category Category of rules that were triggered/fired. Title Name of specific rule. Click this button to select a project.

August 2016 Page 24 of 68 Field/Feature Show Chart Download CSV Description Click this button to display the statistics based on the selected criteria. Click this button to save the data to a CSV file. 2. From the User Statistics Options window, make your criteria selections. 3. Click Show Chart. SecureAssist displays a chart based on your selections. 4. If desired, click Download CSV to save the data to a CSV file. Timeseries The Timeseries screen allows you to view graphs of defect/issue data for a selected date range and selected projects. The Issues bar graph presents the number of issues and their severity for selected projects during a specific time period. Below the Issues graph, the Issue Density line graph displays both the total number of issues (in orange) and the number of lines of code (LOC, in blue) over time.

August 2016 Page 25 of 68 Run the Issues and Issue Density Graphs 1. Navigate to the Timeseries window. 2. In the Date Range fields, enter the beginning and end dates for the desired time period. 3. In the Project Name or Meta field, enter the desired project or metadata in the text box. Important! You must enter the complete, correct project or metadata name. 4. Click Search. The Issues and Issue Density graphs display on screen.

August 2016 Page 26 of 68 3 Reports There are two types of reports: Project and User. Several reports can be generated for each type. Project Reports Project reports are reports you create for one or more selected projects. When you add a report, the application generates a ZIP archive containing the various report types you ve selected in the New Report flyout. When you navigate to the Project Reports screen, you will see a list of report packages that have already run. This will be blank the first time you access the screen. From this screen you will be able to run a new report from scratch, view the details of previously run report packages, and rerun and download previously run report packages. Find a Report 1. To quickly find a report in the report list, enter text into the Find a Report box. The list will automatically filter to show only those reports whose names contain the text. View Details of Previously Run Report 1. To view the project associated with a report, click under the Projects column in that report s row. The Filters flyover opens on the right, displaying the project names selected or the metadata used to select the project. 2. To view all other details about a report, click anywhere in the report s row EXCEPT the Projects column. A flyout opens that displays the Report Name, Date Range, Report Types, Start Time and End Time when the report was run, Duration of the report run, and Status.

August 2016 Page 27 of 68 Add a New Report To run a report, you must select a report type, then select the projects you wish to report on. 1. On the Project Report screen, click Add Report. The New Report flyout opens. 2. In Name, enter a title for the report. This is how the report results will be listed on the Project Report screen. 3. In Date Range, select one of the following options: 7 Days, 30 Days, or All. 4. Under Report Types, select one or more report types. Types of Project Reports Portfolio Summary Report Project Report Project Defect Report Global Defect Report Description Lists unique defects per project, number of files scanned, and lines of code based on the most recent project/solution scan date. Lists all files scanned as a part of project/solution review including most recent scan date, defect counts, lines of code, and developer who performed the last scan. Lists all rules that triggered during last project/solution review per project. Lists all rules that triggered across all files. 5. Click Next. (Next will only be available when you ve entered a name AND selected at least one report type.) The Filters flyout appears, with the title of your report name at the top. You will use this flyout to filter the projects you wish to report on by either Project Name or Metadata. Click on each section title to display the associated fields. Note: Metadata is configured in and reported from the SecureAssist plugin. Please see SecureAssist plugin documentation for more information. 6. On the Filters flyout, select the projects you wish to report on by either: In the Project Name section, select one or more projects by clicking the Add button next to each OR click Add All to select them all. OR In the Metadata section, specify metadata values to select projects. When more than one key-value pair is specified, the filter will search for projects that meet all key-value pairs. a. In Key, enter the desired field you wish to use to filter. b. In Value, enter the desired filter value. c. Click Add. The filter criteria will be added to a list below the Add feature.

August 2016 Page 28 of 68 d. Add more criteria as desired. 7. Click Save. The Filter flyout closes and you are returned to the Project Reports screen. Your new report should be listed at the top of the screen, with its status as Scheduled. The status will toggle to Complete when the report is generated (generation time varies with the size of the report). Download a Report 1. From the Project Reports screen, click anywhere in the row of the desired report EXCEPT the Projects column. A flyout opens with a list of report details and several action buttons. 2. Scroll to the bottom of the flyout and click Download Report. A ZIP file of the report results is automatically saved to your Downloads folder. 3. Open the ZIP file. A separate CSV file is displayed for each report type you selected. Note: The downloaded ZIP files will be named ProjectReports with an appended run date, and CSV files will be named by report type. The name you entered under Report Name appears ONLY on the Project Reports screen. Re-Run a Report There are times you may want to run a report identical to one you ve previously run. Re-Run Report allows you to do this.

August 2016 Page 29 of 68 1. From the Project Reports screen, click anywhere in the row of the desired report EXCEPT the Projects column. A flyout opens with a list of report details and several action buttons. 2. Scroll to the bottom of the flyout and click Re-Run Report. The Filter flyout closes and you are returned to the Project Reports screen. The rerun report should be listed at the top of the screen, with its status as Scheduled. The status will toggle to Complete when the report is generated. Note: The re-run report will have the identical name as the original run of the report; in other words, you will have two items with the same name in the Project Reports list. Copy to New Report The Copy to New Report function is essentially a save as feature: when you copy to new report, you create a new report using the selections of a previously created report as the default selections. You can then edit those selections before saving the new report, or just create a new report name. 1. From the Project Reports screen, click anywhere in the row of the desired report EXCEPT the Projects column. A flyout opens with a list of report details and several action buttons. 2. Scroll to the bottom of the flyout and click Copy to New Report. A flyout opens that displays the previously selected date range and report types, but with a blank for report name. 3. Enter a new report name in Name. 4. If desired, change selections in Date Range and Report Types. 5. Click Next to proceed to the Filters flyout. 6. If desired, change the filter criteria. 7. Click Save. The Filter flyout closes and you are returned to the Project Reports screen. Your new report should be listed at the top of the screen, with its status as Scheduled. The status will toggle to Complete when the report is generated. Delete a Report 1. From the Project Reports screen, click anywhere in the row of the desired report EXCEPT the Projects column. A flyout opens with a list of report details and several action buttons. 2. At the top of the flyout, click Delete Report. A popup asks you to confirm the deletion. 3. Click Yes, delete it. You are returned to the Project Reports screen, and the report instance is deleted from the list.

August 2016 Page 30 of 68

August 2016 Page 31 of 68 User Reports User reports are reports you create for one or more selected user groups. When you add a report, the application generates a ZIP archive containing the various report types you ve selected in the New Report flyout. When you navigate to the User Reports screen, you will see a list of report packages that have already run. This will be blank the first time you access the screen. From this screen you will be able to run a new report from scratch, view the details of previously run report packages, and rerun previously run report packages. Find a Report 1. To quickly find a report in the report list, enter text into the Find a Report box. The list will automatically filter to show only those reports whose names contain the text. View Details of Previously Run Report 1. To view the user groups associated with a report, click under the Users column in that report s row. The Filters flyover opens on the right, displaying the selected user groups. 2. To view all other details about a report, click anywhere in the report s row except the Users column. A flyout opens that displays the Report Name, Date Range, Report Types, Start Time and End Time when the report was run, Duration of the report run, and Status. Add New Report To run a report, you must select a report type, then select the user groups you wish to report on.

August 2016 Page 32 of 68 1. On the User Reports screen, click Add Report. The New Report flyout opens. 2. In Name, enter a title for the report. 3. In Date Range, select one of the following options: 7 Days, 30 Days, or All. 4. Under Report Types, select one or more report types. Types of User Reports Developer File Coverage Report Developer Defect Report Developer Project Report Developer Usage Report Description Lists count of files reviewed by type by each developer. Lists total number of issues by category for each developer. Lists all files scanned by each developer. Report includes the most recent date file was scanned by a developer, defect counts, suppression counts, and lines of code for each file. Lists total defect counts, suppression counts as well as first and last time tool was used by developer. 5. Click Next. (Next will only be available when you ve entered a name AND selected at least one report type.) The flyout is now titled with your report name, and the Included Groups section appears. 6. In the Included Groups section, select one or more groups by clicking the Add button next to each OR click Add All to select them all. 7. Click Save. The Filter flyout closes and you are returned to the User Reports screen. Your new report should be listed at the top of the screen, with its status as Scheduled. The status will toggle to Complete when the report is generated. Download a Report 1. From the User Reports screen, click anywhere in the row of the desired report EXCEPT the Users column. A flyout opens with a list of report details and several action buttons. 2. Scroll to the bottom of the flyout and click Download Report. A ZIP file of the report results is automatically saved to your Downloads folder. 3. Open the ZIP file. A separate CSV file is displayed for each report type you selected. Note: The downloaded ZIP files will be named UserReports with an appended run date, and CSV files will be named by report type. The name you entered under Report Name appears ONLY on the User Reports screen.

August 2016 Page 33 of 68 Re-Run an Existing Report There are times you may want to run a report identical to one you ve previously run. Re-Run Report allows you to do this. 1. From the User Reports screen, click anywhere in the row of the desired report EXCEPT the Users column. A flyout opens with a list of report details and several action buttons. 2. Scroll to the bottom of the flyout and click Re-Run Report. The Filter flyout closes and you are returned to the Project Reports screen. The rerun report should be listed at the top of the screen, with its status as Scheduled. The status will toggle to Complete when the report is generated. Note: The re-run report will have the identical name as the original run of the report; in other words, you will have two items with the same name in the User Reports list. Copy to New Report The Copy to New Report function is essentially a save as feature: when you copy to new report, you create a new report using the selections of a previously created report as the default selections. You can then edit those selections before saving the new report, or just create a new report name. 1. From the User Reports screen, click anywhere in the row of the desired report EXCEPT the Users column. A flyout opens with a list of report details and several action buttons. 2. Scroll to the bottom of the flyout and click Copy to New Report. A flyout opens that displays the previously selected date range and report types, but with a blank for report name. 3. Enter a new report name in Name. 4. If desired, change selections in Date Range and Report Types. 5. Click Next. A list of the users to be included in the report is displayed. 6. Click Save. The Filter flyout closes and you are returned to the User Reports screen. Your new report should be listed at the top of the screen, with its status as Scheduled. The status will toggle to Complete when the report is generated. Delete a Report 1. From the User Reports screen, click anywhere in the row of the desired report EXCEPT the Users column. A flyout opens with a list of report details and several action buttons. 2. At the top of the flyout, click Delete Report. A popup asks you to confirm the deletion.

3. Click Yes, delete it. You are returned to the User Reports screen, and the report instance is deleted from the list. SecureAssist Enterprise Portal User Guide August 2016 Page 34 of 68

August 2016 Page 35 of 68 4 Rulepacks A rulepack is a JAR file containing rules and guidance used by the SecureAssist plugin to scan your projects. You can load and distribute multiple rulepacks to your plugin users by enabling and disabling them on the Portal. Rulepacks can also be specific and bound to a certain group of SecureAssist plugin users. SecureAssist provides a default rulepack, but you can also create and edit your own custom rulepacks using the Rulepack Configurator that comes bundled with the SecureAssist plugins. (Go to the Guides & Documentation page on the Codiscope website and click Rules & Rulepacks.) Note: You can have more than one default and/or custom rulepacks active. You can also have rulepacks assigned to specific groups by having a user with the group manager role uploading the rulepack. Find a Rulepack 1. To quickly find a rulepack in the rulepack list, enter text into the Find a Rulepack box. The list will automatically filter to show only those rulepacks whose names contain the text. View Details of Rulepack 1. To view all details about a rulepack, click anywhere in the rulepack s row. A flyout displays the following details. All fields have their values set in Rulepack Configurator and are read-only in SecureAssist Portal EXCEPT Status. Field Name Status (updateable) Version Plugin Support Type Access Uploaded Description Name of uploaded rulepack. Enabled or Disabled; indicated by a color bar in the left margin. More than one rulepack can be enabled at one time. Click on this toggle to change the rulepack s status. Version number of uploaded rulepack. List of plugin versions supported by this rulepack. Type of rulepack (Default or Custom). Level of access (Restricted or Unbounded). A restricted rulepack is accessible only by specified plugin users. Date the rulepack was uploaded. Upload a Rulepack 1. On the Rulepacks screen, click Upload Rulepack.

August 2016 Page 36 of 68 2. Browse to locate the desired rulepack, then click Open to upload it. You are returned to Rulepacks, and the new rulepack will appear in the list with a Status of Disabled. Enable/Disable a Rulepack Important! It s recommended to have the most up-to-date rulepack enabled and all outdated versions disabled, as older versions may contain outdated rules. 1. On the Rulepacks screen, view the list of uploaded rulepacks. Enabled rulepacks are indicated by a green bar in the left margin; disabled rulepacks are indicated by a brown bar. 2. Single-click the row of the desired rulepack. The editing flyout appears on the right. 3. Under Status, click Enabled or Disabled to select the desired status. The flyout immediately closes, and the status of the rulepack is updated. Changes to a rulepack become available to users the next time they begin a session.

August 2016 Page 37 of 68 Download a Rulepack to Edit on Your Machine 1. On the Rulepacks screen, single-click the row of the desired rulepack. The editing flyout appears on the right. 2. Click Download. A popup asks you to confirm the download. 3. Click Keep. The rulepack file is downloaded to your computer. You can now edit it using Rulepack Configurator. Delete a Rulepack A rulepack can be deleted only if no prior project reports were run using it. If a project report was generated involving the rulepack, the rulepack can be disabled but not deleted. Project reports are based on existing and active rulepacks. 1. On the Rulepacks screen, single-click the row of the desired rulepack. The editing flyout appears on the right. 2. Click Delete Rulepack. A popup asks you to confirm the deletion. 3. Click OK. The flyout closes, and the rulepack is removed from the list.

August 2016 Page 38 of 68 5 Manage The Manage function allows you to administer users, groups, and roles used in SecureAssist Portal, as well as your personal account. Portal Users The Portal Users screen lets you manage the various SecureAssist Portal users. These are not plugin users, but the administrators of your SecureAssist system (portal administrators, rulepack administrators, and users who view and generate reports based on plugin user activity). Other than the default Portal server administrator, each user is a local user whose credentials are either stored in the Portal database and authenticated against it or authenticated using LDAP. The default Portal server administrator will always be a local user. However, it can be disabled once other portal users are created. Find a Portal User 1. To quickly find a user in the portal user list, enter text into the Find a Portal User box. The list will automatically filter to show only those portal users whose names contain the text. Add a Portal User 1. On the Portal Users screen, click Add Portal User. The New User flyout opens. 2. Enter a user name in Name. The user name can contain letters and numbers only, NO spaces or special characters. 3. Enter a temporary password in Password for the new user and then confirm it. The password must contain at least six characters, including at least one capital letter, one lowercase letter, and one number. The user will be able to change the password when they log into the system. 4. Click Next to continue. The Roles flyout opens. 5. Select the role or roles you wish to assign to the user by clicking the associated slide buttons, then click Next. The Managed Users flyout opens. 6. If desired, select one or more users to manage, then click Next. The Managed Projects flyout opens. 7. If desired, select one or more projects to manage, then click Save. The flyout closes, and the new user is added to the Portal Users list in alphabetical order with a Status of Active.

August 2016 Page 39 of 68 Activate/Deactivate a Portal User 1. On the Portal Users screen, single-click the name of the desired portal user. The editing flyout appears on the right. 2. To change the user s status, click the slide button next to the Status, then click Save. The flyout is closed, and the user s new status is displayed on the Portal Users list. Change/Reset a Portal User s Password 1. On the Portal Users screen, single-click the name of the desired portal user. The editing flyout appears on the right. 2. Click Change Password. The New Password and Confirm New Password fields appear. 3. Enter and confirm a new password for the user. Passwords must contain at least six characters, including at least one capital letter, one lowercase letter, and one number. 4. Click Save. The flyout is closed, and you are returned to the Portal Users list. Edit a Portal User s Assigned Roles 1. On the Portal Users screen, single-click in the Roles column of the desired user s row. The Roles flyout appears on the right. 2. Select the role or roles you wish to assign to the user by clicking the associated slide buttons, then click Save. The flyout closes, and the number of roles for the user is updated in the Portal Users list. Edit a Portal User s Managed Users 1. On the Portal Users screen, single-click in the Users column of the desired user s row. The Managed Users flyout appears. 2. Select the users you wish to assign to the portal user by clicking the Add and Remove buttons, then click Save. The flyout closes, and the number of users for the portal user is updated in the Portal Users list. Plugin User Groups The Plugin User Groups screen is where you can create and manage groups of client-side plugin users of SecureAssist. The groups you create here can then be used to filter data in the User Reports section of SecureAssist Portal. There are no default user groups, so the Plugin User Group screen will be blank the first time you visit it. As you add groups, they will be listed on the screen. Note: You can assign individuals to a plugin user group here OR on the Plugin Users screen.

August 2016 Page 40 of 68 Find a Plugin User Group 1. To quickly find a plugin user group in the group list, enter text into the Find a Group box. The list will automatically filter to show only those plugin user groups whose names contain the text. Add a Plugin User Group 1. On the Plugin User Group screen, click Add Group. The New User Group flyout opens. 2. In Group Name, enter a name for the new group. 3. In Description, enter a brief description of the group. 4. Click the Add button next to each user you wish to add to the group OR click Add All to add all users. 5. Click Save. The flyout closes, and your new group is added to the Plugin User Groups list. Edit a Plugin User Group 1. On the Plugin User Group screen, click the Edit button next to the desired group. The User Group flyout opens. 2. Make any desired edits to the user group, then click Save. The flyout closes, and you are returned to the Plugin User Groups list. Delete a Plugin User Group 1. On the Plugin User Group screen, click the Edit button next to the desired group. The User Group flyout opens. 2. Click Delete Group. A popup asks you to confirm the deletion. 3. Click Yes, delete it. The popup closes, and the user group is removed from the Plugin User Groups list.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback