Viewing the Performance Analytics for Configuration Compliance dashboard

  • Release version: Xanadu
  • Updated August 1, 2024
  • 8 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Viewing the Performance Analytics for Configuration Compliance dashboard

    The Configuration Compliance Performance Analytics (PA) dashboard in ServiceNow allows you to efficiently manage and remediate configuration issues by providing insightful reports and visualizations. This dashboard supports tracking compliance status, remediation progress, and approval workflows related to configuration compliance. Since version 14.9, terminology changes have been introduced for clarity, such as renaming “Test Result Group” to “Remediation Task Group.” Access to the dashboard depends on having the appropriate ServiceNow AI Platform roles, includingadmin,paadmin, andsnvulc.read.

    Show full answer Show less

    You can access the dashboard via All > Configuration Compliance > Overview or through the Vulnerability Manager Workspace in the New Experience UI starting with version 14.9. The dashboard is organized into four key tabs: Overview, Compliance, Remediation, and Approvals, each providing distinct views and filters for detailed analysis.

    Key Features

    • Overview Tab: Offers five main filters—Asset category, Cloud resource type, Cloud service provider, Cloud account, and Cloud region—that refresh relevant widgets to display filtered reports. Widgets also indicate applied filters and their counts. Clicking a widget opens the KPI Details tab, where you can view records, compare data, change chart types, adjust date ranges, and apply additional filters such as Host tag.
    • Compliance Tab: Displays compliance percentages for authoritative sources like HIPAA and DISA, with options to filter by category and column headers.
    • Remediation Tab: Shows progress on remediation tasks, helping you monitor remediation hygiene and identify overdue or critical remediation efforts.
    • Approvals Tab: Provides reports on exception requests related to configuration compliance and their approval statuses, enabling tracking of pending, approved, rejected, and expiring requests.

    Data Breakdowns and Filters

    The dashboard uses various breakdowns supporting indicators such as Deferred Reason, Age, Assignment Group, Remediation Status, Risk Rating, Asset Category, Host Tag, Cloud Service Provider, Cloud Region, Cloud Account, and Cloud Resource Type. These enable granular filtering and reporting to tailor the dashboard data to your organizational needs.

    You can select multiple filter options simultaneously and apply them to refresh the data visualizations accordingly.

    Data Visualizations

    The dashboard features diverse visualization types tailored to the data context:

    • Overview Tab Visualizations: Includes line charts for compliance trends, single score widgets for remediation task counts, bar charts for test results by risk rating and age, and lists for overdue critical test results grouped by assignment or service.
    • Remediation Tab Visualizations: Contains bar charts and lists showing remediation tasks by risk rating, remediation target status, assignment group, and age, as well as exception requests grouped by reason and critical exceptions by assignment group.
    • Approvals Tab Visualizations: Displays bar charts and lists regarding exception requests pending approval, approval reasons, remediation tasks with approval requests, and the status of exception requests created by the user.

    Practical Benefits for ServiceNow Customers

    Using this dashboard, ServiceNow customers can:

    • Quickly identify and prioritize configuration compliance issues across cloud environments.
    • Track remediation progress effectively, focusing on critical or overdue tasks.
    • Monitor compliance against regulatory standards and internal policies.
    • Manage and oversee exception requests and their approval workflows efficiently.
    • Leverage role-based access to control visibility and management capabilities.

    Overall, the Performance Analytics for Configuration Compliance dashboard empowers customers to maintain configuration integrity, reduce risk exposure, and streamline remediation and approval processes.

    You can manage your most important configuration issues and remediate them quickly by viewing the reports on the Configuration Compliance Performance Analytics (PA) dashboard.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Required ServiceNow AI Platform roles

    The following roles are required for the Configuration Compliance Performance Analytics dashboard:

    • admin: An admin can install and activate the Performance Analytics for Configuration Compliance and make changes to the system properties.
    • pa_admin: A performance analytics administrator can create and review the background jobs, indicators, breakdowns, widgets, and dashboards. This admin can also set up and start the data collection.
    • sn_vulc.read: A user with the read role can review the dashboard data.

    Access the Configuration Compliance dashboard

    To open the dashboard, navigate to All > Configuration Compliance > Overview.

    Starting with version 14.9 of Configuration Compliance, this dashboard can also be viewed in the New Experience UI. To view the dashboard in the new UI, navigate to Workspaces > Vulnerability Manager Workspace and click the Dashboards icon. Depending on your role, the default dashboard is displayed. To view other dashboards, click the drop-down next to the dashboard name. For more information, see the Dashboards in the Vulnerability Manager Workspace and Dashboards in the IT Remediation Workspace.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    Configuration Compliance [PA] dashboard tabs

    Figure 1. Overview tab
    The Overview tab provides five filters. These filters are the Asset category, Cloud resource type, Cloud service provider, Cloud account, and Cloud region, which you can apply to visualize the reports for the filters applied. If you select a category and apply the changes, all the widgets that support the category get refreshed. Each widget displays the applied filter at the bottom and the number of filters applied on the filter icon of the widget. Click the report in a widget to view the additional information on the KPI Details tab. On the KPI Details tab, you can:
    • Show the records.
    • Compare the records.
    • Change the chart type.
    • Select the date range.
    • View the trends that are based on the duration.
    • Apply the additional filters including the filters that are unavailable on the Overview tab. An example is the Host tag.

    The following example shows how you can apply the filters in the Overview tab and perform the actions in the KPI Details tab.

    Figure 2. Compliance tab

    The Compliance tab displays the compliance percentage for the various authoritative sources, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Data Interchange Standards Association (DISA). You can refine this list by using the column header filters and selecting a category.

    The following example shows how you can filter the data in the Compliance tab.

    Figure 3. Remediation tab

    The Remediation tab displays the information about the progress of how remediation is going. You can use this tab to see into the misconfiguration remediation hygiene.

    The following example shows the Remediation tab.

    Remediation tab
    Figure 4. Approvals tab

    The reports on the Approvals tab display the information about the exception requests and their approval status.

    The following example shows the Approvals tab.

    Approvals tab

    Breakdowns

    The breakdowns that are used by the indicators are as follows:
    • Deferred Reason
    • Age
    • Assignment group
    • Remediation status
    • Result
    • Risk rating
    • Asset category
    • Host tag
    • Configuration test
    • Cloud service provider
    • Cloud region
    • Cloud account
    • Cloud resource type

    Filters

    In the Overview tab, you can apply the following filters to the widgets to visualize the filtered data.

    Name Type Description

    Asset category

    Choice

    Type of asset.

    The four options are:
    • Cloud
    • Container
    • Infra
    • OT
    Cloud resource type

    Choice

    Type of resource. An example is a virtual machine.

    The data in the filter is filled in when you run the integration.
    Cloud service provider

    Choice

    Service provider for the cloud.

    The three options are:
    • Amazon Web Services (AWS
    • Microsoft Azure
    • Google Cloud Platform (GCP)
    Cloud account

    Choice

    		 Account ID that is created when an account is created in a cloud service. For example, AWS. The account ID data is filled into the filter when you run the integration.
    Cloud region

    Choice

    		 Location where the resource is hosted.
    Note:
    You can select multiple options from the filters and select Apply. Each widget shows the filters that are applied and the filters that aren’t applied. Depending on the data available, the report is generated. The widget also shows the count of the filter that is supported.

    Data visualizations

    Table 2. Overview tab visualizations
    Report name Type Source table Description

    Compliance Trend

    		 Line chart

    Line chart that shows the compliance trend.

    		 Test Results
    Information about the compliance trend:
    • Resources: Total number of resources that are available in the system.
    • Fail: Number of resources with at least one failed test result.
    • Pass: Number of resources with all the test results in the passed state.
    Remediation Task

    Single score

    Single score that shows the test result group.    		 Test Results Number of remediation tasks, which are present in the system and are in an active state.
    Critical remediation tasks near due

    Single score

    Single score that shows the critical remediation tasks that are approaching the target.    		 Test Results Number of remediation tasks where the risk rating is "critical" and the remediation status is "approaching target."
    Test results by risk rating

    Bar

    Bar that shows the test results by the risk rating.    		 Test Results Test results in the failed state, which are grouped according to the risk rating.
    Test results by age

    Bar

    Bar that shows the test results by age.    		 Test Results Test results in the failed state, which are grouped according to when the test results were created.
    Closed test results by remediation target adherence

    Bar

    Bar that shows the closed test results by the remediation target adherence.    		 Test Results Test results in the passed state, which indicates that this test is closed.
    Overdue critical test results by assignment group

    List and Score

    List and score that show the overdue critical test results by the assignment group.    		 Test Results Number of test results where the risk rating is "critical" and the remediation status is "target missed". The report indicates that the test results are in an Open state. If the test results cross the remediation target date, it’s considered as overdue.
    Overdue test results- services

    List, Score, and Trend

    List and score that show the overdue test results-services. Trend of the overdue test results-services.    		 PA dashboards database view for Services Number of test results for services where the remediation status is "target missed". This report also displays the name of the services or departments with the highest test results.
    Overdue test results- service owners

    List, Score, and Trend

    List and score that show the Overdue test results-service owners. Trend of the overdue test results-service owners.    		 PA dashboards database view for Services Number of test results for service owners whose remediation status is "target missed". This report also displays the name of the services or departments with the highest test results.
    Table 3. Remediation tab visualizations
    Title Type Source table Description
    Remediation task by risk rating Bar

    Bar chart that shows the remediation task by the risk rating.

    		 Remediation task Breakdown of the risk ratings of all the test results groups that are in the active state.
    Remediation task by remediation target status

    Bar

    Bar chart that shows the remediation task by the remediation target status.    		 Remediation task Breakdown of the remediation targets of all the test results groups that missed the target, have no target, and are approaching the target.
    Remediation task by assignment group

    List, Score, and Trend

    List and score that show the remediation task by the assignment group. Trend of the remediation task by the assignment group.    		 Remediation task Breakdown of the remediation tasks that are based on an assignment group.
    Overdue critical remediation task by assignment group

    List, Score, and Trend

    List and score that show the overdue critical remediation task by the assignment group. Trend of the overdue critical test result group by the assignment group.    		 Remediation task Breakdown of the remediation tasks that are based on an assignment group. These remediation tasks have a risk rating as "critical", and their remediation target hasn’t been met.
    Expiring remediation task by age

    Bar

    Bar chart that shows the expiring remediation task by age.    		 Remediation Task Remediation tasks that are going to expire within a certain duration. A maximum of 10 duration buckets can be created.
    All pending exception requests grouped by reason

    Bar

    Bar chart that shows all pending exception requests that are grouped by reason    		 State change approval State change approval requests that are grouped by the reason for the exception.
    Critical exceptions on test results by assignment group

    List, Score, and Trend

    List and score that show the critical exceptions on the test results by the assignment group. Trend of the critical exceptions on the test results by the assignment group.    		 Test Results Test results that are in a deferred and critical state and are grouped based on the assignment group.
    Table 4. Approvals tab visualizations
    Reports Type Source table Description
    Exception requests by age pending my approval Bar

    Bar chart that shows the exception requests by age pending my approval.

    		 Approval Exception requests that are created by you and that are pending approval. The requests are grouped according to the duration of the request.
    Approval requests by reason

    Bar

    Bar chart that shows the approval requests by reason.    		 State change approval State change approval requests for creating an exception and include the reason for the exception.
    Remediation tasks having approval request by risk rating

    Bar

    Bar chart that shows the remediation tasks that have an approval request by risk rating.    		 Remediation task Remediation tasks that have an approval request that is based on the criticality.
    My approval requests by approved and rejected status

    Bar

    Bar chart that shows my approval requests by the approved and rejected status.    		 State change approval Exception requests that are grouped by the approved and rejected statuses.
    Expiring exception requests by me by age

    Bar

    Bar chart that shows the expiring exception requests by me by age.    		 State change approval Exception requests that are going to expire in the coming weeks. The exception requests are grouped based on weeks.

    Whenever an exception request is created, a date is selected for the validity of the exception request. The calculation for the age of the request is based on this date.
    Status of exception requests requested by me

    Bar

    Bar chart that shows the status of the exception requests requested by me.    		 State change approval Exception requests that are created by you and that are grouped according to the following statuses:
    • In review
    • Approved
    • Rejected