Generating an audit report with fix history for a server

You can generate an audit report that shows the fix history for a runtime in your inventory in comma-separated value (CSV) format.

Before you begin

You must have a user profile with the View WebSphere inventory permission or the Manage WebSphere inventory permission. For more information, see Configuring roles and permissions.

Procedure

  1. Log in to WebSphere Automation.
    For more information, see Accessing the WebSphere Automation UI.
  2. Choose a server by clicking the server name in the Server column on the Security page or Server management page, then click the Vulnerabilities tab in the server details page, then click Fix History.
    Figure 1. Viewing Server vulnerabilities page with a history of fixes that are installed on the server
    Example Server vulnerabilities page showing history of fixes that are installed on the server. Column headings include Fix, Action, CVE, and Notification time.
  3. Click Download audit report.
    In the system dialog that opens, you can open or save the CSV file to your local computer.
  4. Open the audit report by using a program capable of viewing CSV files, such as a spreadsheet editor.
    The data looks similar to the following image:
    Figure 2. Viewing example audit report of server fix history in CSV format
    Example CSV file showing vulnerability status of servers. Column headings include Associated CSV, CVSS, Currently Vulnerable, Total Days Exposed, Detection Date, Installed Fix, Fixed Date, Runtime Type, Version, Host, Install Dir, Server Name, Operating System, APARS, Bulletin, Created, URL, and Summary.
    Note the column headings:
    CVE
    The ID of the common vulnerability or exposure.
    CVSS
    The Common Vulnerability Scoring System (CVSS) is a numerical rating of the severity of the vulnerability, on a scale of 0 (lowest severity) to 10 (highest severity). WSA supports CVSS v4 and v3.
    Action
    Status
    The state of exposure to the CVE for this runtime. If the runtime is currently vulnerable, this value is Vulnerable, otherwise the value is Not Vulnerable.
    Days Exposed
    The total number of days of exposure to the CVE. This number takes into account days that a fix was applied, if it was later uninstalled.
    Notification time
    The date that the CVE exposure was detected for this runtime, in ISO standard yyyy-MM-dd (UTC time) format. The editor that you import the data into might convert the date to a different format.
    Fix
    The unique identifier of the fix.
    Fixed time
    The date that the fix was installed on this runtime, in ISO standard yyyy-MM-dd (UTC time) format. The editor that you import the data into might convert the date to a different format.
    Runtime type
    The type of runtime affected by the CVE. Values are jdk (Java™ runtime), traditional (WebSphere Application Server), or liberty (WebSphere Application Server Liberty).
    WebSphere version
    The version of the Java runtime, WebSphere Application Server traditional server, or WebSphere Application Server Liberty server.
    Hostname
    The hostname of the server.
    Installation directory
    The directory where the server software is installed.
    Server
    The name of the server.
    O/S
    The operating system on which the server is installed.
    Fixes
    A space-separated list of interim fixes or the most recent fix pack that are installed on the server.
    Bulletin
    The security bulletin number that contains the particular CVE.
    Creation time
    The date that the security vulnerability was added to the data store, in ISO standard yyyy-MM-dd (UTC time) format. The editor that you import the data into might convert the date to a different format.
    Bulletin URL
    The URL for the security bulletin for this CVE.
    Summary
    A short description of the vulnerability, extracted from the bulletin.