This report provides detailed information about end-systems impacted as the result of slow application response times.
| NOTE: |
Use the Application Performance Chart section of the Impact Status Options tab to configure the threshold ExtremeCloud IQ Site Engine uses to determine if your network is impacted. The threshold is based on the percentage of applications in your network with slower-than-expected application response times. |
The report also shows any events from the event log that pertain to the end-system selected in the top table. Additionally, the report lists the risks and vulnerabilities for the end-system and assigns a score based on the severity of the risk.
The report contains three tables:
End-System Information
The table at the top of the report lists the end-systems affected as the result of slow application response times.
- State
- The end-system's connection state:
- Scan - The end-system is currently being scanned.
- Accept - The end-system is granted access with either the Accept policy or the policy returned from the RADIUS server in the filter-ID.
- Quarantine -The end-system is quarantined because the scanning test failed.
- Reject - The end-system was rejected because the assigned ExtremeControl profile was set to Reject, the MAC Locking test failed, or the RADIUS server was reachable but rejected the authentication request.
- Error - Indicates one of nine problems:
- the MAC to IP resolution failed, if assessment is enabled
- the MAC to IP resolution timed out, if assessment is enabled
- all RADIUS servers are unreachable
- the RADIUS request was non-compliant
- all assessment servers are unavailable
- the assessment server can't reach the end-system
- no assessment servers are configured
- the assessment server is not compatible with the current version of ExtremeCloud IQ Site Engine
- the username and password configured in the Assessment Server section of the Access Control options (Administration > Options > Access Control) are incorrect for the assessment server
- MAC Address
- The end-system's MAC address. MAC addresses are displayed as a full MAC address or with a MAC OUI (Organizational Unique Identifier) prefix, depending on the option you select the Access Control Options tab.
- Switch Port
- The port alias (if defined) followed by the switch port number to which the end-system is connected.
- Risk Level
- The overall risk level assigned to the end-system based on the health result of
the scan:
- Red - High Risk
- Orange - Medium Risk
- Yellow - Low Risk
- Green - No Risk
- Gray - Unknown
- Reason
- Provides additional information about the reasons why the end-system is in its particular connection state. It gives you an idea as to why a certain policy was applied to the end-system or why the end-system was rejected.
- Authentication Type
- Identifies the latest authentication method used by the end-system to connect to the network.
- State Description
- This column provides more details about the end-system state. For example, if the end-system's connection state is Reject, this column might list the RADIUS server (primary or secondary) that rejected the authentication request.
- Engine Group
- Displays what Engine group the ExtremeControl engine was in when the end-system event was generated. For example, if the Engine was in Engine group A when an end-system connected, but then later the Engine was moved to Engine group B, this column still list Engine group A for that end-system's entry.
- RFC 3580 VLAN ID
- For end-systems connected to RFC 3580-enabled switches, this is the RFC3580 VLAN ID assigned to the end-system.
- Last Quarantined
- The last date and time the end-system was quarantined. This column is hidden by default.
- Score
- The total sum of the scores for all the health details that were included as part of the quarantine decision.
- Actual
- The actual score is what the total score would be if all the health details including those marked Informational and Warning were included in the score.
- All Authentication Types
- This column displays all the authentication methods the end-system has used to authenticate.
- Last Scan Result State
- The last scan result assigned to the end-system: Scan, Accept, Quarantine, Reject, Error. This is the state that was assigned to the end-system as a result of the last completed scan. This will typically match the end-system State if scanning is currently enabled and has been performed recently.
- NAP Capable
- Indicates whether the end-system is Microsoft NAP (Network Access Protection) capable: Yes or No
- Custom 1-4
- Use these column to add additional information that you would like displayed. You can add information for up to four Custom columns.
- Registered Email
- The registered email address supplied by the end user during the registration process.
- Registered Phone
- The registered phone number supplied by the end user during the registration process.
- Registration 1-5
- The text from the Custom 1-5 registration fields supplied by the end user during the registration process.
- Registration Description
- The device description supplied by the end user during the registration process.
- Groups
- End-system groups are rule components that allow you to group together devices having similar network access requirements or restrictions.
- Zone
- This field only displays if you have displayed the Zone column in the Access Control Configuration Rules table. Select the end-system zone assigned to any end-system matching this rule. See End-System Zones for more information.
- Source
- Displays the origin of the event:
-
- Access Controlengine — An Access Controlengine.
- Wireless Manager — An ExtremeWireless Controller or AP.
- ExtremeXOS/Switch Engine ID Manager — An Extreme switch running ExtremeXOS/Switch Engine with the Identify Manager feature configured to send events to ExtremeCloud IQ Site Engine.
- OneFabric Connect — An ExtremeConnect module (e.g. Solutions Architecture and Innovation (SAI) integration)
- One Controller — The Extreme SDN Controller.
- TLS Client Certificate Expiration
- Expiration date of the TLS Client Certificate issued for 802.1x authentication.
- TLS Client Certificate Issuer
- Name of the issuer of the TLS Client Certificate issued for 802.1x authentication.
Events Log
The Events table displays end-system events related to the unavailability of the site.
- State
- The end-system's connection state:
- Scan - The end-system is currently being scanned.
- Accept - The end-system is granted access with either the Accept policy or the policy returned from the RADIUS server in the filter-ID.
- Quarantine -The end-system is quarantined because the scanning test failed.
- Reject - The end-system was rejected because the assigned ExtremeControl profile was set to Reject, the MAC Locking test failed, or the RADIUS server was reachable but rejected the authentication request.
- Error - Indicates one of nine problems:
- the MAC to IP resolution failed, if assessment is enabled
- the MAC to IP resolution timed out, if assessment is enabled
- all RADIUS servers are unreachable
- the RADIUS request was non-compliant
- all assessment servers are unavailable
- the assessment server can't reach the end-system
- no assessment servers are configured
- the assessment server is not compatible with the current version of NAC Manager
- the username and password configured in the Assessment Server section of the Access Control options (Administration > Options > Assessment Server) are incorrect for the assessment server
- MAC Address
- The end-system's MAC address. MAC addresses are displayed as a full MAC address or with a MAC OUI (Organizational Unique Identifier) prefix, depending on the option you have selected in the Display section of the Access Control Options (Administration > Options > Access Control).
- State Description
- This column provides more details about the end-system's state. For example, if the end-system's connection state is Reject, this column might list the RADIUS server (primary or secondary) that rejected the authentication request.
- Reason
- Provides additional information about the reasons why the end-system is in its particular connection state. It gives you an idea as to why a certain policy was applied to the end-system or why the end-system was rejected.
- Authorization
- The attributes returned by the RADIUS server for this end-system. If the end-system is connected to a switch that supports multi-authentication, then this column may not reflect the actual active policy for the authenticated user. For Layer 3 Access Control Controller engines, this column displays the policy assigned to the end-system for its authorization.
- Auth Type
- Identifies the authentication method used by the end-system to connect to the network. For Layer 3 Access Control Controller engines, this column shows IP.
- Switch IP
- The IP address of the switch to which the end-system connected. If the end-system is connected to an Access Control Controller engine, this is the Access Control Controller PEP (Policy Enforcement Point) IP address..
- Switch Site
- The site with the switch to which the end-system connected. If the end-system is connected to an Access Control Controller engine, this is the Access Control Controller PEP (Policy Enforcement Point) location.
- Zone
- Displays the end-system zone to which the end-system is assigned.
- Event Source
-
- Access ControlEngine — A Access Controlengine.
- Wireless Manager — An ExtremeWireless Wireless Controller or AP.
- ExtremeXOS/Switch Engine ID Manager — An Extreme switch running ExtremeXOS/Switch Engine with the Identify Manager feature configured to send events to ExtremeCloud IQ Site Engine.
- OneFabric Connect — A custom project (e.g. Solutions Architecture and Innovation (SAI) integration)
- One Controller — The Extreme SDN Controller.
Displays the origin of the event:
Health Log
This tab provides summary information on health results (assessment results) obtained for the end-system selected in the table above. You can specify the number of health result summaries displayed using the Health Result Persistence options in the Data Persistence Options.
- Risk
- The risk level assigned to the end-system based on the health result of the scan: High Risk, Medium Risk, Low Risk, or No Risk.
- Score
- The score assigned to the test case. The score is a value between 0.0 and 10.0. In the case of agent-based test cases, the score is either 0.0 for a passed test, or 10.0 for a failed test, unless specifically overwritten by the scoring override configuration.
- Scoring Mode
- The scoring mode that was used at the time the test was performed.
- Applied — The score returned by this test was included as part of the quarantine decision.
- Informational — The score returned by this test was reported, but did not apply toward a quarantine decision.
- Warning — The score returned by this test was only used to provide end user assessment warnings via the Notification portal web page.
- CVE IDs
- The CVE (Common Vulnerability and Exposures) ID assigned to the security vulnerability or exposure. For more information on CVE IDs, refer to the following URL: https://cve.mitre.org/.
- Assessment
- The list of test sets that were run during assessment, for example, Default Nessus, Default Agent-less, and Default Agent-based. Test sets are defined as part of the assessment configuration. If the end-system is NAP capable, then this column displays Microsoft NAP indicating that NAP performed the assessment.
- Remediation
- For agent-based assessment, this column lists the results of remediation attempts: Success, Failed, or Not Attempted.
- Type
- A "type" is assigned to each security risk found on a port
during an assessment, and is used to determine whether to Quarantine an end-system.
Types are configurable on the assessment agent.
There are three types:
- Hole — The port is vulnerable to attack.
- Warning — The port may be vulnerable to attack.
- Note — There may be a security risk on the port.
For information on related help topics: