Generate server reports
The reporting service of the Halo portal allows you to perform detailed parametric searches of the Halo database to locate items or sets of items that you may wish to act on. The current release of the reporting service focuses on searching for individual servers or collections of servers that match any of a large number of criteria.
On the Reports page in the Halo portal, you use the search-criteria selectors to set up and run a simple or complex search query. You can search for servers using any combination of over 20 criteria. The results are displayed in the portal, and you can save them in PDF or CSV format.
Examples of searches you might conduct might include listing all servers that are missing (no longer contacting the analytics engine), all servers with outdated Halo agents, or all servers on which a package containing a specific common vulnerability and exposure (CVE) is present. Any of those searches could be further filtered to restrict the scope of the results—such as to a specific O.S. version, specific server groups, or specific Halo agent state.
Note: All Halo reporting functionality is also available through the Halo REST API, in methods of the "Servers" and "Saved Searches" API endpoints.
The Halo reporting service allows you to retrieve broadly or narrowly defined subsets of Halo objects (currently servers), specified by any of a large number of factors, for the purpose of generating reports or taking action.
- Click Reports in the top menubar of the Halo portal. The Reports page opens.
- Use the search-criteria selectors on this page to set up a search query, and then click Submit to run it. The results of the most recent search are always displayed in the table below the criteria selectors.
You can search for servers using any combination of over 20 criteria. For some of the criteria, you can select a value from a dropdown list, and for others you can enter a text string.
- Optionally save the results of a search in PDF or CSV format. A PDF report includes just the server fields displayed on the Reports page; a CSV report includes all fields of the server object, as defined in the Servers endpoint of the Halo REST API.
Examples of reports you might generate
For any of these reports, you can further narrow the scope by applying additional filters, such as Group Name, Hostname, Server Label, or a fully qualified domain name—any of which can also be a partial match, allowing you to retrieve, for example, multiple servers by providing a substring that matches more than one hostname.
- Missing or deactivated servers. To list all servers that are no longer sending heartbeats to the analytics engine, use the State filter set to "Missing". To list all servers that have been shut down or whese agents have been stopped, use the State filter set to "Deactivated".
- Servers with out-of-date agent versions. To list all servers whose Halo agent needs to be upgraded, run one or more reports with the Agent Version filter set to a known older version of the agent that you expect may still be running on some servers.
- Agents that may be compromised. To get a quick indication of how wide a suspected attack on Halo agents might be, use the Self Verification Failed filter.
- Servers with a known vulnerability. To list all servers on which a package containing a specific common vulnerability and exposure (CVE) is present, use the CVE Reference Number filter set to that reference number. You can specify more than one CVE in a comma-separated list, to retrieve all servers on which any of the listed vulnerabilities is present.
- Windows servers patched to a specific level. To list all Windows Servers that have been patched to comply with a specific Windows knowledge base article, Use the KB filter set to the ID of the article. Conversely, to list all Windows Servers that have not yet been patched to comply with the knowledge base article, use the Missing KB filter set to the ID of that article.
For more on Halo reports, see Using Halo Reports in the Halo Operations Guide.