Reporter User Guide

RapidFire Tools, Inc.

Reporter User Guide - RapidFire Tools

Reporter allows you to automate, schedule, and deliver the assessment reports by Network Detective. Reporter can be used with each ...

Important: You must ensure that no other Network Detective or Compliance. Manager products are being used to perform an External Vulnerability Scan on the same ...

Step 1 — Download and Install Remote Data Collector on Client Network. 22. Network Detective. Reporter — User Guide ...

Browser built in viewer
PDF Viewer
Universal Document Viewer
Google Docs View
Google Drive View
Download Document [pdf]

File Info : application/pdf, 238 Pages, 9.02MB

Document

Network Detective Reporter User Guide

USER GUIDE
Reporter
Fully Automate ongoing Report Generation & Delivery with Reporter
9/20/2021 2:47 PM

Network Detective

Reporter -- User Guide

Contents

Introduction to Reporter

Reporter Overview

Reporter Appliance

Remote Data Collector

InDoc and the RapidFire Tools Portal

About this User Guide

Components of the Reporter

Reporter Features

Automated Assessment Reporting

Automated External Vulnerability Scanning

Remote Updating of the Reporter

InDoc and the RapidFire Tools Portal

Tips for Automated Report Scheduling

Schedule Site Reports after Site Scans

Schedule Reports at Correct Time Intervals for Multiple Sites

Schedule External Vulnerability Reports after External Vulnerability Scan

RapidFire Tools Server System Requirements

Reporter Prerequisites

Setting Up Reporter

Initial Reporter Set Up

Step 1 -- Install Reporter Appliance on MSP Network

Step 2 -- Open Existing Network Detective Site with an Active Assessment Project 17

Step 3 -- Associate Reporter with Sites

Step 4 -- Add Client-Connector to the Site

Initial Remote Data Collector Set Up

Remote Data Collector System Requirements

Network Prerequisites for RDC Scans

Remote Data Collector and Exchange Assessments

Step 1 -- Download and Install Remote Data Collector on Client Network

Step 2 -- Set Up Remote Data Collector on Client Network

Configure Remote Data Collector to Perform Scan Tasks

Configure Reporter to Access Scan Data and Generate Reports

Step 1 -- Verify connection to Remote Data Collector

Step 2 -- Schedule an External Vulnerability Scan (OPTIONAL)

Set up the External Vulnerability Scan

Schedule the External Vulnerability Scan

Step 3 -- Configure Automatic Report Generation

Setting Up Automatic Reports by Assessment Module

Network Assessment Automatic Reports

Security Assessment Automatic Reports

SQL Server Assessment Automatic Reports

Exchange Assessments Automatic Reports (Using the Exchange Data Collector

and Windows Task Manager)

HIPAA Compliance Assessment Automatic Reports

Step 1 -- Finish and Upload Completed HIPAA Assessment Project to Reporter

Step 2 -- Create HIPAA Scan Tasks

Step 3 -- Create HIPAA Report Tasks

Step 4 -- Review and Update HIPAA Exception Report and Update InForms

Step 5 -- Finish and Upload Updated HIPAA Assessment Project to Reporter

PCI Compliance Assessment Automatic Reports

Step 1 -- Finish and Upload Completed PCI Assessment Project to Reporter

Step 2 -- Create PCI Scan Tasks

Step 3 -- Create PCI Report Tasks

Step 4 -- Review and Update PCI Exception Report and Update InForms

Step 5 -- Finish and Upload Updated PCI Assessment Project to Reporter

Synchronizing Assessment Projects with Reporter

Finishing a Project: Upload Project to Appliance

Starting a Project: Sync New Assessment with Latest Appliance Scans

Manually Download Reports (Reporter)

Filter Reports by Days Back

Network Detective

Reporter -- User Guide

Copy Reports to External Network Share with Reporter
Remote Data Collector Scans
Configuring Remote Data Collector Scans by Assessment Module Network and Security Assessment Scan Scanning an Active Directory Domain Network Scanning a Workgroup Network Exchange Server Assessment Scan SQL Server Assessment Scan HIPAA Compliance Network Scan PCI Compliance Network Scan Push Deploy Local Computer Scans Local Scan for a Computer Running the Remote Data Collector
Configuring the Local Data Scan Merges Step 1 -- Select and Open the Site Step 2 -- Select Manage Appliance Step 3 -- Set Scan Data Merge Configuration Step 4 -- Set the Local Scan Merge Settings and Save Settings
InDoc and the RapidFire Tools Portal
Requirements for using InDoc with Reporter Using InDoc (RapidFire Tools Portal) Explore Network Assets with InDoc
View Data about Network Assets Users Computers Add a Note to an Asset (InDoc) Add and View Confidential Notes (InDoc) Enable Confidential Information Protection for InDoc Grant User Access to Confidential Notes Add a Procedure to an Asset (InDoc) Edit or Delete Procedures Add Related Items to a Network Asset (InDoc)

76
78
78 79 79 86 94 95 97 98 100 104 108 108 108 109 109
111
112 115 117 118 118 119 120 123 125 125 127 129 130

View Site Management Plan (InDoc) Edit Smart Tags in InDoc InDoc User Permissions
How to Set Up User Permissions for InDoc Privacy Permissions for Confidential Notes (InDoc) How Can my Team Use InDoc? Two Examples #1: Help Desk #2: Tech at a Customer Site RapidFire Tools Portal Client View for Reporter Step 1 -- Configure Reporter to Publish to the Client Portal
Configure Reporter Template to Publish to Client Portal Step 2 -- Ensure that the Site is Visible in the Client Portal Step 3 -- Add Client User to Site and Assign Client Role Step 4 -- Configure Client View in RapidFire Tools Portal Access the Portal as a Client User
Appendices
Reporter Templates Create and Deploy Reporter Templates
Step 1 -- Create New Reporter Template Step 2 -- Assign Reports to Template Step 3 -- Set Delivery Method Step 4 -- Schedule the Report Task Step 5 -- Assign Template to Sites
Modifying Reporter Template Tasks at the Site Level Step 6 -- Configure Scans for Reporter Templates Important Tips for Using Reporter Templates
Suggestions for Scheduling Report Tasks How Long Does it Take for Reporter to Complete Report Tasks? Preset Reporter Templates
Reload Preset Templates Custom Reports

133 135 138 138 139 140 140 140 141 141 143 144 145 145 147 149
150 151 151 153 155 156 157 159 159 160 160 160 160 161 162
5

Network Detective

Reporter -- User Guide

Create a Custom Report Template

162

Create a Report Generation Task using the Custom Full Detail Report Template

166

Generate Client Progress Reports

170

Set Scan and Report Task Time Zone and Date Format

173

At Site Level

173

At Global Level

174

Integrate Reporter with a PSA System with Export Tasks

175

Step 1 -- Gather Credentials and Set Up your PSA System

175

Step 2 -- Create Export Task with Reporter

177

Step 3 -- Schedule/Run Export Task

184

Set Up Autotask Integration

186

Set Up ConnectWise REST Integration

191

Step 1 -- Download and Install the ConnectWise Manage Internet Client

Application

191

Step 2 -- Select the ConnectWise Ticket System API Member Account to Integrate

with

191

Create Minimum Permissions Security Role for API Member

192

Step 3 -- Create an API Key in the ConnectWise Ticketing System

193

Step 4 -- Configure Service Tables in ConnectWise

193

Set Up ConnectWise SOAP Integration

195

Set Up Kaseya BMS Integration

197

Set Up Network Detective to IT Glue Integration

199

Create Organization and API Key in IT Glue

199

Create a Reporter Export Task to IT Glue

200

Accessing data in IT Glue after scan and export

208

Software Appliance Diagnostic Tool

210

Available Commands

210

Augment Reporting to Eliminate False Positives

213

Use the Excel Export Spreadsheet to Find Display Names

215

Updating a Software Appliance

217

Two-Factor Authentication for RapidFire Tools Portal

219

Enable Two-Factor Authentication

219

Disable 2FA

222

Set Up Custom SMTP Server Support (Reporter)

224

Client-Connector Diagram

228

Using Reporter with Cyber Hawk

229

Step 1 -- Associate Reporter and Cyber Hawk with the same Site

229

Step 2 -- Configure Cyber Hawk to Upload Scans for use by Reporter

230

Step 3 -- Set up Reporter to Automatically Generate Reports

231

Pre-Scan Network Configuration Checklist

234

Checklist for Domain Environments

234

Checklist for Workgroup Environments

236

Network Detective

Reporter -- User Guide

Introduction to Reporter
This section covers everything you need to know before getting started with Reporter.
Reporter Overview
Reporter allows you to automate, schedule, and deliver the assessment reports generated by Network Detective. Reporter can be used with each Network Detective assessment type, and allows you to deliver emailed assessment reports to anyone on your distribution list, or store generated reports in a shared folder location on your internal network. Reporter also includes our InDoc technology, which allows you to annotate network assets with your own notes and procedures.
Reporter Appliance
You can install one Reporter appliance on your company network, where it can generate automated reports for multiple client sites. Use the Network Detective application to manage the Reporter and to select which reports to generate and deliver on a pre-scheduled basis. Reporter also has the ability to schedule and automatically perform External Vulnerability Scans.
Remote Data Collector
The Reporter works in tandem with the Network Detective Remote Data Collector (RDC). The RDC is an automated data collector used to execute network and local computer scans necessary to perform Network, Security, Office 365/Exchange, SQL Server, HIPAA, and PCI assessments. The RDC is installed in under five minutes at each client site.
You manage the RDC from the Network Detective application, where you configure and schedule scans.

Reporter -- User Guide

Network Detective

InDoc and the RapidFire Tools Portal
With your Reporter subscription, you can use InDoc and the RapidFire Tools Portal to dive deeper into the data you collect from your Reporter sites. With InDoc, you can supplement Reporter data with your own network documentation to make managing your client's assets a breeze. InDoc utilizes Reporter scan data to provide continually updated asset documentation that can be augmented with notes, procedures, and tags as well as being related to other assets.
About this User Guide
This guide is designed to provide an overview and specific steps required to:
l install and configure the Reporter Software Appliance l install and configure the Remote Data Collector at each client site for which you
wish to use Reporter l schedule the collection of IT and Compliance assessment scan data for storage in
the RapidFire Tools Secure Cloud Storage Area to automatically generate assessment reports l use InDoc and the RapidFire Tools Portal to enhance your asset documentation for client sites with your own Notes and Procedures

Network Detective

Reporter -- User Guide

Components of the Reporter

Reporter Component

Description

Reporter Appliance

This is the Reporter software application that operates on the MSP network. Specifically, you will install the RapidFire Tools Server Windows Service.

Remote Data Collector

You install the Remote Data Collector at each of your client's sites, where you configure it to perform unattended scans on the network.

Network Detective Application

This is the same Network Detective desktop application and report generator that is used with any other Network Detective modules. This application contains additional features to manage the Reporter remotely, including the ClientConnector.

InDoc and RapidFire Tools Portal

InDoc utilizes Reporter scan data to provide continually updated asset documentation that can be augmented with Notes, Procedures, and Smart Tags. You can also map Relationships between assets. You access InDoc for Sites through the RapidFire Tools Portal.

(Optional) Diagnostic Tool

The Diagnostic Tool is used for configuring and troubleshooting the Reporter. The Diagnostic Tool should be run on the same network as the Reporter to perform diagnostics checks such as for Reporter connectivity or for available updates.

Reporter -- User Guide

Network Detective

Reporter Features
Reporter is designed to perform the following:
l Enable an MSP to remotely gather Network Detective scan data for multiple client networks to generate assessment reports. This eliminates the need to manually download scan data from the Secure Cloud Storage Area previously uploaded using the Network Detective Client-Connector.
l Automate the collection and consolidation of scan data using the Network Detective Remote Data Collector and automatically generate Assessment reports from the point-of-view of the client's internal network. This eliminates the need to manually generate assessment reports.
l Enable an MSP to operate a Reporter appliance on its local network to set up, manage, and perform automatic assessment report generation for multiple client Sites.
l Allow MSP support technicians and help desk personnel to easily access documentation and current asset information regarding a customer site to assist in addressing customer issues.
Automated Assessment Reporting
Automatic Report Generation enables you to use the Reporter to schedule and generate assessment reports for each Network Detective Assessment Module. This includes:
l Network Assessments l Security Assessments l SQL Server Assessments l Microsoft Exchange Assessments (using the Exchange Data Collector) l HIPAA Compliance Assessments l PCI Compliance Assessments
Automated External Vulnerability Scanning
Reporter enables you to configure and schedule an External Vulnerability Scan to run at regular intervals.

Network Detective

Reporter -- User Guide

External Vulnerability Scans are performed at the external "Network Edge" to check for security holes and weaknesses. The results can help you help make better network security decisions. The External Vulnerability Scan performed by Reporter includes a full NMap Scan which checks security holes, warnings, and informational items that can help you make better network security decisions. This is an essential scan and is a standard security check to ensure a viable security policy has been defined, implemented, and maintained to protect the network from outside attacks.
The External Vulnerability scans can be incorporate into Network Detective Security, HIPAA, and PCI Assessments.
Remote Updating of the Reporter
Reporter is easy to update remotely. Updates may include bug fixes, new features, and additional scans types. Updates can be configured to take place automatically.
InDoc and the RapidFire Tools Portal
With your Reporter subscription, you can use InDoc and the RapidFire Tools Portal to dive deeper into the data you collect from your Reporter sites. With InDoc, you can supplement Reporter data with your own network documentation to make managing your client's assets a breeze. With InDoc, you can:
l Annotate each asset on the client's network with your own Notes and Procedures. l See relationships between assets by linking together Related Items. l Safely share Confidential Notes, including passwords, in a secure storage area. l Manage the Smart Tags associated with each network asset. Smart Tags are used
to monitor network security with Cyber Hawk, our security service delivery system.

Reporter -- User Guide

Network Detective

Tips for Automated Report Scheduling
Before you schedule report generation, be sure you take into account these tips:
Schedule Site Reports after Site Scans
Tip: Use Reporter to schedule reports to be generated at a time after the necessary scans have taken place on your customer networks using the Network Detective Remote Data Collector. This will ensure Reporter has access to the latest scan data before it generates and delivers the assessment reports.
Schedule Reports at Correct Time Intervals for Multiple Sites
Tip: Before it can generate reports, Reporter needs time to download Scan Data from the RapidFire Tools Secure Cloud Storage Area. Schedule Report generation tasks to take place 20-30 minutes apart for each of your Network Detective sites. This will ensure Reporter has enough time to download scans and generate reports for a site before it moves on to the next site.
Schedule External Vulnerability Reports after External Vulnerability Scan
Tip: External Vulnerability Scans may take several hours to complete for your Site. Schedule your External Vulnerability Report tasks at least 5 hours after your external scan for the site.

Network Detective

Reporter -- User Guide

RapidFire Tools Server System Requirements
Below you can find the minimum requirements for the RapidFire Tools Server:

RapidFire Tools Cyber Hawk Server Type

Compliance Manager Reporter

Minimum Requirements

· Intel i5 processor
· Windows 10 Pro or Windows 2016 Server and up
· 2 GB Available RAM
· 5 GB Disk Space
· Network connectivity/Internet access

· Intel i5 processor
· Windows 10 Pro or Windows 2016 Server and up
· 4 GB Available RAM
· 10 GB Disk Space
Recommendation: +1 GB per client Site
· Network connectivity/Internet access
Important: Reporter is installed on the MSP network NOT the client network.

Important: You can only install one RapidFire Tools server/appliance on a PC or endpoint at a time. If you need to install multiple server(s)/appliance(s), install each one on a separate endpoint on the network.

Reporter Prerequisites
The following components are required to operate the Reporter Appliance: l a subscription to one or more Network Detective IT or Compliance Assessment Modules l the Network Detective Application l an Internet connection used to access the RapidFire Tools Secure Cloud Storage Area l the Remote Data Collector configured and scheduled to perform unattended scans on your client's network. These scans may include o Network and Security Scan Data Collection o Exchange and Office 365 Mail Scan Data Collection o SQL Server Data Collection o HIPAA Assessment Data Collection o PCI Assessment Data Collection l a Client-Connector configured to operate with the Remote Data Collector to upload the scan data collected from the network at your client's site to the RapidFire Tools Secure Cloud Storage Area.
15

Setting Up Reporter
Setting up your Reporter consists of these steps: 1. Install the Reporter appliance on your MSP network and associate it with Network Detective Sites 2. Install the Remote Data Collector on a network located at each physical client Site for which you wish to generate automated reports 3. Configure the Remote Data Collector to perform unattended scans at each client Site 4. Configure the Reporter appliance and schedule automated report generation
Initial Reporter Set Up
Step 1 -- Install Reporter Appliance on MSP Network
Visit https://www.rapidfiretools.com/nd-downloads to download and install the Reporter Server on a Windows 10 PC operating within your MSP company's network. For more information about installing the Reporter Server, please download the Reporter Server Installation Guide.
Important: You can only install one RapidFire Tools server/appliance on a PC or endpoint at a time. If you need to install multiple server(s)/appliance(s), install each one on a separate endpoint on the network. After successfully deploying the Reporter Server, visit https://www.rapidfiretools.com/nddownloads to download and install the latest version of the Network Detective Application. Then run Network Detective and login with your credentials.
16

Step 2 -- Open Existing Network Detective Site with an Active Assessment Project
1. Start the Network Detective application. 2. Select the Site that you want to use with the Reporter Appliance.
3. To open the Site, double-click on the Site name. If you do not have a Site, create a New Site.
4. Open an existing Assessment Project or Start a New Assessment Project to be used with the Reporter Appliance.
17

Step 3 -- Associate Reporter with Sites
Before using the Reporter, the Reporter must be Associated with a Site in the Network Detective Application.

1. After creating a new Network Detective Site, or within an existing Site, in order to "Associate" a Reporter with the Site used for the Assessment Project, you must

first select the

selector symbol to expand the Site's properties view.

This action will expand the Site's properties for you to view and to Add a Software Appliance to the Site.
2. To add an Appliance to Site, select the Appliance button, then the Appliances Add button.

3. Select the Appliance ID of the Appliance from the drop down menu.

After successfully adding an Appliance, it will appear under the Appliance bar in the Site Properties window.
18

The Reporter button will appear on the left-side bar when it is successfully associated with the Site.
You can also view a list of all Appliances and their associated Sites. Navigate to the Appliance tab from the top bar of the Network Detective Home screen. This will show a summary of all Appliances, their activity status, and other useful information.
To return to the Site that you are using to perform your Assessment, click on the Home icon above and select the Site that you are using to perform your Assessment.
19

Step 4 -- Add Client-Connector to the Site
1. Open the Site being used for your Assessment and Reporter configuration.

2. Select the

Selector symbol to expand the Site properties view.

3. Select Connector button.

4. View the Connectors associated with the Site.
Note: If a Client-Connector is not associated with a Site that is to be used with a Reporter Appliance, it will be necessary to Add a Client-Connector to the Site.
5. Click Add Connector. Enter a Connector Label and click OK.

6. Close the Site properties by selecting the

Selector.

When you complete these steps, proceed to "Initial Remote Data Collector Set Up" on the next page.

Initial Remote Data Collector Set Up
To perform the installation of the Remote Data Collector, please follow the instructions below.
Important: You will need Network Detective login credentials in order to install the Remote Data Collector.
Note: The Remote Data Collector is installed at the client's site.
Remote Data Collector System Requirements
The following is a list of computer and software system requirements that are necessary to operate the Remote Data Collector:
1. Subscriptions to the Reporter Appliance and any Network Detective Assessment modules relevant to the assessment reports you want to run.
2. A computer connected to your client's WMI enabled network running Windows 8.1 or 10.
3. A Client-Connector associated with the Reporter Site in Network Detective 4. Access to the Internet.
Network Prerequisites for RDC Scans
Important: For best results, the target network must be configured to allow for successful scans on all network endpoints. See "Pre-Scan Network Configuration Checklist" on page 234 for configuration guidance for both Windows Active Directory and Workgroup environments.
Before setting up the RDC, be sure that you have the information detailed below on hand. Work with the project Technician and/or your IT admin on site to collect the following:
l Admin network credentials that have rights to use WMI, ADMIN$, and File and Printer Sharing on the target network.
l Internal IP range information to be used when performing internal scans. l External IP addresses for the organisation to be used when setting up External
Vulnerability Scans. l Network Detective Account Credentials.
21

l For Windows Active Directory environments, you will need admin credentials to connect to the Domain Controller, as well as the name/IPaddress of the domain controller.
l For Windows Workgroup network environments, a list of the Computers to be included in the Assessment and the Local Admin Credentials for each computer.
Remote Data Collector and Exchange Assessments
If you are installing the RDC to perform an Exchange assessment, you must install the RDC directly on the Exchange server itself. This is required in order for the RDC to communicate with the Exchange server using any required Exchange Shell utility available on the Exchange Server.
Note: If you are scanning Office 365, you do not need to run the RDC on the server. You will only need to enter management credentials for Office 365.
Step 1 -- Download and Install Remote Data Collector on Client Network
1. Visit the RapidFire Tools software download website at https://www.rapidfiretools.com/nd-downloads to download and run the Remote Data Collector Installer file. The Installer file is named NetworkDetectiveRemoteDataCollector.msi.
22

2. After downloading the Installer, Run the Installer to start the installation process. 3. After the Welcome Screen is displayed, click Next button to continue the installation
process.
4. Accept the terms of the End User License Agreement and click Next. 23

5. Accept the default Destination Folder location for the Remote Data Collector's installation. Click Next.
6. Click Install button to proceed with the installation and set up of the Remote Data Collector. 24

7. When the install is complete, click Finish.
Step 2 -- Set Up Remote Data Collector on Client Network
25

1. When the install is complete, the Remote Data Collector setup window will then appear. Click Next.
2. During this step, the Remote Data Collector and Service Updater programs will be installed. Once the Installer confirms the installation of each program, click Next.
3. In this step, the RDC will verify that the computer that will host the data collector can communicate with the Network Detective web and file transfer services. Click Next. Note: If you are using a proxy server, enter the required credentials and connection information.
26

4. Next you will need to link the RDC to your chosen Site in Network Detective. To do this, first enter your Network Detective credentials and click Next.
5. Scroll through the list of Sites associated with your Network Detective account. Select the Site/Connector ID with which to associate the Data Collector. This will be the Reporter Site that will receive regular data from the RDC scans. Click Next. Note: You must set up a Client Connector in the Network Detective application before you can complete this step.
27

6. Review the Remote Data Collector's configuration settings and verify they are correct.
7. Select the Back button to correct any configuration issues, or click Next to finalize the setup.
8. After the Remote Data Collector (RDC) application is set up, you will be notified that the RDC is ready for use.
28

When you complete these steps, proceed to "Configure Remote Data Collector to Perform Scan Tasks" on the next page.
29

Configure Remote Data Collector to Perform Scan Tasks
In order to generate automated assessment reports using Reporter, you will need to configure the Remote Data Collector to perform scheduled scans on the client's network. This gives Reporter the data it needs to generate documentation. To create scan tasks, perform the following steps:
1. Click on the Reporter button on the left side of the Site screen.
2. From the Tasks bar, click Create Scan Tasks.
3. Select the Remote Data Collector(s) available for the Site. If you don't see any RDCs, be sure you installed them correctly. The Create Task window will be displayed.
30

4. Follow the wizard and enter the necessary scan settings. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for more details (Network, Security, HIPAA, PCI, Exchange, and SQL scans).
Once you create the scan task, it will appear as a task in the appliance Task library. 31

5. In order to initiate the scan, you will need to move the scan from the Task list into Scheduled Tasks. There are two ways to do this: a. Select the Run Now option link under the Action column to initiate the scan. This will place the scan directly into the Scheduled Tasks list, and the scan will begin immediately.
b. Or, click Schedule to execute the scan sometime in the future. When you click the Schedule link, the CRON Builder scheduler window is displayed and is used to set the scheduled action's execution time.
Whether you choose to run the scan now or schedule the scan to take place in the future, it will be added to the Scheduled Tasks list, where you can check its status. This is the final step in initiating (or scheduling) a scan.
32

Tip: Continue creating and scheduling scan tasks for the Site. You will need to create and schedule the correct scan tasks for the reports you wish to automate. If you don't perform the correct scans, your reports won't have the necessary information. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for specific instructions for setting up the various types of scans. To continue setting up Reporter, proceed to "Configure Reporter to Access Scan Data and Generate Reports" on the next page.
33

Configure Reporter to Access Scan Data and Generate Reports
This section covers the last step in setting up Reporter: configuring Reporter to access the scan data provided by the Remote Data Collector to schedule, generate, and deliver automated reports.
Before proceeding, be sure that you have completed these earlier steps:
l "Initial Reporter Set Up" on page 16 l "Initial Remote Data Collector Set Up" on page 21 l "Configure Remote Data Collector to Perform Scan Tasks" on page 30
Note: Before proceeding, also be sure that you have completed a scan on the client's network using the Remote Data Collector (RDC). The steps below including verifying that the RDC scan data can be successfully uploaded to the Reporter in order to generate reports.
Then follow the steps below:

Step 1 -- Verify connection to Remote Data Collector
Verify that the Remote Data Collector scans have been uploaded to the Secure Cloud Storage Area and can be accessed via the Client-Connector.

Tip: See "Client-Connector Diagram" on page 228 for a helpful picture of how this process works.

To do this:
1. If you have not done so already, run a test scan on your client's network using the Remote Data Collector.
2. Open the Network Detective Site associated with the Reporter.

3. Click the selector

symbol to expand the Site properties view.

4. Click Connectors. 5. View the Connectors associated with the Site. 6. View the Downloads Available status indicator within the list of Client-
Connectors associated with the Site. If there are downloads available, this means the RDC is successfully uploading completed scans to Network Detective.
Alternatively, you can: 1. Click the Connector icon on the Network Detective menu bar. A list of available Client-Connectors will be presented.
2. Double-click on the Client-Connector that is Associated with the Site you are using with the Reporter Appliance.
3. The list of scan files that have been uploaded to the Secure Client Storage Area for use by the Reporter Appliance will be listed for the Client-Connector
35

associated with your assessment's Site. Important: If you can't find scan data, be sure that: · The Remote Data Collector is installed correctly · You associated the RDC with the correct Site by selecting the correct ClientConnector during the installation process · The Remote Data Collector is configured to perform scans on the client network
36

Step 2 -- Schedule an External Vulnerability Scan (OPTIONAL)
The External Vulnerability Scan enhances your assessment reports by gathering information about the target network's external vulnerabilities. The External Vulnerability Scan feature within Reporter can only be used with the following modules:
l Security Assessment Module l HIPAA Compliance Assessment Module l PCI Compliance Assessment Module Note: You only need to create one External Vulnerability Scan task for each site and/or set of external IPs you wish to scan. Reporter can use this scan data to generate multiple sets of reports. Important: You can schedule this scan to occur whenever you'd like. However, be sure to schedule the external vulnerability scan several hours BEFORE you assign Reporter to generate reports. This will ensure Reporter has the latest scan data to generate reports.
To create the External Vulnerability Scan task, perform the following steps: 1. Click on the Reporter button on the left side of the Site screen.
2. From the Tasks bar, click Create Scan Tasks.
37

3. Select the Reporter available for the Site.
Set up the External Vulnerability Scan
1. Choose External Vulnerability scan from the wizard and click the Next button.
2. Select the Add button in the Create Task External Vulnerability Scan window to add the IP address range to be scanned.
38

3. Enter the IP address range and select the Add button to add the IP addresses to the External IP Addresses list.
4. Select the Next button to continue. The Verify and Schedule window will be displayed.
5. If an Email Notification should be sent after the scan is complete, then:
39

a. select the Send Email Notification option b. type in the Email address for the recipient of the Notification Note: Scans can take several hours to complete. The designated recipient of scan completion notifications will receive an e-mail when the External Vulnerability Scan is complete. 6. Select the Finish button to complete the scan's configuration 7. The External Vulnerability Scan will now be listed in the Manage Appliance window within the Task Library list.
8. Next, click Run Now or Schedule to initialize the scan immediately - or at a regular scheduled time.
Schedule the External Vulnerability Scan
1. Click on Schedule link to open the CRON Builder window. The CRON Builder is used to schedule the running of scans. Important: You must ensure that no other Network Detective or Compliance Manager products are being used to perform an External Vulnerability Scan on the same external IP Address range at the same time. Allow at least several hours between repeat external vulnerability scans. Scheduling external scans at the same time will result in reports with missing or incomplete data.
40

Scans can be set to run daily, weekly, monthly, quarterly, annually, or just once. You may also set the time of the day that the scan should be initiated.
Note: Please note that the time zone used for the CRON Builder time is Eastern Standard Time (EST).
2. Set the scan frequency by selecting one option from Every list (i.e. day, week, month, year, or once)
3. Next set the "on the" by selecting a day that the scan should be performed. 4. Then set the time of the day that the scan should run by setting the "at" time.
41

5. Click on OK to save the scan Schedule. The scheduled scan task will then be listed in the Scheduled Tasks list as a Pending task. Note: When the scan starts, the task Status will be set to Running within the Scheduled Tasks list.
Step 3 -- Configure Automatic Report Generation
Below is an overview of the steps required to set up Reporter to enable Automatic Report Generation for the following Assessment types:
l Network Assessments l Security Assessments l SQL Server Assessments l Microsoft Exchange and Office 365 Mail Assessments l HIPAA Compliance Assessments l PCI Compliance Assessments Tip: If you want to quickly set up report tasks for multiple sites, you can use "Reporter Templates" on page 150. To start setting up automated reports: 1. Start new Assessment, or, Open an Archived Assessment for use on your
Reporter Site. 2. Click on the Reporter icon to open the Reporter dashboard.
3. Click Create Report Tasks.
42

4. Select the Assessment reports you would like to generate from within the Select Reports to Generate window. Then select the Next button.
5. Next, set the Delivery Method for the Reports. In this window you can:
43

Important: Reporter's automated report generation engine will use whatever data is available to the Reporter for downloading from the Secure Cloud Storage Area based on the most recent scan that has been completed and uploaded using the Client-Connector. Therefore, if the scan of your client's network is not complete and uploaded to the Secure Cloud Storage Area using the Client-Connector, then the reports will not have the most recent scan's data either. If the user has specified that reports be delivered by email, the specified email address should receive an email with a .zip file of the reports attached as long as the zip file is less than 5 MB in size. Tip: See "Setting Up Automatic Reports by Assessment Module" on the next page for specific instructions on setting up reports for each assessment module (Network, Security, SQL, Exchange, HIPAA, and PCI).
45

Setting Up Automatic Reports by Assessment Module
This section covers everything you need to know about setting up automatic reports using Reporter.
Network Assessment Automatic Reports
Note: Before you set up automated Network Assessment reports, be sure you set up recurring Network Assessment scans using the Remote Data Collector. This will provide the scan data for your reports. Specifically, you will need to set up a recurring: 1) Network/Security Assessment Scan, 2) Push Deploy Computer Scan. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for instructions. To set up automatically generated reports for the Network Assessment Module: 1. Click on the Reporter icon to open the Reporter dashboard.
2. From the Tasks bar, click Create Report Tasks.
3. Select the Network Assessment reports you would like to generate from within the Select Reports to Generate window. Then select the Next button.
46

4. Next, set the Delivery Method for the Reports. In this window you can:
l define the Subject for the email to be sent and enter the email address of the Recipient 47

Security Assessment Automatic Reports
Note: Before you set up automated Security Assessment reports, be sure you set up recurring Security Assessment scans using the Remote Data Collector and Reporter appliance. This will provide the scan data for your reports. Specifically, you will need to set up a recurring: 1) Network/Security Assessment Scan, 2) Push Deploy Security Scan, 3) External Vulnerability Scan. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for instructions. To set up automatically generated reports for the Security Assessment Module: 1. Click on the Reporter icon to open the Reporter dashboard.
2. From the Tasks bar, click Create Report Tasks.
3. Select the Network Assessment reports you would like to generate from within the Select Reports to Generate window. Then select the Next button.
49

4. Next, set the Delivery Method for the Reports. In this window you can:
l define the Subject for the email to be sent and enter the email address of the Recipient 50

l set if you want to send the reports attached to the Report notification email message
l set password protection on the file that contains the reports l "Copy Reports to External Network Share with Reporter" on page 76 Tip: Select Upload Scan Data to InDoc to send your Site information to InDoc in the RapidFire Tools Portal, where you can explore, manage, and document network assets. See "InDoc and the RapidFire Tools Portal" on page 111 for more on how to set up InDoc. 5. After defining the Delivery Method settings, click on the Finish button. The report task will be added to the list of Tasks. 6. Click Schedule to schedule the report task.
Important: You must schedule the report task to occur AFTER your scan tasks have completed. This allows time for the Remote Data Collector to perform scans and upload them so that Reporter can use the latest scan data. In general, we recommend you schedule your reports 3 or more hours after your scan tasks are scheduled to begin.
SQL Server Assessment Automatic Reports
Note: Before you set up automated SQL Server assessment reports, be sure you set up recurring SQL Server Assessment scans using the Remote Data Collector. This will provide the scan data for your reports. Specifically, you will need to set up a recurring SQL Server Assessment Scan. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for instructions.
To set up automatically generated reports for the SQL Server Assessment Module:
51

1. Click on the Reporter icon to open the Reporter dashboard. 2. From the Tasks bar, click Create Report Tasks. 3. Select the SQL Server Assessment reports you would like to generate from within
the Select Reports to Generate window. Then select the Next button.
4. Next, set the Delivery Method for the Reports. In this window you can: 52

l define the Subject for the email to be sent and enter the email address of the Recipient
l set if you want to send the reports attached to the Report notification email message
l set password protection on the file that contains the reports l "Copy Reports to External Network Share with Reporter" on page 76 Tip: Select Upload Scan Data to InDoc to send your Site information to InDoc in the RapidFire Tools Portal, where you can explore, manage, and document network assets. See "InDoc and the RapidFire Tools Portal" on page 111 for more on how to set up InDoc. 5. After defining the Delivery Method settings, click on the Finish button. The report task will be added to the list of Tasks. 6. Click Schedule to schedule the report task.
Important: You must schedule the report task to occur AFTER your scan tasks have completed. This allows time for the Remote Data Collector to perform scans and upload them so that Reporter can use the latest scan data. In general,
53

we recommend you schedule your reports 3 or more hours after your scan tasks are scheduled to begin.
54

Exchange Assessments Automatic Reports (Using the Exchange Data Collector and Windows Task Manager)
Note: Before you set up automated Exchange Assessment reports, be sure you set up recurring Exchange Assessment scans using the Remote Data Collector. This will provide the scan data for your reports. Specifically, you will need to set up a recurring Exchange Assessment Scan. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for instructions. To set up automatically generated reports for the Exchange Assessment Module: 1. Click on the Reporter icon to open the Reporter dashboard.
2. From the Tasks bar, click Create Report Tasks.
3. Select the Exchange Assessment reports you would like to generate from within the Select Reports to Generate window. Then select the Next button.
55

4. Next, set the Delivery Method for the Reports. In this window you can:
l define the Subject for the email to be sent and enter the email address of the Recipient 56

HIPAA Compliance Assessment Automatic Reports
With Reporter, you can set up automatic HIPAA reports to produce regular, up-to-date compliance documentation. Once you set up automated scans and report tasks, you will only need to manually update your documentation in response to certain changes in the reporting environment, like new users or computers.
Before you set up automated HIPAA assessment reports, you must first complete a full HIPAA assessment that includes external vulnerability scans, network scans, local push scans, and the completion of all appropriate Inform-based Surveys and Worksheets. The user should be able to generate all HIPAA Assessment Reports. Once you've done this, here is the workflow for automating HIPAA compliance assessments with Reporter:
1. Finish the assessment, and then Upload the completed assessment with the Reporter appliance. This allows you use the finished assessment as the "baseline" for automated HIPAA reporting.
2. Set up recurring HIPAA assessment scans using the Remote Data Collector and Reporter. This will provide the scan data for your reports. Specifically, you will need to set up a recurring: 1) HIPAA Network Scan, 2) Push Deploy Computer Scan, 3) External Vulnerability Scan. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for instructions.
3. Set up recurring HIPAA report tasks with Reporter. 4. Review exception report and update HIPAA worksheets. 5. Finish the updated HIPAA assessment and upload to Reporter.
Here are the steps with detailed instructions:
Step 1 -- Finish and Upload Completed HIPAA Assessment Project to Reporter
The first step is to complete and finish a full HIPAA assessment. You should be able to generate all HIPAA assessment reports. Then:
1. Once satisfied with a complete HIPAA Assessment, press the "Finish" Assessment button.
58

2. Confirm that you wish to Upload Project to Appliance(Reporter) to be used for automatic report generation. This allows you to use the finished assessment, including your completed worksheets, as the baseline for future assessments.
Step 2 -- Create HIPAA Scan Tasks
Now that you've completed the assessment and uploaded it to the appliance, it's time to create automatic scan tasks with Reporter and the Remote Data Collector. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for detailed instructions.
Step 3 -- Create HIPAA Report Tasks
Next, you need to create automatic HIPAA report tasks with Reporter. 1. Click on the Reporter icon to open the Reporter dashboard.
2. From the Tasks bar, click Create Report Tasks.
3. Select the HIPAA Assessment reports you would like to generate from within the Select Reports to Generate window. Then select the Next button.
4. From within the Select Reports to Generate window, select the HIPAA Risk Profile Report and any other HIPAA Assessment reports you would like to generate. Then select the Next button.
59

5. Next, set the Delivery Method for the Reports. In this window you can:
l define the Subject for the email to be sent and enter the email address of the Recipient
l set if you want to send the reports attached to the Report notification email message 60

l set password protection on the file that contains the reports l "Copy Reports to External Network Share with Reporter" on page 76
Tip: Select Upload Scan Data to InDoc to send your Site information to InDoc in the RapidFire Tools Portal, where you can explore, manage, and document network assets. See "InDoc and the RapidFire Tools Portal" on page 111 for more on how to set up InDoc.
6. After defining the Delivery Method settings, click on the Finish button. The report task will be added to the list of Tasks.
7. Click Schedule to schedule the report task.
Important: You must schedule the report task to occur AFTER your scan tasks have completed. This allows time for the Remote Data Collector to perform scans and upload them so that Reporter can use the latest scan data. In general, we recommend you schedule your reports 3 or more hours after your scan tasks are scheduled to begin.
Step 4 -- Review and Update HIPAA Exception Report and Update InForms
After you finish your assessment and set up automatic HIPAA scanning and reporting, you will receive updated HIPAA documentation through email or whatever delivery method you choose.
Tip: Refer to the HIPAA Exception Report to quickly identify where you need to manually update your HIPAA compliance documentation with notes or other information that cannot be drawn from automated scans.
1. Double click on the Assessment report's Filename to open and view the report. 2. If you can download an Exception Report, please proceed to the next section
below to address the Exceptions identified. If no Exception Report is available, this means no Exceptions exist. Proceed by simply downloading the other reports that are available.
61

Note: The Exception Report summarizes where your worksheets may be missing information as a result of the new scan data being uploaded to the Reporter. When an Exception Report is generated, you need to manually update your worksheets with information that cannot be collected automatically. For example, if new users are added to your network, you will need to enter information about their role within the organization. 3. Start a new HIPAA Risk Assessment.
4. On the Create New Assessment Wizard Screen, select the checkbox to Sync the assessment with the Reporter Appliance. The Reporter will synchronize the Site's previous assessment data with the new HIPAA Assessment you created.
5. Edit and update the Worksheets within the Assessment in the order presented in the Checklist. Perform Worksheet updates based on the missing information referenced within in the Exception Report.
Step 5 -- Finish and Upload Updated HIPAA Assessment Project to Reporter
1. Once the updating of the Worksheets is complete, Finish the Assessment by selecting the Finish button in the Assessment Window.
62

2. When prompted to do so, synchronize the HIPAA Assessment with the Reporter. This will save the new worksheet responses you entered based on the Exception Report.
63

PCI Compliance Assessment Automatic Reports
With Reporter, you can set up automatic PCI reports to produce regular, up-to-date compliance documentation. Once you set up automated scans and report tasks, you will only need to manually update your documentation in response to certain changes in the reporting environment, like new users or computers.
Before you set up automated PCI assessment reports, you must first complete a full PCI assessment that includes external vulnerability scans, network scans, local push scans, and the completion of all appropriate Inform-based Surveys and Worksheets. The user should be able to generate all PCI Assessment Reports. Once you've done this, here is the workflow for automating PCI compliance assessments with Reporter:
1. Finish the assessment, and then upload/sync the completed assessment with the Reporter appliance. This allows you use the finished assessment as the "baseline" for automated PCI reporting.
2. Set up recurring PCI assessment scans using the Remote Data Collector and Reporter. This will provide the scan data for your reports. Specifically, you will need to set up a recurring: 1) PCI Network Scan, 2) Push Deploy Computer Scan, 3) External Vulnerability Scan. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for instructions.
3. Set up recurring PCI report tasks with Reporter. 4. Review exception report and update PCI worksheets. 5. Finish the updated PCI assessment and upload to Reporter.
Here are the steps with detailed instructions:
Step 1 -- Finish and Upload Completed PCI Assessment Project to Reporter
The first step is to complete and finish a full PCI assessment. You should be able to generate all PCI assessment reports. Then:
1. Once satisfied with a complete PCI Assessment, press the "Finish" Assessment button.
64

2. Confirm that you wish to Upload Project to Appliance (Reporter) to be used for automatic report generation. This allows you to use the finished assessment, including your completed worksheets, as the baseline for future assessments.
Step 2 -- Create PCI Scan Tasks
Now that you've completed the assessment and uploaded it to the appliance, it's time to create automatic scan tasks with Reporter and the Remote Data Collector. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78 for detailed instructions.
Step 3 -- Create PCI Report Tasks
Next, you need to create automatic PCI report tasks with Reporter. 1. Click on the Reporter icon to open the Reporter dashboard.
2. From the Tasks bar, click Create Report Tasks.
3. Select the PCI Assessment reports you would like to generate from within the Select Reports to Generate window. Then select the Next button.
4. From within the Select Reports to Generate window, select the PCI Risk Profile Report and any other PCI Assessment reports you would like to generate. Then select the Next button.
65

l set password protection on the file that contains the reports l "Copy Reports to External Network Share with Reporter" on page 76 Tip: Select Upload Scan Data to InDoc to send your Site information to InDoc in the RapidFire Tools Portal, where you can explore, manage, and document network assets. See "InDoc and the RapidFire Tools Portal" on page 111 for more on how to set up InDoc. 6. After defining the Delivery Method settings, click on the Finish button. The report task will be added to the list of Tasks. 7. Click Schedule to schedule the report task.
Important: You must schedule the report task to occur AFTER your scan tasks have completed. This allows time for the Remote Data Collector to perform scans and upload them so that Reporter can use the latest scan data. In general, we recommend you schedule your reports 3 or more hours after your scan tasks are scheduled to begin.
Step 4 -- Review and Update PCI Exception Report and Update InForms
After you finish your assessment and set up automatic PCI scanning and reporting, you will receive updated PCI documentation through email or whatever delivery method you choose.
Tip: Refer to the PCI Exception Report to quickly identify where you need to manually update your PCI compliance documentation with notes or other information that cannot be drawn from automated scans.
1. Double click on the Assessment report's Filename to open and view the report. 2. If you can download an Exception Report, please proceed to the next section
below to address the Exceptions identified.
67

If no Exception Report is available, this means no Exceptions exist. Proceed by simply downloading the other reports that are available.
Note: The Exception Report summarizes where your worksheets may be missing information as a result of the new scan data being uploaded to the Reporter. When an Exception Report is generated, you need to manually update your worksheets with information that cannot be collected automatically. For example, if new users are added to your network, you will need to enter information about their role within the organization. 3. Start a new PCI Risk Assessment.
4. On the Create New Assessment Wizard Screen, select the checkbox to Sync the assessment with the Reporter Appliance. The Reporter will synchronize the Site's previous assessment data with the new PCI Assessment you created.
5. Edit and update the Worksheets within the Assessment in the order presented in the Checklist. Perform Worksheet updates based on the missing information referenced within in the Exception Report.
68

Step 5 -- Finish and Upload Updated PCI Assessment Project to Reporter
1. Once the updating of the Worksheets is complete, Finish the Assessment by selecting the Finish button in the Assessment Window.
2. When prompted to do so, synchronize the PCI Assessment with the Reporter. This will save the new worksheet responses you entered based on the Exception Report.
69

Synchronizing Assessment Projects with Reporter
Reporter allows you to upload a finished project to the appliance in order to automate assessments and report generation. Uploading a project has several functions:
l Reuse worksheet data -- when you upload worksheets to your reporter appliance, and start a new assessment, your worksheets will automatically be populated with the saved information
l Reuse external scan data -- the results of your external scan data will be uploaded and available for later use
l Reuse network and computer scan data -- the results of your network and computer scan data will be uploaded and available for later use
Finishing a Project: Upload Project to Appliance
To upload a project to an appliance: 1. When you have completed your assessment, click Finish. Confirm that you wish to wrap up the project. 2. The Upload Project to Appliance window will appear. 3. Select the Appliance to which to upload your completed assessment project.
4. Choose whether to Only sync worksheets and external scans. Note: We recommended you keep this option selected unless you wish to include or remove specific scan files.
5. Click Yes to complete synchronizing the assessment with the appliance. Your assessment data will be copied to the appliance. It will be available to synch with a new assessment. See "Starting a Project: Sync New Assessment with Latest Appliance Scans" on the next page.
70

Starting a Project: Sync New Assessment with Latest Appliance Scans
When you start a new assessment, you can sync the newly created assessment with the data stored on the appliance. Your new assessment will then have the most current worksheets and scan data from the Reporter appliance. To do this:
1. Start a New Assessment. 2. From the Create a New Assessment window, check Sync with latest Appliance
scan using Appliance ID.
3. Select the Reporter Appliance from which to get the latest data 4. Click Next and continue creating the new assessment. Your new assessment will
be pre-populated with the data from the appliance.
71

Network Detective

Reporter -- User Guide

Manually Download Reports (Reporter)
After sufficient time has passed since the report generation task schedule time follow these steps to download and view the reports.
1. Open the Site Associated with Reporter. 2. Select the Downloaded Reports Icon on the left side of the Network Detective
window to display the Download Reports button in the Network Detective window.

3. View the list of generated reports by selecting the Download Appliance Reports button that appeared at the top of the Network Detective window.
4. Upon selecting the Download Reports button, a window will appear with reports generated by the Reporter.
© 2021 RapidFire Tools, Inc. All rights reserved. 72

Reporter -- User Guide

Network Detective

5. Select one or more reports. Right click and select Download Selected.
6. You can hold Shift and click to select multiple reports at once. 7. Close the Download Reports window when you are finished selecting and
downloading reports. The downloaded report(s) will now be available for viewing.
© 2021 RapidFire Tools, Inc. All rights reserved. 73

Network Detective

Reporter -- User Guide

Double click on the Assessment report's Filename to open and view the report.
Filter Reports by Days Back
When browsing reports to download, you can filter all but the most recent reports. Use this option if you have a large number of reports and want to view only the most recent. To do this:
1. From the Download Reports screen, enter a number of Days Back. (The number "0" will reveal all available reports.)
2. Right click in the list of reports and select Refresh.
© 2021 RapidFire Tools, Inc. All rights reserved. 74

Reporter -- User Guide

Network Detective

The list of reports will then be limited to the specified number of days back.

Network Detective

Reporter -- User Guide

Copy Reports to External Network Share with Reporter
To copy your reports to an external network share, be sure you meet these requirements:
1. You must enter the correct UNC path to the external share. On a computer that has access to the external share, open a command prompt and type "net use." A list of external network shares will appear. If you do not see your external share, be sure it is mapped correctly.

Important: If Reporter is installed on a separate domain, log into a computer on that domain and check the UNC path for your external share. You will need to use that UNC path instead.
2. The user credentials you enter must have the correct security permissions to access to the external network share. If you can view and open the external share in Windows using your credentials, then you likely have the correct permissions.
3. In the Schedule Report Wizard, enter the username in the format: domain\user. You can use the short domain name or the fully qualified domain name. Below is an example.

To test whether your reports can be copied to the external share, click Run Now on your report task.
© 2021 RapidFire Tools, Inc. All rights reserved. 76

Reporter -- User Guide

Network Detective

Then check whether your reports appear in the share. If they do not, check to be sure you entered the correct credentials and UNC path. Also check to be sure the user has the correct security permissions to access the share.

Network Detective

Reporter -- User Guide

Remote Data Collector Scans

This section covers everything you need to know about using the Remote Data Collector with Reporter.

Configuring Remote Data Collector Scans by Assessment Module
In order to generate automated assessment reports using Reporter, you will need to configure the Remote Data Collector to perform the appropriate scheduled scans on the client's network:

Report Types Network Assessment
Security Assessment
SQL Server Assessment Exchange Assessment HIPAA Assessment
PCI Assessment

Necessary RDC Scans l Network Scan (Network/Security Assessment Modules) l Push Deploy Scan (selecting Computer Scan) l Network Scan (Network/Security Assessment Modules) l Push Deploy Scan (selecting Security Scan) l *External Vulnerability Scan (set up on the Reporter) l SQL Server Collection l Exchange Server Collection l HIPAA Network Scan l Push Deploy Scan (selecting HIPAA Deep Scan) l *External Vulnerability Scan (set up on the Reporter)
l PCI Network Scan
l Push Deploy Scan (selecting PCI Deep Scan) l *External Vulnerability Scan (set up on the Reporter)

See below for specific instructions for setting up the various types of scans.

Tip: If you haven't set up your Reporter appliance or Remote Data Collector yet, see "Setting Up Reporter" on page 16.

Reporter -- User Guide

Network Detective

Network and Security Assessment Scan
Set up a recurring Network/Security Assessment scan to collect data for automatic Network and Security Assessment reports.
Configure the network scan using the wizard. l Look here if you are "Scanning an Active Directory Domain Network" below l Look here if you are "Scanning a Workgroup Network" on page 86
Scanning an Active Directory Domain Network
1. Open the Reporter dashboard.

2. Click Create Scan Tasks and select the RDC.
3. Choose the Network Scan (Network/Security Modules) option from the wizard and click the Next button.

Network Detective

Reporter -- User Guide

4. Select the type of network you want to scan: Active Directory Domain.
5. Next enter the network's Fully Qualified Domain Name along with a username and password with administrative rights to connect to the local Domain Controller and Active Directory.
© 2021 RapidFire Tools, Inc. All rights reserved. 80

Reporter -- User Guide

Network Detective

Note: For example: corp.yourclient.com\username.
6. Enter the name or IP address of the Domain Controller. 7. Choose either to scan all Domains detected on the target network or to restrict the
Scan to selected Organizational Units (OUs) and Domains.

8. Enter any Additional Credentials necessary to access endpoints during the scan. Enter the username and password and click Add. When you've finished, click Next.

Network Detective

Reporter -- User Guide

9. Input the External Domains here to include them as part of the data collection. External Domain names allow others to visit the target site and facilitate services, such as email. Examples of External Domains include:
l example.com
l mycompany.biz

Reporter -- User Guide

Network Detective

Note: Perform Dark Web Scan for Compromised Passwords: Select this option to check the domains you enter for compromised usernames/passwords on the dark web. If any compromised credentials exist for these domains, they will appear in your Security Assessment reports. This service will return the first 5 compromised passwords for each domain specified.
10. The IP Ranges from the target network will be auto-detected and included in the scan. To include additional subnets input them here.

11. By default, the software will retrieve data from devices with the community string "public." If desired, define an additional community string (such as "private") and enter it here.
© 2021 RapidFire Tools, Inc. All rights reserved. 83

Network Detective

Reporter -- User Guide

12. Input the Hostname or IP Address and Credentials of the VMware Servers that you would like to include in the scanning process.
13. Check "Send an email notification when schedule completes" to notify an individual via email that the scan task is complete. The use of this option is
© 2021 RapidFire Tools, Inc. All rights reserved. 84

Reporter -- User Guide

Network Detective

recommended as the time a scan takes to complete varies depending on the target network.

14. Click on the Finish button to complete the scheduling of the Network Scan task. The task will then be displayed in the Tasks Library window.
15. In order to initiate the scan, you will need to move the scan from the Task list into Scheduled Tasks. There are two ways to do this: a. Select the Run Now option link under the Action column to initiate the scan. This will place the scan directly into the Scheduled Tasks list.
© 2021 RapidFire Tools, Inc. All rights reserved. 85

Network Detective

Reporter -- User Guide

b. Or, click Schedule to execute the scan sometime in the future. When you click the Schedule link, the CRON Builder scheduler window is displayed and is used to set the scheduled action's execution time.

16. Whether you choose to run the scan now or schedule the scan to take place in the future, it will be added to the Scheduled Tasks list, where you can check its status. This is the final step in initiating (or scheduling) a scan.
Scanning a Workgroup Network
1. Open the Reporter dashboard.
2. Click Create Scan Tasks and select the RDC.
3. Choose the Network Scan (Network/Security Modules) option from the wizard and click the Next button.
© 2021 RapidFire Tools, Inc. All rights reserved. 86

Reporter -- User Guide

Network Detective

4. Select the type of network you want to scan: Workgroup (No domain).
5. The Scan Credentials screen will appear. Enter additional credentials which can access the individual workstations as a local administrator.
© 2021 RapidFire Tools, Inc. All rights reserved. 87

Network Detective

Reporter -- User Guide

Important: If each workgroup PC has its own unique Admin username and password credentials, you will need to enter each set of credentials here in order to scan these PCs.

6. Input the External Domains here to include them as part of the data collection. External Domain names allow others to visit the target site and facilitate services, such as email. Examples of External Domains include:
l example.com
l mycompany.biz

Reporter -- User Guide

Network Detective

Note: Perform Dark Web Scan for Compromised Passwords: Select this option to check the domains you enter for compromised usernames/passwords on the dark web. If any compromised credentials exist for these domains, they will appear in your Security Assessment reports. This service will return the first 5 compromised passwords for each domain specified.
7. The IP Ranges from the target network will be auto-detected and included in the scan. To include additional subnets input them here.

Network Detective

Reporter -- User Guide

8. By default, the software will retrieve data from devices with the community string "public." If desired, define an additional community string (such as "private") and enter it here.
9. Input the Hostname or IP Address and Credentials of the VMware Servers that you would like to include in the scanning process.
© 2021 RapidFire Tools, Inc. All rights reserved. 90

Reporter -- User Guide

Network Detective

10. Check "Send an email notification when schedule completes" to notify an individual via email that the scan task is complete. The use of this option is recommended as the time a scan takes to complete varies depending on the target network.
11. Click on the Finish button to complete the scheduling of the Network Scan task. The task will then be displayed in the Tasks Library window.
© 2021 RapidFire Tools, Inc. All rights reserved. 91

Network Detective

Reporter -- User Guide

12. In order to initiate the scan, you will need to move the scan from the Task list into Scheduled Tasks. There are two ways to do this:
a. Select the Run Now option link under the Action column to initiate the scan. This will place the scan directly into the Scheduled Tasks list.

13. Whether you choose to run the scan now or schedule the scan to take place in the future, it will be added to the Scheduled Tasks list, where you can check its status. This is the final step in initiating (or scheduling) a scan.

Reporter -- User Guide

Network Detective

To learn more about how to configure the scans related to a Network Assessment, please refer to the Network Detective User Guide at https://www.rapidfiretools.com/nd.
Note: Note that the Network Assessment Reports are only available as part of the Network Assessment module.

Network Detective

Reporter -- User Guide

Exchange Server Assessment Scan
Set up a recurring Exchange Assessment scan to collect data for automatic Exchange Assessment reports. To create this scan task, perform the following steps:
Note: If you are installing the RDC to perform an Exchange assessment, you must install the RDC directly on the Exchange server itself. This is required in order for the RDC to communicate with the Exchange server using any required Exchange Shell utility available on the Exchange Server.
If you are scanning Office 365, you do not need to run the RDC on the server. You will only need to enter management credentials for Office 365.
To create this scan task, perform the following steps:
1. Open the Reporter dashboard.

2. Click Create Scan Tasks and select the RDC. 3. Select the Exchange Server option. Select the Next button.

Reporter -- User Guide

Network Detective

4. Follow the prompts to set-up the Server, Port, and Credentials for the SQL Server being scanned. Select the Next button.
5. Verify the settings, set-up an Email Notification to be sent once the scan is completed, and select the Finish button to create the scan task.
6. Schedule the scan from the Task window. Be sure to schedule the scan a few hours before your report jobs.
To learn more about how to configure the scans related to a SQL Server Assessment, please refer to the Network Detective User Guide at https://www.rapidfiretools.com/nd.
Note: Note that the SQL Server Module's Assessment Reports are only available as part of the SQL Server Module subscription.
SQL Server Assessment Scan
To create this scan task, perform the following steps:
© 2021 RapidFire Tools, Inc. All rights reserved. 95

Network Detective 1. Open the Reporter dashboard.

Reporter -- User Guide

2. Click Create Scan Tasks and select the RDC. 3. Select the SQL Server option. Select the Next button.

Reporter -- User Guide

Network Detective

To learn more about how to configure the scans related to a SQL Server Assessment, please refer to the Network Detective User Guide at https://www.rapidfiretools.com/nd.
Note: Note that the SQL Server Module's Assessment Reports are only available as part of the SQL Server Module subscription.

HIPAA Compliance Network Scan
To create this scan task, perform the following steps:
1. Open the Reporter dashboard.

2. Click Create Scan Tasks and select the RDC. 3. Select the HIPAA Network Scan option. Select the Next button.

Network Detective

Reporter -- User Guide

5. Verify the settings, set up an Email Notification to be sent once the scan is completed, and select the Finish button to create the scan task.

6. Schedule the scan from the Task window. Be sure to schedule the scan a few hours before your report jobs.
To learn more about how to configure the scans related to a HIPAA Compliance Assessment, please refer to the HIPAA Module User Guide at https://www.rapidfiretools.com/nd.
Note: Note that the HIPAA Module's Assessment Reports are only available as part of the HIPAA Module subscription.
PCI Compliance Network Scan
To create this scan task, perform the following steps:
© 2021 RapidFire Tools, Inc. All rights reserved. 98

Reporter -- User Guide 1. Open the Reporter dashboard.

Network Detective

2. Click Create Scan Tasks and select the RDC. 3. Select the PCI Network Scan option. Select the Next button.

4. Follow the prompts to set-up the Credentials, Local Domains, External Domains, IP Ranges, SNMP Information, Microsoft Base Security Analyzer (MBSA), and VMware (Optional) parameters.
5. Verify the settings, set up an Email Notification to be sent once the scan is completed, and select the Finish button to create the scan task.
© 2021 RapidFire Tools, Inc. All rights reserved. 99

Network Detective

Reporter -- User Guide

6. Schedule the scan from the Task window. Be sure to schedule the scan a few hours before your report jobs.
To learn more about how to configure the scans related to a PCI Compliance Assessment, please refer to the PCI Module User Guide at https://www.rapidfiretools.com/nd.
Note: Note that the PCI Module's Assessment Reports are only available as part of the PCI Module subscription.
Push Deploy Local Computer Scans
Note: Use Push Deploy Local Computer Scans to gather detailed data for individual workstations. These can be used for all report types and are essential for a comprehensive assessment. To create this scan task, perform the following steps:
© 2021 RapidFire Tools, Inc. All rights reserved. 100

Reporter -- User Guide 1. Open the Reporter dashboard.

Network Detective

2. Click Create Scan Tasks and select the RDC.
3. Select the Local Scans Push Deploy option to push scans to individual computers on the Network.

Note: WMI must be available and operational on your network. Select the Next button. 4. Follow the prompts to set-up the Credentials.
© 2021 RapidFire Tools, Inc. All rights reserved. 101

Network Detective

Reporter -- User Guide

Select the Next button.
5. The selection of the Local Scan Settings depends on the type of IT or Compliance Assessment Reports that you are generating with the Reporter.

Reporter -- User Guide

Network Detective

Select the Scan Settings to collect the scan data required to produce the reports that you want to generate. Below are the Scan Settings required for each assessment type.

Assessment Report Type Select these Scan Settings

Network Assessment

Computer Scan

Security Assessment

Computer and Security Scans

HIPAA Assessment

HIPAA Deep*

PCI Assessment

PCI Deep*

Note: The "Quick" version of this scan can be used instead of the "Deep" scan in order to reduce scan time. Use of the `Quick" scans may result in instances of ePHI or Cardholder Data not being identified.

Select the Next button. 6. Define the Remote Computer IP addresses for the computers being scanned.
Select the Next button.

Network Detective

Reporter -- User Guide

7. Verify the settings, set up an Email Notification to be sent once the scan is completed, and select the Finish button to create the scan task.

8. Schedule the scan from the Task window. Be sure to schedule the scan a few hours before your report jobs.
Local Scan for a Computer Running the Remote Data Collector
This scan will collect data only on the computer running the RDC. To create this scan task, perform the following steps:
1. Open the Reporter dashboard.
2. Click Create Scan Tasks and select the RDC.
© 2021 RapidFire Tools, Inc. All rights reserved. 104

Reporter -- User Guide

Network Detective

3. Select the Local on Remote Data Collector Only scan option to perform a local scan on the computer used to run the Remote Data Collector.

Select the Next button.
4. The selection of the Local Scan Settings depends on the type of IT or Compliance Assessment Reports that you are generating with the Reporter.

Network Detective

Reporter -- User Guide

Select the Scan Settings to collect the scan data required to produce the reports that you want to generate. Below are the Scan Settings required for each assessment type.

Assessment Report Type Select these Scan Settings

Network Assessment

Computer Scan

Security Assessment

Computer and Security Scans

HIPAA Assessment

HIPAA Deep*

PCI Assessment

PCI Deep*

Select the Next button.
5. Verify the settings, set up an Email Notification to be sent once the scan is completed, and select the Finish button to create the scan task.

Reporter -- User Guide

Network Detective

6. Schedule the scan from the Task window. Be sure to schedule the scan a few hours before your report jobs.

Network Detective

Reporter -- User Guide

Configuring the Local Data Scan Merges
When local scans are performed the Network Detective Data Collectors or by an Appliance, the scan files can be merged into a particular domain data set. The Configuration of Local Scan Merges feature allows you to select which method you prefer to use when merging local scans.
This setting will impact Automated Report Generation.
To select the process to be used by the Appliance to Merge any Local Scan Data into a primary domain data set, perform the following steps.

Step 1 -- Select and Open the Site
Double click your mouse pointer on the Site that you are configuring to use the Reporter Appliance.

Step 2 -- Select Manage Appliance

After the Site has been opened, select the

Selector symbol to expand the Site

properties to view any Appliances associated with the Site.

Then select the Manage option presented for the Appliance listed.
© 2021 RapidFire Tools, Inc. All rights reserved. 108

Reporter -- User Guide

Network Detective

The Manage Reporter window will be displayed.
Step 3 -- Set Scan Data Merge Configuration
Select the Configuration tab in the Manage Appliance to view the Local Scan Merge settings.

Step 4 -- Set the Local Scan Merge Settings and Save Settings
1. Select the preferred Local Scan Merge method, or select, Do Not Merge Local Scans.
© 2021 RapidFire Tools, Inc. All rights reserved. 109

Network Detective

Reporter -- User Guide

For example, you may wish to perform local scans manually on computers that are not connected to an Active Directory domain. From the Local Scan Merge screen, you can decide how these local scans fit into your reports:
l Merge into Primary Domain: This will merge local scans into the primary Active Directory Domain (the Domain with the most computers)
l Specify Domain: The computers scanned will be associated with this Domain in the reports you generate.
l Do not merge local scans: The local scans for computers will appear separately in the reports you generate (they will not be associated with a Domain).
2. Next, set the option to prevent using scans that are older than a specified number of days.
3. Then select the Save and Close button to store the Scan Merge Settings.
© 2021 RapidFire Tools, Inc. All rights reserved. 110

Reporter -- User Guide

Network Detective

InDoc and the RapidFire Tools Portal
InDoc uses the stream of data from Reporter to help your team find, manage, and document everything at a Site.
With your Reporter subscription, you can use InDoc and the RapidFire Tools Portal to dive deeper into the data you collect from your Reporter sites. With InDoc, you can supplement Reporter data with your own network documentation to make managing your client's assets a breeze. Access the RapidFire Tools Portal at https://www.youritportal.com.

With InDoc, you can: l Explore and view data from all network assets discovered during the latest scan and take immediate action. l See To Do items and Risk Management Plan issues for the Site. l Annotate each asset on the client's network with your own Notes and Procedures. l See relationships between assets by linking together Related Items. l Safely share Confidential Notes, including passwords, in a secure storage area. l Manage the Smart Tags associated with each network asset. Smart Tags are used to monitor network security with Cyber Hawk, our security service delivery system.
© 2021 RapidFire Tools, Inc. All rights reserved. 111

Network Detective

Reporter -- User Guide

Requirements for using InDoc with Reporter
Using InDoc with Reporter is easy -- but you need to have Reporter set up first. Review the requirements for using InDoc with Reporter below.
1. You must have a subscription to the Network Assessment Module and Reporter. 2. Reporter must be installed on the MSP network and associated with one or more
Sites in Network Detective. You can only use InDoc with Sites that have an associated Reporter in Network Detective. 3. One or more Remote Data Collectors (RDC) must be installed on the client network (s) and associated with the Reporter Sites using Connector(s). 4. The RDC must be configured to perform scans on the network. The RDC must also have performed a scan and uploaded it to the Network Detective Site through the Connector.
Note: See "Setting Up Reporter" on page 16 for detailed instructions.
5. You must have automated report tasks set up, and select Upload Scan Data to InDoc when configuring your report tasks.
Note: Upload Scan Data to InDoc is selected by default, and will be retroactively applied to your previously-created report jobs.

Reporter -- User Guide

Network Detective

6. Users who wish to access InDoc in the RapidFire Tools Portal must have the correct Global and Site-specific Role permissions. User Roles are configured in the Portal. See "InDoc User Permissions" on page 138.
7. Your reports must have successfully generated. Once you set up InDoc with these steps, your InDoc Site will appear in the RapidFire Tools Portal.
Tip: If you are using Reporter with Cyber Hawk, you can access both tools from the same Site.
Click on the Site to view the InDoc tab to see the InDoc Dashboard.
© 2021 RapidFire Tools, Inc. All rights reserved. 113

Network Detective

Reporter -- User Guide

Network Detective

Using InDoc (RapidFire Tools Portal)
Once you set up Reporter for automated reporting and data collection, you can begin using InDoc in the RapidFire Tools Portal. (See "Requirements for using InDoc with Reporter" on page 112). Each time scans are performed and reports successfully generated, InDoc will be updated with the latest data. To access InDoc:
1. Log in to the RapidFire Tools Portal with your Network Detective account credentials.
2. Open the Site for which you would like to use InDoc. You can only use InDoc with Sites that have an associated Reporter in Network Detective.
Note: InDoc Sites are marked with an InDoc site badge.

3. Click on the InDoc tab > Dashboard.

From here you can view details about network assets taken from the latest scan data -- and you can begin adding your own supplementary documentation. The InDoc dashboard gives you a high level overview of the activity at the Site, including

Network Detective

Reporter -- User Guide

pending To Do items, an Asset Summary, and Notes from your tech group.

Reporter -- User Guide

Network Detective

Explore Network Assets with InDoc
InDoc uses the stream of data from Reporter to help your team find, manage, and document everything at a Site. You access InDoc for your Sites in the RapidFire Tools Portal at https://www.youritportal.com. From the InDoc tab > Overview, you can view detailed information about network assets.

The available asset categories appear below the Dashboard button. These assets are divided into categories, such as Users and Computers. Click on an asset category to view a list of assets detected on the network during the most recent scan.

Click on a specific asset from the list for a detailed view showing information specific to the asset type. This information is dynamically updated by Reporter.
© 2021 RapidFire Tools, Inc. All rights reserved. 117

Network Detective

Reporter -- User Guide

Note: Currently, you can explore details for Users and Computers. More categories will be added in the future.
View Data about Network Assets
To view data about particular assets:
1. Open the Site in the RapidFire Tools Portal. 2. Navigate to the InDoc tab > Overview. 3. Choose an asset category ("Users" or "Computers," for example). The list of
detected assets will appear. 4. Click on a specific asset from the list. From here you can add your own Notes,
Procedures, Related Items, and Smart Tags to the asset.
Users
The Users details page shows information such as domain, last login, password expiration, login history, and groups.

Reporter -- User Guide

Network Detective

You can also view or add Notes, Procedures, Related Items, and/or Smart Tags for the user. For example:
l Assign Related Items to help your team know which network assets are the user's, such as PCs or printers.
l Assign Smart Tags to the User, such as Business Owner, Accounting User, or IT Admin.
Computers
The Computers details page shows information such as IP address, operating system, Windows keys, service tags, CPU, RAM, Disk, Applications, and associated printers. Up to date information on assets can be provided to Technicians on demand.

For each computer, you can also add Notes, Procedures, Related Items, and/or Smart Tags for the user. For example:
l Add a Procedure to a computer to help your team troubleshoot known issues specific to that computer
l Add a Related Item to help your team see which users log on to the PC l Add a Smart Tag to a sensitive computer, such as ACCOUNTING or PCI/HIPAA
© 2021 RapidFire Tools, Inc. All rights reserved. 119

Add a Note to an Asset (InDoc)
You can use InDoc to write your own notes and associate them with specific network assets. This is great for labeling and keeping track of important assets. Use Notes to help your tech group understand the purpose and function of each machine on the network.
1. Open the Site in the RapidFire Tools Portal. 2. Navigate to the Site InDoc tab > Overview.
3. Choose an asset category ("Users" or "Computers," for example).
4. The list of detected assets will appear. Click on a specific asset from the list.
120

5. Next to the Notes panel, click View More. 6. Click Edit. 7. Use the editor to add or change your notes.
121

8. Click Save. Your Note will appear under the Notes panel. 122

Add and View Confidential Notes (InDoc)
Note: Before you can add or view confidential notes with InDoc, you first need to "Enable Confidential Information Protection for InDoc" on page 125. You will also need to be granted confidential access by a Master or Admin user. To create or view confidential notes with InDoc: 1. Open the Site in the RapidFire Tools Portal. 2. Navigate to the InDoc tab > Overview.
3. Choose an asset category ("Users" or "Computers," for example). The list of detected assets will appear.
4. Click on a specific asset from the list. 5. Next to the Notes panel, click View More.
6. Click View Confidential Notes.
123

If you do not have permission to view confidential notes, you can click Request Access. An Admin will then receive an email notification and can choose to log in to the Portal and give you access from Global Settings > Users. (See "Grant User Access to Confidential Notes" on the next page).
7. Enter your RapidFire Tools Portal/Network Detective password when prompted. 8. Use the text editor to add or change your confidential notes. Click Save.
Note: You will need to re-enter your password to view or change confidential notes.
124

Enable Confidential Information Protection for InDoc
With InDoc, you can securely write and share confidential notes that you place on network assets. This is perfect for managing passwords or other sensitive information about the client's network. Before you use this feature, you will need to set up a secure "circle of trust" for using confidential notes with InDoc. This task will be performed by a Global Master user when they first log in to the portal after you set up InDoc. Here's how it works:
1. Once you set up InDoc, log in to the Portal as a user with Master rights. 2. If you have not done so already, you will be prompted to create a confidential
information Store. Enter your portal password and click OK.
3. You will now have access to create and view confidential notes and associate them with network assets.
4. You will then be redirected to the Global Settings > Users page where you can grant access to view confidential information to others.
Grant User Access to Confidential Notes
Note: Before you can add or view confidential notes with InDoc, you first need to "Enable Confidential Information Protection for InDoc" above. Users with access to InDoc can request access to confidential notes. Master users with privacy permission will receive an email when a user requests access to a confidential note.
125

To grant privacy access to the user: 1. Log in to the RapidFire Tools Portal. 2. Navigate to Global Settings > Users. 3. Under the Access Confidential field, click No to edit the confidential access for the appropriate user.
4. Confirm that you wish to grant the user Privacy permissions. The user will then be able to view confidential notes.
126

Network Detective

Reporter -- User Guide

Add a Procedure to an Asset (InDoc)
You can use InDoc to document Procedures and associate them directly with the relevant network assets.
Tip: Procedures are handy for managing instructions or settings that apply to specific assets on the network, like a Domain Controller. This puts the information right at your tech team's fingertips.
1. Open the Site in the RapidFire Tools Portal. 2. Navigate to the Site InDoc tab > Overview.

3. Choose an asset category ("Users" or "Computers," for example).

4. The list of detected assets will appear. Click on a specific asset from the list.
© 2021 RapidFire Tools, Inc. All rights reserved. 127

Reporter -- User Guide

Network Detective

5. Next to the Procedures panel, click Add. 6. Use the editor to write or edit your Procedure.

7. Click Save. You can then see your list of procedures for the asset in the Procedures panel.
© 2021 RapidFire Tools, Inc. All rights reserved. 128

Network Detective

Reporter -- User Guide

Edit or Delete Procedures
Whenever you need to change a procedure:
1. Open the Procedure from the panel. 2. Click Edit. (You can also click Delete to remove the procedure). 3. Make any changes you wish using the editor. 4. Click Save.

Reporter -- User Guide

Network Detective

Add Related Items to a Network Asset (InDoc)
Use InDoc's relationship mapping feature to help keep track of important related items on the client's network. This includes relationships like which users regularly log in to which computers. To assign related items to an asset:
1. Open the Site in the RapidFire Tools Portal. 2. Navigate to the Site InDoc tab > Overview.

3. Choose an asset category ("Users" or "Computers," for example).

4. The list of detected assets will appear. Click on a specific asset from the list.
© 2021 RapidFire Tools, Inc. All rights reserved. 130

Network Detective

Reporter -- User Guide

5. From the Related Items tab, click Add. 6. Scroll down the list of items, or search for it using the search bar.

7. Click the Check Box for each item you want to associate with the asset. 8. Click Add. The related items will appear in the panel. Other users can then click on
the Related Items to view more about them.
© 2021 RapidFire Tools, Inc. All rights reserved. 131

Reporter -- User Guide

Network Detective

Note: To remove a related item from an asset, click on the will be removed.

icon. The related item

View Site Management Plan (InDoc)
On a Site's InDoc tab, you and your team can access a quick overview of the site Management Plan. This provides a concise overview of the Management Plan document that you can generate with Reporter. To use this feature:
1. Open the InDoc tab > Overview for the Site.
2. Under the Management Plan panel, you can see the Network Detective modules to which you are subscribed.
3. Click on a module to open up a short list of the issues identified on the Site network.
133

Next to each issue you can see the Risk Score (100-1). High Risk issues should be addressed first. 4. Click on a specific issue to open up a brief description and remediation instructions.
Tip: For more detailed information on the issues identified, review the latest Management Plan report for that specific module. You can download Reporter documents in the Network Detective application.
134

Network Detective

Reporter -- User Guide

Edit Smart Tags in InDoc
Cyber Hawk, our security alerting system, incorporates a proprietary feature called Smart Tags. Smart Tags allow you to adapt Cyber Hawk to each client's unique IT environment to detect network Anomalies, Changes, and Threats (ACT). Smart Tags allow you to add information about specific users, assets, and settings that helps Cyber Hawk get "smarter" about what it is finding. That means more potential threats identified with fewer false positives.
InDoc allows you to manage and assign Smart Tags to network assets. (Note that you can also do this from within the Cyber Hawk dashboard in the Network Detective application.) To manage Smart Tags in InDoc:
1. Open the InDoc Site in the RapidFire Tools Portal. 2. Navigate to the Site InDoc tab > Overview.

3. Choose an asset category ("Users" or "Computers," for example).
© 2021 RapidFire Tools, Inc. All rights reserved. 135

Reporter -- User Guide

Network Detective

4. The list of detected assets will appear. Click on a specific asset from the list.
5. From the Smart Tags panel, click the pen icon . 6. Choose your Smart Tags from the available list.
© 2021 RapidFire Tools, Inc. All rights reserved. 136

Network Detective

Reporter -- User Guide

7. Click Save. Your Smart Tags for the asset will appear under the Smart Tags panel.
To remove a Smart Tag from the asset, click the X on the tag. Note: Changes to Smart Tags will be reflected in the Network Detective application. See the Cyber Hawk User Guide for more information.
© 2021 RapidFire Tools, Inc. All rights reserved. 137

InDoc User Permissions
You will need to configure your MSP team users correctly in order for them to access InDoc. Only users with the correct Global and Site-specific Roles can see InDoc data in the RapidFires Tools Portal. See "How to Set Up User Permissions for InDoc" below for step-by-step instructions.

The following matrix shows which types of users can see InDoc information.

Global Roles
l Master/All l Admin l Restricted (the Global Role
of Restricted typically an MSP technician)

Site Roles l Site Admin l Technician

Important: A user must have both a Global Role AND a Site Role to access InDoc.

All other users cannot see the InDoc tab. However, they can see there is a Badge for InDoc on the main site tile.
l You can set Global Roles from Global Settings > Users. l You can set Site Roles from [Your InDoc Site] > Home > Roles. You will first need
to add the users to your Site from [Your InDoc Site] > Home > Users.
How to Set Up User Permissions for InDoc
You must assign users the correct Global and Site-specific project Roles in order for them to have access to InDoc. You can do this quickly and easily:
1. Log in to the RapidFire Tools Portal. 2. Go to Global Settings > Users. All of the users associated with your Network
Detective account will appear in the list. 3. If you wish to create new users, click Add New. Otherwise, make sure your
previous (or new) users who wish to use InDoc have the correct Global Access Level (Master/All, Admin, or Restricted). 4. Navigate back to the home page and click on your InDoc Site.

138

5. Go to [Your InDoc Site] > Home > Users. Click Add User and select your Existing User(s). Click Add. Important: Do not create a new user from Site Settings. This user will not have the correct Global Access Level.
6. Go to [Your InDoc Site] > Home > Roles. Assign your users to the correct Site Role(s) ( Site Admin or Technician).
7. If necessary, be sure to give these users their username and password. They can then log in to the Portal and begin working with InDoc!
Privacy Permissions for Confidential Notes (InDoc)
InDoc allows your team to create and view confidential notes assigned to assets at a Site. In order to create or view these notes, you must have privacy permissions. You can manage privacy permissions for InDoc confidential notes from Global Settings > Users. The process works like this:
1. The first Master/Admin user who logs into InDoc will gain the ability to assign Privacy access to other users. See "Enable Confidential Information Protection for InDoc" on page 125.
2. This user can navigate to Global Settings > Users to grant other users Privacy access. This includes the ability to create and view confidential notes, as well as to assign Privacy access to other users. See "Grant User Access to Confidential Notes" on page 125.
139

How Can my Team Use InDoc? Two Examples
InDoc allows MSP support technicians and help desk personnel to easily access documentation and current asset information regarding a customer site to assist in addressing customer issues. Here are two examples:
EXAMPLE:
#1: Help Desk
1. A support call comes in. A customer says they are having problems with their computer and printing.
2. You ask for the customer's user name and company. 3. Using InDoc, you drill into the customer's site and find the user. 4. You bring up the user's details, look at Related Items, and see both
"DESKTOP5" (a PC) and "My HP Printer" (a printer) are associated with the user. 5. You ask, "Are you having issues with the printer called 'My HP Printer' which I see is an HP OfficeJet 8710?" 6. When you bring up the printer, you see a Procedure called "HP Printer Reattachment" with step-by-step instructions on how to remove and re-attach the printer. Apparently, they've had this problem before. 7. After reading the Procedure, you know the computer to remotely connect to, and the printer and model for which to download drivers, all of which facilitates the quick resolution of the problem.
#2: Tech at a Customer Site
1. You arrive on-site and are told there is a permission problem. You need to get on the domain controller.
2. You've never been at this site, but you quickly access InDoc from the RapidFire Tools Portal.
3. You open the Site and use InDoc to see if there are any Notes or Procedures you should be aware of on the DC's before working with them.
4. There are 3 domain controllers, but one has a Note that says "Legacy DC No longer in use" allowing you to avoid spending time working on a computer that is no longer in use.
140

RapidFire Tools Portal Client View for Reporter
With Reporter, InDoc, and the RapidFire Tools Portal, you can make IT and Compliance assessment reports available for clients to view and download.
Note: Before you can use the Client View, you need to enable InDoc for your Reporter Site in the RapidFire Tools Portal. See "Requirements for using InDoc with Reporter" on page 112
Here's a quick overview: l First set up your Report Tasks to publish to the Client Portal. l Then assign clients the Client Role for a Site, and configure their access to the Client Portal and reports. l Clients can then log into a restricted version of the portal (the "Client Portal") to access and download reports. Tip: The Client Portal is the same as the RapidFire Tools Portal just limited to only what clients need to see.
Here's how you set things up for clients to access reports:
Step 1 -- Configure Reporter to Publish to the Client Portal
First you need to configure one or more of your existing report jobs to publish to the Client Portal. To do this:
1. In the Network Detective app, open your Reporter Site. 2. Click on Reporter button (lower left-hand side of the screen) to open the Reporter
dashboard for the Site.
3. Under Tasks, double click on the report task you wish to publish to the Client Portal.
141

4. Click Next to go to the Delivery Method screen. Note: Before you can use the Client View, you need to enable InDoc for your Reporter Site in the RapidFire Tools Portal. See "Requirements for using InDoc with Reporter" on page 112
5. Check the Publish to Client Portal box. l Enter a Report Set Name that will appear in the Portal for the client to access. l You can also choose to Append the Report Set Name with the Date and an ID. Note: This is useful to help distinguish between multiple report sets with
142

the same name.
6. Click Next. 7. Schedule the task if you have not already done so. 8. Click Finish.
Configure Reporter Template to Publish to Client Portal
If you modify a report task associated with an existing Reporter Template, you can save time by changing all of your report tasks for multiple sites at once. To do this:
1. Click on Reporter from the Network Detective top ribbon. 2. Click Edit on the Reporter Template you wish to modify. 3. Double click on the Report Task you wish to modify. 4. Click Next to go to the Delivery Method screen, and check Publish to Client
Portal. 5. Complete the remaining prompts and save your edited task.
143

Note: All of your Reporter Sites that have this task will publish their reports to the Client Portal. However, you still need to complete the remaining steps below.
Step 2 -- Ensure that the Site is Visible in the Client Portal
Next you need to configure the Site to make it visible in the Client Portal: 1. From within the Network Detective app, navigate to the Home screen. 2. Right click on the Site you want to appear in the Portal and click Edit Site.
3. Check the Visible in Client Portal box.
144

4. Repeat this for each Site that you wish to make visible to clients.
Step 3 -- Add Client User to Site and Assign Client Role
1. Log in to the RapidFire Tools Portal (https://www.youritportal.com). 2. Navigate to the Site, then to Home > Users. 3. Click Add User. Then choose New User. Add the client user to the Site. You will
need their email address and name. Create a password for the user. Important: You will need to send these credentials, including the password, to the client user.
4. Now you need to add the new user to the Client Role. Go to Home > Roles. 5. Click Add User next to the Client View Role. Select the User. Then click Add.
The user will be added to the client role and will be able to access a restricted version of the Site. Create additional users and assign them to the client role if needed.
Step 4 -- Configure Client View in RapidFire Tools Portal
Configure the Client View. This consists of deleting any reports you wish to remove from a report set.
145

1. From the Portal, access the Site and go to InDoc > Settings > Client View.
2. Review the list of reports published to the site. Choose from various published Report Sets using the drop down menu. 146

l If you want to delete a report, click the delete.

icon next to the report you want to

l If you want to delete an entire Report Set, click Delete Report Set.

Important: · Deleting reports or report sets will remove them from the Client View, but not from Network Detective. · You cannot restore reports to the Client View once you have deleted them. You will have to republish them from Network Detective.

Access the Portal as a Client User
Important: Before clients can access the portal, an admin will need to set up access on their behalf. See "RapidFire Tools Portal Client View for Reporter" on page 141 for detailed instructions.
Clients can view assessment reports that have been published to the Portal. To do this:
1. Navigate to the portal using the URL provided by the MSP. 2. Enter the login credentials provided by the MSP.

147

3. The MSP will have granted you access to one or more sites to view reports. Click on the Site for which you wish to view/download reports.
4. If necessary, click on the Reports tab. 5. Select the report set from the drop-down menu. Also select a target language if
the reports have been published in multiple languages. Click the download button next to a report to download reports individually, or click the Download .zip button to to download reports together as a .zip file. The reports will be in MS Word format.
148

Appendices

This section contains other helpful topics related to Reporter:

Reporter Templates

150

Create and Deploy Reporter Templates

151

Custom Reports

162

Generate Client Progress Reports

170

Set Scan and Report Task Time Zone and Date Format

173

Integrate Reporter with a PSA System with Export Tasks

175

Software Appliance Diagnostic Tool

210

Augment Reporting to Eliminate False Positives

213

Updating a Software Appliance

217

Two-Factor Authentication for RapidFire Tools Portal

219

Set Up Custom SMTP Server Support (Reporter)

224

Client-Connector Diagram

228

Using Reporter with Cyber Hawk

229

Pre-Scan Network Configuration Checklist

234

149

Network Detective

Reporter -- User Guide

Reporter Templates
Instead of configuring report tasks for each Site one by one, you can use Reporter Templates to set up automated report tasks for all of your sites simultaneously. Reporter Templates allow you to create and deploy report tasks quickly and easily. With Reporter Templates you can:
l Select reports to generate from each of your Network Detective module subscriptions and choose from a variety of report scheduling options
l Specify where to publish your reports, including emailing recipients and/or copying reports to a network share
l Choose to upload scan data to InDoc in the RapidFire Tools Portal l Once your template is configured, deploy it to multiple Reporter Sites at once
You can Manage Reporter Templates from the Reporter button located on the Network Detective top ribbon.

Tip: Reporter Templates also include several "preset" templates that you can use to get started right away!

Reporter -- User Guide

Network Detective

Create and Deploy Reporter Templates
Reporter Templates allow you to create re-usable sets of report tasks for multiple Reporter Sites at the same time.
Note: Before you can use Reporter Templates, you need to have Reporter set up and associated with each Site you wish to use. See "Setting Up Reporter" on page 16.
To create and deploy a Reporter Template, follow these steps:
Step 1 -- Create New Reporter Template
1. Click on the Reporter button located on the Network Detective top ribbon.

The Manage Reporter Templates screen will appear.

Here you can see all of the templates you created previously. For each template, you can also see:
l Number of Sites template has been applied to l Number of Scheduled Reports included in the template
© 2021 RapidFire Tools, Inc. All rights reserved. 151

Network Detective

Reporter -- User Guide

l Click on the arrow button to quickly see this information in a drop-down

Note: Here you can also see the "preset" Reporter Templates available for you to configure. If you want to get started with one of the preset templates, click the Edit icon on the template, and go to "Step 2 -- Assign Reports to Template" on the next page. 2. Click Create New Reporter Template.
3. Enter a name for the Reporter Template.
© 2021 RapidFire Tools, Inc. All rights reserved. 152

Reporter -- User Guide

Network Detective

The Modify Reporter Template screen will appear.

4. Enter a Description for the Reporter Template.
Note: Your description should include notes that explain the template to other Network Detective users. For example: · What report tasks does the template contain? · To which Sites is it applied? · What is the schedule?
Step 2 -- Assign Reports to Template
Next assign the reports that will be part of the Reporter Template.

Network Detective 1. Next to Select Reports, click Create Report Task.

Reporter -- User Guide

2. From the Select Reports to Generate screen, check the reports for each module that you wish to include as part of the report task.

Note: If you want to configure an existing Report Task, double click on it from the list of tasks.
Important: The selected reports will be generated whenever the report task is scheduled to run and when there is available scan data from the Remote Data
© 2021 RapidFire Tools, Inc. All rights reserved. 154

Reporter -- User Guide

Network Detective

Collector (RDC). Reporter and all RDCs must be set up properly for each Site. See "Setting Up Reporter" on page 16.
3. Click Next.
Step 3 -- Set Delivery Method
1. Next you need to configure how you wish to deliver and/or publish the reports for the template. Reporter gives you several options:
A. To send the generated reports by email, enter an email Subject line and each recipient's Email address. Then check the Attach reports to notification email box.
B. Select Copy to External Network Share to publish the reports to a network drive. See also "Copy Reports to External Network Share with Reporter" on page 76.
C. If you wish to upload scan data to InDoc in the RapidFire Tools Portal, check Upload Scan Data to InDoc. See also "Requirements for using InDoc with Reporter" on page 112.
D. Check Publish to Client Portal to make the reports available for the client to view in the RapidFire Tools Portal. See also "RapidFire Tools Portal Client

Network Detective View for Reporter" on page 141.

Reporter -- User Guide

2. Enter a Task Label for the report task. Click Next. Note: A Reporter Template can contain several individual Report Tasks, so enter a label to help you distinguish it from other tasks within the template. For example, enter a label based on the module (Security, HIPAA) or the reporting schedule.
Step 4 -- Schedule the Report Task
1. The CRON Builder (Scheduler) window will appear. Set the time and frequency for which to generate reports.
© 2021 RapidFire Tools, Inc. All rights reserved. 156

Reporter -- User Guide

Network Detective

2. Click Finish. Important: The time it takes to generate reports will vary depending on the volume of reports you are generating. A large report job for many sites using one Reporter appliance could take several hours. Keep this in mind when scheduling report tasks. See "Important Tips for Using Reporter Templates" on page 160 for more details.
3. Your Reporter Task will then appear in the list of tasks associated with your Report Template.
4. Continue adding Report Tasks until you have all of the tasks you want for the Reporter Template.
Step 5 -- Assign Template to Sites
Next you will assign the Reporter Template to one or more Sites. To do this:

Network Detective 1. Click Add Sites next to Select Sites.

Reporter -- User Guide

The list of Sites for your account will appear. Here you can see each Site's assigned Reporter, RDC, and other relevant details.
2. Check the box next to each Reporter Site to which you wish to deploy the template you created.

3. Click Save. The Sites that you applied the template to will appear on the Modify Reporter template page.
© 2021 RapidFire Tools, Inc. All rights reserved. 158

Reporter -- User Guide

Network Detective

The Reporter Template Tasks will also appear on the Reporter dashboard on each Site that you applied it to:
From a Site's Reporter Dashboard, you can see if a Report Task is associated with a template. The name of the template will appear in the Reporter Template field in the Tasks window.
Modifying Reporter Template Tasks at the Site Level
On a Site level, if you modify a task associated with a Reporter Template, the task will be marked as "Modified" and will no longer be linked to the template.
Step 6 -- Configure Scans for Reporter Templates
If you have not done so already, you must set up Remote Data Collector scans to gather the data from the target networks necessary to generate reports. See "Configuring Remote Data Collector Scans by Assessment Module" on page 78.
© 2021 RapidFire Tools, Inc. All rights reserved. 159

Network Detective

Reporter -- User Guide

Note: We recommend you schedule scans to occur a few hours before your reports are scheduled to be generated.
Important Tips for Using Reporter Templates
Suggestions for Scheduling Report Tasks
l You should schedule your reports to be generated several hours AFTER your Remote Data Collector (RDC) scan tasks.
l If you are managing multiple sites with multiple RDCs, be sure you schedule your report tasks at a time when you know all of your sites will have the most recent scan data. This should be less critical for monthly or quarterly reports, but is worth considering for daily or weekly reporting.
How Long Does it Take for Reporter to Complete Report Tasks?
The time it takes to generate reports can vary, depending on factors such as:
l Amount of scan data Reporter needs to process l Number of Report Tasks assigned to one Reporter at a given time l Number of Reports selected for a single Report Task l Number of Sites for which you are generating Reports at a given time
Particularly large tasks for multiple sites could take several hours to complete. Keep this in mind when scheduling Report Tasks for your Sites using Reporter Templates.
Preset Reporter Templates
You can choose from several preset Reporter Templates from the Manage Reporter Templates screen. You can use these to get started with deploying report tasks to your Sites right away.
l These Preset Templates are for use with the Network and Security Assessment Modules.
l There are presets for Weekly, Monthly, and Quarterly reporting.

Reporter -- User Guide

Network Detective

l There are also both client-facing and in-house reporting presets.

Reload Preset Templates
To restore the factory preset templates:
1. Click on the Reporter icon to go to the Manage Reporter Templates screen. 2. Click Reload Preset Templates to restore the factory Preset Templates that have
been deleted.
Note: This will NOT overwrite your own modified Preset Templates. It will only restore Preset Templates that have been deleted.

Network Detective

Reporter -- User Guide

Custom Reports
You can use the Reporter Custom Reports feature to create a custom Network Assessment Module Full Detail Report.
Prerequisites:
l Customer must subscriber to the Network Assessment Module l Customer must subscribe to the Reporter l Customer must have updated their Network Detective application installation to the
latest version of ND l Customer must have updated their Reporter to the latest version of Reporter l Customer must have installed the Remote Data Collector on a network (Active
Directory Based or Workgroup Based) l Customer must have used the Reporter UI to schedule a 1) Network Scan, 2) A
Push Local computer Scan Task, and 3) Set Reporter "Merge" settings to enable these scans to be used for automated report generation
This topic covers two uses for custom reports:
l "Create a Custom Report Template" below l "Create a Report Generation Task using the Custom Full Detail Report Template"
on page 166
Create a Custom Report Template
1. Log in to Network Detective. 2. Open a Network Detective Site associated with Reporter. 3. Select the Reporter icon on the Network Detective top ribbon bar.

The Manager Reporter Templates window is displayed.

Reporter -- User Guide

Network Detective

4. Select the Custom Reports Templates icon in the left hand ribbon bar.
This Custom Reports window is displayed. 5. Select the Create New Customer Report Template button. 6. The Create New Custom Report Template window is displayed.

7. Type in the name of the new Custom Report Template.
© 2021 RapidFire Tools, Inc. All rights reserved. 163

Network Detective

Reporter -- User Guide

8. Select the Network Assessment - Full Detail Assessment option from the Derived From list.

9. The Sections of the Full Detail Report that can be customized are presented in the Create New Custom Report Template window.

Customization Features include: l Include Feature This feature enables inclusion or removal sections from the Full Detail Report. l Custom Text This feature enables the modification of the Full Detail Report's Original Text contained in the report describing each report Section's findings.
10. Select all of the Sections that should be "Included" in the Custom Full Detail report. 11. For all of the sections to be included in the report, add Custom Text that will replace
the original text contain in the Full Detail report.
© 2021 RapidFire Tools, Inc. All rights reserved. 164

Reporter -- User Guide

Network Detective

12. Select the Save Button to save your Custom Full Detail Report template that can be used by all of the Network Detective Sites associated with the Reporter.
13. The following information will be displayed in the Create New Custom Report Template window.
14. Select the Close button to close the Create New Custom Report Template window.
© 2021 RapidFire Tools, Inc. All rights reserved. 165

Network Detective

Reporter -- User Guide

Create a Report Generation Task using the Custom Full Detail Report Template
1. Log into Network Detective. 2. Open the Network Detective Site associated with the Reporter. 3. Select the Reporter icon on the left hand ribbon bar.

The Reporter UI will be displayed.

4. Click on the Tasks Selector to expand the Reporter Tasks list. 5. The Tasks list is expanded.

Reporter -- User Guide

Network Detective

6. Select the Create Report Tasks button The Schedule Reports Window is displayed.

7. Select the Network Tab to display the Reports list of the Network Assessment Module.
8. Scroll to the bottom of the Network Assessment Module Reports List to view the available customer Reports. (Note that the "Ralston Network Full Detail Report" created as a Custom Report Template is available on the Custom Reports list).
© 2021 RapidFire Tools, Inc. All rights reserved. 167

Network Detective

Reporter -- User Guide

9. Select the Custom Report that is to be generated by the Report Task being created.
10. Select the Next button to proceed in creating the Report Task.
© 2021 RapidFire Tools, Inc. All rights reserved. 168

Reporter -- User Guide

Network Detective

11. Set up the Delivery Method for the Report Task.
12. Select the Finish button to complete the creation of the Report Task for the Custom Report.
13. Either select the newly created Custom Report Task's "Run Now" link to generate the report, or schedule the report to the generated at a schedule Day and Time.
© 2021 RapidFire Tools, Inc. All rights reserved. 169

Network Detective

Reporter -- User Guide

Generate Client Progress Reports
The Client Progress Report is designed to be generated after you have completed several Network and Security Assessments. This report compares key areas over time and display trending changes with charts and graphs. Computers are given a letter grade ('A' through 'F').
Important: The Client Progress Report requires a minimum of 2 assessments, containing both Network and Security Scans. The report will compare a maximum of 10 total assessments. Network Detective will notify you if the Site does not meet these requirements.

1. Open a Reporter site with two or more archived assessments containing both Network and Security Scans. These assessments can be archived. A current assessment is not required.

2. On the left-hand site menu, click Progress Reports (BETA).

Reporter -- User Guide

Network Detective

3. Click Client Progress Reports (.docx). From the side panel, you can find report details and requirements.
4. From the side panel, click Create Reports. 5. Select which assessments to include in the report (minimum of 2). All assessments
are included in the report by default (up to 10). Then click Next.
© 2021 RapidFire Tools, Inc. All rights reserved. 171

Network Detective

Reporter -- User Guide

6. From the Edit Client Progress Reports screen, you can change and edit the text of the report, including its title and subsections. You can likewise add custom text to each section and decide to exclude certain sections, if you choose.
Note: Click Save to keep a record of your edits to the report. Date Created and Date Modified are displayed on the form.

7. When you are ready, click Generate Report. After the report is built, it will appear in Windows File Explorer.

Reporter -- User Guide

Network Detective

Set Scan and Report Task Time Zone and Date Format
You can configure the time zones and dates that appear next to your Site's scan and report tasks. This feature applies to both Reporter and Inspector for Network Detective.
l You can use this feature from Global Preferences to ensure all of your NEWLY CREATED sites display scan and report task times in your own local time zone.
l Alternatively, if you are responsible for several sites in different time zones, you can use Site Preferences to change the time zone for each site. This can help you more easily determine when a task will occur with sites in different time zones.
To set preferences:
At Site Level
1. Open your Reporter or Inspector Site in Network Detective. 2. Open the Site Settings and click Report Preferences.

3. From Report Defaults > Text, select your desired Time Zone and Date Format. Click OK.

Network Detective

Reporter -- User Guide

Your scheduled scan and report tasks will now appear with your preferred time zone and date format for just this site.

At Global Level
1. Click Preferences from the Network Detective top menu.
2. From Report Defaults > Text, select your desired Time Zone and Date Format. Click OK.

Unless you have adjusted your preferences at the Site level, your NEWLY CREATED Site's scheduled scan and report tasks will now appear with your preferred time zone and date format.
Note: New Reporter Templates you create and apply will also use your Global Time Zone and Date Format preferences.
© 2021 RapidFire Tools, Inc. All rights reserved. 174

Reporter -- User Guide

Network Detective

Integrate Reporter with a PSA System with Export Tasks
With Reporter and Network Detective, you can automatically export important information uncovered during your scans into your preferred Professional Services Automation (PSA) system with Export Tasks. This includes technical information on computer assets discovered on the network, contact information for network users, and issues for remediation. This topic covers how to integrate Reporter with your chosen PSA System.

Step 1 -- Gather Credentials and Set Up your PSA System
Before you begin, you will need:
l Valid Login Credentials for Network Detective l A Network Detective "Site" for which you wish to export items or create tickets in
your PSA l Valid Login Credentials for your PSA system account (if you wish to integrate
Network Detective with multiple PSA accounts, gather credentials for each PSA account) l A Reporter associated with your Site, as well as the Remote Data Collector that has collected scan data. See also "Setting Up Reporter" on page 16. l Other prerequisites specific to your chosen PSA system (refer to the table below).

PSA System

PSA Prerequisites

l Autotask Username l Autotask Password

l ConnectWise REST Public Key l ConnectWise REST Private Key l ConnectWise Company ID l ConnectWise PSA URL
Note: You must configure ConnectWise correctly before you can integrate with Network Detective. See also "Set Up ConnectWise REST Integration" on

Network Detective
PSA System

Reporter -- User Guide
PSA Prerequisites
page 191
l ConnectWise Username l ConnectWise Password l ConnectWise Company ID l ConnectWise PSA URL
Note: You must configure ConnectWise correctly before you can integrate with Network Detective. See also "Set Up ConnectWise SOAP Integration" on page 195
l Tigerpaw Username l Tigerpaw Password l Tigerpaw API URL
l Kaseya Username l Kaseya Password
Note: The Kaseya User must be in the Kaseya Administrator Role. See also "Set Up Kaseya BMS Integration" on page 197.
l Kaseya Tenant (i.e. company name) l Kaseya API URL,
example: "https://bms.kaseya.com" (you should receive the exact URL in an email from Kaseya)

Reporter -- User Guide
PSA System

Network Detective
PSA Prerequisites
l Works with Export Configurations ONLY
l IT Glue API URL
Note: For the API URL, use https://api.itglue.com. If your IT Glue account is in the EU Data Center, use https://api.eu.itglue.com.
l IT Glue API Key
Note: You will generate the API Key in the IT Glue application.

Step 2 -- Create Export Task with Reporter
1. Start Network Detective and log in with your credentials. 2. Open the Reporter Site for which you wish to create tickets in the target PSA.
Note: You must have scan data and must have generated reports in order to create tickets.
3. Click the Reporter icon in the bottom left of the screen to open the Reporter dashboard.

4. From the Reporter dashboard, click Create Export Tasks.

Network Detective

Reporter -- User Guide

5. Choose an Export Task Type from the drop-down menu.

Note: a) Create Tickets Automatically create tickets in your company's PSA/Ticketing System. b) Export Configurations Export Configurations (hardware information, etc.) into Autotask, Kaseya BMS, ConnectWise, Tiger Paw, or ITGlue. c) Export Contacts Export Contacts identified by the Exchange Assessment Module into Autotask, Kaseya BMS, ConnectWise, or Tiger Paw. 6. Select the module/type of issues for which to generate tickets.
© 2021 RapidFire Tools, Inc. All rights reserved. 178

Reporter -- User Guide

Network Detective

Reporter -- User Guide

Network Detective

9. Select the New button in the Connections Manager window to create a new PSA connection. The PSA Credentials window will be displayed
10. Enter the credentials for your chosen PSA. 11. Click OK.
The new Connection will be listed in the Saved Connections list in the Connections Manager window.
Tip: If you wish to export items to multiple, separate PSA accounts, repeat this process and add Connections for each account. 12. Click Close to dismiss the Connection Manager. 13. From the Export screen, verify the connection by selecting it from the drop-down menu.
© 2021 RapidFire Tools, Inc. All rights reserved. 181

Network Detective

Reporter -- User Guide

Note: If the connection is successful, some of the Mappings fields should automatically populate with values from the PSA system. 14. Proceed to export information to your PSA. Refer to the instructions below. Note: When the Connection between Network Detective and the PSA is established, some of the fields in the Mapping menu will automatically populate. This may take up to 60 seconds.
© 2021 RapidFire Tools, Inc. All rights reserved. 182

Reporter -- User Guide

Network Detective

15. Map the issues to service ticket fields in your PSA. These mappings allow you to configure how the issues in Network Detective are created as tickets in your PSA. Important: You configure the values for the mapping fields in your PSA system. Ensure the values are correctly configured in your PSA before continuing.
16. When you are finished, click Update. The Export Task will appear in the tasks list.
© 2021 RapidFire Tools, Inc. All rights reserved. 183

Network Detective

Reporter -- User Guide

Next, you must schedule the task to export.
Step 3 -- Schedule/Run Export Task
1. Next to the Export Task, click on Schedule link to open the CRON Builder window. The CRON Builder is used to schedule the running of your Reporter task.

Exports can be set to run daily, weekly, monthly, quarterly, annually, or just once. You may also set the time of the day that the scan should be initiated.
Note: Please note that the time zone used for the CRON Builder time is Eastern Standard Time (EST).
© 2021 RapidFire Tools, Inc. All rights reserved. 184

Reporter -- User Guide

Network Detective

2. Set the export frequency by selecting one option from Every list (i.e. day, week, month, year, or once)
3. Next set the "on the" by selecting a day that the export should be performed.
4. Then set the time of the day that the export should run by setting the "at" time.
5. Click OK to save the Export task. It will run at the specified time and export items into your chosen PSA system.

Network Detective

Reporter -- User Guide

Set Up Autotask Integration
To set up a connection with the Autotask system, you will need to create an API User in Autotask. To do this:
1. Log in to Autotask with your admin user credentials. 2. Click on the Autotask home button on the left, then click Admin.

Reporter -- User Guide

Network Detective

4. Next click Resources/Users (HR) from the Features & Settings menu.

5. Click Resources/Users.

Network Detective

Reporter -- User Guide

6. Click New to begin creating a new API user.
7. Enter information about the API user. Autotask will prompt you to enter the mandatory fields.

Reporter -- User Guide

Network Detective

8. On the Security tab, enter the user credentials and save these for use later.
9. While still on the Security tab, you must also: a. Select API User from the Security Level drop-down menu (pictured above) b. Select None under API Tracking Identifier.
© 2021 RapidFire Tools, Inc. All rights reserved. 189

Network Detective

Reporter -- User Guide

c. You can also optionally select Resource is not required to Submit Timesheets.
10. Complete any remaining prompts required by Autotask to create the user or to comply with your company's user and security policies.
11. When you are finished, click Save & Close. The new user will appear in the list.

Reporter -- User Guide

Network Detective

Set Up ConnectWise REST Integration
To set up a connection to ConnectWise Ticketing system using the REST API you will be required to:
Step 1 -- Download and Install the ConnectWise Manage Internet Client Application
To enable the integration, you will need to use the ConnectWise Manage Internet Client application. Download and install the app from http://university.connectwise.com/install/. Then log in using your credentials.
If you are using the ConnectWise Manage web app, you can continue to use the web app after you have completed the steps in this guide and enabled the integration.
Step 2 -- Select the ConnectWise Ticket System API Member Account to Integrate with
1. From the ConnectWise dashboard, click System from the side menu.

2. Next, click Members. 3. Click on API Members Tab. The API Members screen will appear.
Note that the API Members Tab may not show by default and may need to be added. You can add this tab from the Tab Configuration menu on the Members page .
4. Click on the button to create a new API Member. Fill in all required information. 5. Confirm that the API Member has been assigned Admin rights by checking the
member's Role ID under Security Information.

Network Detective

Reporter -- User Guide

Important: By default, the API Member must have Admin rights for the integration to function correctly. However, we provide a "least privilege" custom solution for the API Member Role ID below. See "Create Minimum Permissions Security Role for API Member" below.

Create Minimum Permissions Security Role for API Member
If you do not wish to assign the API member full Admin rights, create this custom security role and assign it to the API member:

1. Go to System > Security Roles.
2. Click the button to create a new security role. 3. Set the permissions for the Role as detailed in the table below and click Save. 4. Assign this custom Security Role to the API Member instead of full Admin.

Module

Add Level

Companies

Company Maintenance

Configurations

All

Contacts

All

Service Desk

Service Tickets

All

System

API Reports

Table Setup

All

Customized Table Setup: Allow Company / Configuration, Opportunities / Opportunity Status, Opportunities / Opportunity Type

Edit Level
All All
All

Delete Level

Inquire Level
All All All
All
All All

Reporter -- User Guide

Network Detective

Step 3 -- Create an API Key in the ConnectWise Ticketing System
1. Select the API Member that you created previously. 2. From the API Member details screen, click API Keys.

3. Click the button. 4. Enter a Description for the API Key.
5. Click Save. 6. The newly generated API Key will appear. 7. Write down or take a screen shot of the Member's Public and Private API Key
strings. This information will be required to set up the integration with ConnectWise.
Important: Note that the Private Key is only available at the time the key is created. Be sure to copy the keys for your records.

Step 4 -- Configure Service Tables in ConnectWise
In order to export issues as tickets in ConnectWise, you will need to configure several Service Tables in ConnectWise. These tables ensure that the issues are "mapped" correctly to the tickets created within ConnectWise. You must configure the Service Tables correctly in order to establish the connection with ConnectWise.
You can configure the Service Tables in ConnectWise from System>Setup Tables>Category>Service. Configure the Service Tables as detailed below:
1. Service Board

Network Detective

Reporter -- User Guide

You must have a Service Board created within ConnectWise. In addition, within the Service Board, you must create values for the following fields. You can create values for these fields from the Service Board page:
a. Statuses b. Types c. Teams
You must create at least one value for each of these fields.

In addition, you must define values for two additional Service Tables: 2. Source
You must include at least one Source. 3. Priority
You must include at least one Priority level.

Reporter -- User Guide

Network Detective

Set Up ConnectWise SOAP Integration
This topic covers how to integrate Network Detective with ConnectWise via the ConnectWise SOAP API.
Important: The ConnectWise SOAP API is in the process of being deprecated by ConnectWise. We recommend that you use the ConnectWise REST API instead.
To set up the ConnectWise SOAP integration:
1. Navigate to System-> Setup Tables. 2. Type "Integrator" into the Table lookup and hit Enter. 3. Click the Integrator Login link.

4. Click the "New" Icon to bring up the New Integrator login screen as shown on the right.
5. Enter and record Username and Password values which you will need later on when creating a connection in Network Detective.
6. Set the Access Level to "All Records." 7. Using the ConnectWise Enable Available APIs function, enable the following
APIs: l ServiceTicketApi l TimeEntryApi l ContactApi l CompanyApi l ActivityApi l OpportunityApi
© 2021 RapidFire Tools, Inc. All rights reserved.
195

Network Detective
l MemberApi l ReportingApi l SystemApi l ConfigurationApi

Reporter -- User Guide

8. Click the Save icon to save this Integrator Login. Note: If you already have an Integrator Login configured, you may use it as long as the Company and Configuration APIs are enabled.)
© 2021 RapidFire Tools, Inc. All rights reserved. 196

Reporter -- User Guide

Network Detective

Set Up Kaseya BMS Integration
To export items to Kaseya BMS, you will need Administrator credentials in Kaseya BMS. To assign a Kaseya user to the Administrator role, follow these steps:
1. Log in to Kaseya BMS. 2. Go to Security > Roles.

3. Click Open/Edit on the Administrator Role. 4. Click the Role Users tab.

5. Click Add.

Network Detective

Reporter -- User Guide

6. Search for the user to who will become a Kaseya Administrator and Select that user.
7. Click OK. This user can now invoke the Kaseya BMS API.

Reporter -- User Guide

Network Detective

Set Up Network Detective to IT Glue Integration
This topic covers how to integrate Reporter with IT Glue, the Kaseya IT documentation product. This integration uses Reporter to discover assets, computers, servers, applications, and services such as Active Directory, DNS, DHCP, and more. Once you export this data to IT Glue, the IT Glue system automatically builds the relationships between these assets. This provides you with great visibility of the site's IT environment.
Important: This is a powerful integration that can create thousands of assets in IT Glue. We highly recommend that you review your settings carefully as the data created cannot be mass deleted. This integration has unique matching criteria to prevent duplicates. Please review the Matching Criteria for Configurations section of IT Glue's integration documentation to prevent duplication of data.
There are several prerequisites needed before you can create a Reporter Export Task to IT Glue:
l Partners must be subscribed to the IT Glue Enterprise Plan as the integration requires the IT Glue API.
l You must have the Network Detective application installed l You must have a Reporter scan server installed on your MSP Network. (See
"Initial Reporter Set Up" on page 16) l You must have a Remote Data Collector (and its associated Client-Connector)
set up with a Reporter Site configured to perform regular scan tasks. (See "Initial Remote Data Collector Set Up" on page 21 and "Configure Remote Data Collector to Perform Scan Tasks" on page 30)
Note: See "Setting Up Reporter" on page 16 for detailed instructions on installing and configuring Reporter.
Important: Currently, you can only export configuration items for Active Directory environments, and NOT Workgroups.
Once these prerequisites are met, you can then:
Create Organization and API Key in IT Glue
1. Create one or more Organizations in IT Glue. You will later select these to receive the exported data from Reporter. You create new Organizations from the

Network Detective Organizations tab in IT Glue.

Reporter -- User Guide

2. Create an IT Glue API Key for your use during integration and set up. You can do this from Account > API Keys.

Important: For your reference, save a copy of the API key outside of IT Glue.
You can then use the instructions below to create a Reporter Export Task to IT Glue in the Network Detective application.
Create a Reporter Export Task to IT Glue
To set up a connection between the Network Detective application and IT Glue, you will: 1. In the Network Detective app, open the Site used to manage the Reporter. Click on the Reporter icon on the bottom left side of the Site screen.
© 2021 RapidFire Tools, Inc. All rights reserved. 200

Reporter -- User Guide 2. Click Create Export Tasks.

Network Detective

3. The Select Export Task Type window is displayed. Select the Export Configuration option and assign a Task Label.

Network Detective

Reporter -- User Guide

Network Detective

6. Click New.

Network Detective

Reporter -- User Guide

Note: · For the API URL, use https://api.itglue.com · If your IT Glue account is in the EU Data Center, use https://api.eu.itglue.com
Important: The IT Glue API Key must be generated from within the ITGlue system. See "Create Organization and API Key in IT Glue" on page 199
8. The Connection will appear in the list of Saved Connections. Select the connection and click Close.

Reporter -- User Guide

Network Detective

10. Select the Organization to receive the exported configuration items. Note: If successful, you should see your IT Glue Organizations populate in the Organizations drop-down menu.
© 2021 RapidFire Tools, Inc. All rights reserved. 205

Network Detective

Reporter -- User Guide

11. Finally, select which configuration items to export. Important: Warning! If you have other integrations creating Contacts and/or Configurations in IT Glue such as a PSA and RMM, DO NOT select the Export Contacts and Export Computers options as they will create unwanted duplicates. We strongly recommend that you at least select the following check-boxes. These are enabled by default: · 'Exclude Server Features and Options' · 'Exclude Startup Programs' · 'Exclude Windows Services' If you do not select these options, the Reporter will detect and add all of these items to IT Glue which may clutter search and navigation.
© 2021 RapidFire Tools, Inc. All rights reserved. 206

Reporter -- User Guide

Network Detective

12. Again, review the configuration items that you have selected to exclude in the step above.
13. Once you set up the Connection, click Update to complete the creation of the task. The Export Task will appear in the Tasks List.
14. Click Schedule to run the Task at a specified time. Alternatively, click Run Now to run the task one time immediately. If the Export is successful, your Configuration items will appear in IT Glue. Important: Note that once the export begins, it will be placed in the API queue. It may take up to 3 hours for your results to appear in IT Glue.
© 2021 RapidFire Tools, Inc. All rights reserved. 207

Network Detective

Reporter -- User Guide

Accessing data in IT Glue after scan and export
1. Log into your IT Glue account and navigate to the Organization main page. 2. Click on a newly updated item in the Apps & Services section in the left-hand
menu. The Flexible Asset types are: l AD Domain l Domain Controller l FSMO Role l AD Computer l AD User l Security Group l Group Policy l DNS Entry l Windows Services l Enabled Server Feature l Enabled Optional Feature l Startup Programs l Non-AD Device l Microsoft SQL Server l Web Server l Time Server l Exchange Server
© 2021 RapidFire Tools, Inc. All rights reserved.
208

Reporter -- User Guide

Network Detective

l DHCP Server l Hyper-V Server l Hyper-V Guest l Printer (Attached) l Printer (Networked) l Printer (Share) l Network Share l Installed Application l License key l Missing Windows Patch 3. Open an item to see how the Reporter has automatically built relationships between the assets. 4. Active Directory users are added as IT Glue Contacts.
Note: See also Matching Criteria for Configurations for more details on how the system avoids creating duplicate assets.

Network Detective

Reporter -- User Guide

Software Appliance Diagnostic Tool
The Diagnostic Tool is used to gather relevant diagnostic information, test connectivity, manage updates, and allow remote support to the Appliance.

Available Commands
There are a number of commands available within the Appliance Manager. Location and Information
l Locate Network Detective Appliance Re-initialize the Appliance discovery process and attempts to retrieve the Device ID number and other diagnostic information.
l Get Appliance Device ID Display the Software Appliance's Device ID, used when associating the Software Appliance with a Site in the Network Detective Application.
Diagnostics and Troubleshooting
© 2021 RapidFire Tools, Inc. All rights reserved. 210

Reporter -- User Guide

Network Detective

l Appliance Diagnostics
Queries the Software Appliance for diagnostic information used to verify running status, software, connectivity, and NIC Information.
l Ping Test from Appliance
Performs a ping test directed at a specified host or IP address from the point of view of the Software Appliance itself.
Note: Network connectivity is required for the Appliance to operate properly.
l Get Log Files
Retrieves diagnostics logs from the Appliance. Returns a link to download a .zip file containing run log information which may be used for further troubleshooting.
Service Control
l Appliance Service Status
Queries the Software Appliance to return its current status. The possible statuses are as follows:
o Idle: The Software Appliance is online, but performing no action. o Queued: The Software Appliance is online and performing no action. A
schedule is active and queued to run. o Running: The Software Appliance is online and currently running a
schedule. l Appliance Service Restart
Requests a Service Restart from the Software Appliance. Exercise caution when using this command because it may interrupt any running Scan.
Updating via USB
l Update Appliance via USB
Requests the Software Appliance to update via USB. Attempts to detect a USB device. If a USB device is detected containing the necessary files is found to be connected to the Software Appliance an update will be performed.

Network Detective

Reporter -- User Guide

Note: Please ensure that a USB stick containing the update is plugged into the USB port of the system hosting the Software Appliance.
l Check USB Update Status Returns the current status of a running update. Also attempts to detect any USB device with available updates.
Remote Assistance l Toggle Remote Assistance Status Instructs the Software Appliance to make itself available for Remote Assistance and to allow a technician to access the device for support. l Check Remote Assistance Status Return the current status of Remote Assistance. l Shutdown and Restart Restarts the Software Appliance. l Shutdown Appliance Shuts down the Software Appliance.

Reporter -- User Guide

Network Detective

Augment Reporting to Eliminate False Positives
Occasionally, your customer may have a service installed that was not detected by Network Detective. With services such as antivirus and antispyware, new products are constantly being introduced to the market. Also, your customer may have a very old or very new release of an existing product. Since Network Detective is a very general-use product, reports may not always reflect a complete picture of your customer's unique circumstances.
The Augment Reports feature allows you to customize Network Detective's data analysis to better suit each of your customers. If a service is not listed in our database, you may add it through the Network Detective application. Then, re-generate the reports and the service will be properly included and displayed.
To augment your reports:
1. In Network Detective, go to Help > Augment Reporting.

The Endpoint Protection Detection screen will appear. 2. For each application you wish to add to your reports, select the type of application:
Antivirus, Antispyware, Firewall, and/or Backup.
© 2021 RapidFire Tools, Inc. All rights reserved. 213

Network Detective

Reporter -- User Guide

3. Then enter the Display Name for the Windows Service.
Note: You can find the Display Name by opening the Windows Services app from your desktop. Right click on the service and click Properties. See "Use the Excel Export Spreadsheet to Find Display Names" on the next page for an easy way to find display names for all Windows services.

Reporter -- User Guide

Network Detective

4. Next enter the Product Name for use with reporting. You can choose any name you wish for the Product Name for your Reports.
5. Repeat these steps for each app you wish to add to your reports. 6. Click OK.
When 1) you next collect data on the target endpoints and 2) generate reports, your new reports will feature information on the apps you included.
Use the Excel Export Spreadsheet to Find Display Names
You can use the Excel Export from the Network Assessment Module to find Display Names for Windows Services. This might be helpful if you want to enter several apps into the Augment Reporting tool.
© 2021 RapidFire Tools, Inc. All rights reserved. 215

Network Detective

Reporter -- User Guide

1. Generate the Excel Export Report from a NAM Assessment. 2. Open the report and navigate in Excel to the Windows Services worksheet.

3. View the service entry for the Antivirus, Antispyware,Firewall, and/or Backup software installed on the computer and include this in the Augment Reporting tool.

Reporter -- User Guide

Network Detective

Updating a Software Appliance
After installing a Software Appliance at the Site's physical location and associating the Software Appliance with a Site in the Network Detective Application, it's important to regularly update the Appliance to get the most out of the features available on the Software Appliance you are using.

Updates may include bug fixes, new features, and additional scans types. In the Network Detective Application, navigate to Network Detective ribbon bar and select the Appliances icon.
This action will display the Software Appliances window that lists all of the Appliances that are available for use from within Network Detective.

To update the selected Software Appliance, right click on the Appliance's name, and select the Update menu option presented as displayed.

Network Detective

Reporter -- User Guide

Note that the Update menu will only be visible if software updates are available. IMPORTANT: The Appliance Update Now feature, when activated to update the Software Appliance, will shut down any tasks that are currently running on the Software Appliance. Before updating the Software Appliance either stop any currently running tasks listed in the Manage Appliance Window Queued Tasks list, or perform the update after running tasks are completed.
A window will appear confirming the request for a software update.
© 2021 RapidFire Tools, Inc. All rights reserved. 218

Reporter -- User Guide

Network Detective

Two-Factor Authentication for RapidFire Tools Portal
You can increase the security of your RapidFire Tools Portal account by enabling TwoFactor Authentication (2FA). When 2FA is enabled, you will enter a second authenticator in addition to your password when you log into the Portal.
Note: 2FA is enabled on a user-by-user basis. It is NOT account wide.

Enable Two-Factor Authentication
Follow the steps below to set up 2FA in the RapidFire Tools Portal:
1. Download and install Google Authenticator on your phone. Visit Google Play or Apple Store and search for "Google Authenticator."

2. In the RapidFire Tools Portal, open your user options from User Preferences.
3. Check Enable Two-Factor Authentication.

and choose

Network Detective

Reporter -- User Guide

5. Using your Google Authenticator app on your phone, scan the QR Code on your computer screen or enter the Secret Key (Text) manually within the app.

Reporter -- User Guide

Network Detective

6. On your phone, a new Google Authenticator code will appear for your RapidFire Tools account.

7. Enter the Google Authenticator code (WITHOUT spaces) in the Login Code field (pictured above). Then click Enable Two-Factor.
If successful, the prompt below will appear:
Important: If you receive an error message, wait until the Google Authenticator code refreshes and enter the new code.
© 2021 RapidFire Tools, Inc. All rights reserved. 221

Network Detective

Reporter -- User Guide

When you next log in to the Portal, you will be prompted to enter the Google Authenticator code after you enter your username and password:

Disable 2FA
If you wish to disable 2FA, follow these steps:

1. In the RapidFire Tools Portal, open your user options from Preferences.
2. Un-check Enable Two-Factor Authentication.

and choose User

Reporter -- User Guide

Network Detective

3. Enter your authenticator code and click Disable. 2FA will then be disabled for your user.

Network Detective

Reporter -- User Guide

Set Up Custom SMTP Server Support (Reporter)
The steps below outline how to set up the use of your own SMTP Email Server to enable Reporter to send "Reports are Ready for Download" notifications by email.
Follow these steps to set up the Reporter Custom SMTP Email Server Configuration.

1. In the Network Detective window, select the Preferences icon to access the Preferences window for access to the Report Branding and Reporter Customer SMTP Server Configuration options.
The Preferences window will be displayed.
2. Select the Reporter tab within the Preferences window to access the Reporter's Custom SMTP Server settings.

Reporter -- User Guide

Network Detective

l Report From email address l Display Name l SMTP Server Address l Port Number l Security Method l SMTP Server Username and Password 4. Select the Send Test Email button to test the Custom SMTP Server configuration and email addresses.

Network Detective 5. Select your Reporter ID from the Reporter ID list.

Reporter -- User Guide

Next, select the Send button in the Send Test Emails window. The status of the send email test is displayed in the Send Test Emails window.
6. After a successful test has been completed, close the Send Test Emails window.
© 2021 RapidFire Tools, Inc. All rights reserved. 226

Reporter -- User Guide

Network Detective

Next, select the OK button in the Preferences window to save the Custom SMTP Server's Email Configuration settings.

Network Detective

Reporter -- User Guide

Client-Connector Diagram
The Remote Data Collector uploads scans to Secure Cloud Storage Area using the Client-Connector. You can download the scans from the Network Detective application. Likewise, the Reporter appliance will automatically download the scans in order to generate scheduled assessment reports.

Reporter -- User Guide

Network Detective

Using Reporter with Cyber Hawk
You can use Reporter with Scan Data collected by the Cyber Hawk Appliance to generate Network and Security Assessment Reports. In addition, when using the Security Assessment Module, you can generate an Internal Vulnerabilities Summary Report that uses the internal network vulnerability scan performed by the Cyber Hawk Appliance. To do this:
Step 1 -- Associate Reporter and Cyber Hawk with the same Site
You will first need to make sure your Site has both a Reporter and Cyber Hawk appliance associated with it. To bind an appliance to a Site:

1. Open your active assessment project and click the selector icon

2. Click Appliances.

3. Click Add. Choose the appliances to add.

4. Once you add the Reporter and Cyber Hawk appliances, select the Connectors button to add a Connector to the Site. The Connectors list window will be displayed.

Note: The Connector is required to enable the Cyber Hawk to transport its scan files to the RapidFire Tools Secure Storage Area for access by the Reporter during the scheduled report generation time. You will assign the Connector to the site as part of the normal Reporter set up process.
© 2021 RapidFire Tools, Inc. All rights reserved. 229

Network Detective

Reporter -- User Guide

5. Assign a Connector Label that specifically references the name of the Site that is going to be using the Connector. Next select the OK button to finish adding the Connector to the Site.
Note: You must have first purchased and installed the appliance on the target network before you can bind it to a site. Note also that, unlike Reporter, Cyber Hawk appliance is installed on the client's network.
See also: l "Setting Up Cyber Hawk" in the Cyber Hawk documentation at https://www.rapidfiretools.com/nd l Setting Up Reporter
Step 2 -- Configure Cyber Hawk to Upload Scans for use by Reporter
Next set up your Cyber Hawk scans to work with your Reporter. To do this:
1. Open Cyber Hawk from your Site.

2. Click Modify next to Scan Configuration.

Reporter -- User Guide

Network Detective

4. (OPTIONAL) Next, configure your Remote Data Collector Scan Tasks. See Configure Remote Data Collector Scans for more details. Note: You can generate Network Assessment and Security Assessment reports using Cyber Hawk. Use Cyber Hawk to enhance your reports with an Internal Vulnerability Scan. However, for SQL, Exchange, HIPAA, and PCI assessments, you will need to use the Remote Data Collector.
Important: Schedule your Cyber Hawk and Remote Data Collector scan tasks a few hours BEFORE your Reporter tasks. This will ensure your automated reports always contain the latest and best data.
Step 3 -- Set up Reporter to Automatically Generate Reports
The last step is to configure your Reporter tasks for automated reports. 1. Open your active assessment project and click the Reporter icon.
© 2021 RapidFire Tools, Inc. All rights reserved. 231

Network Detective

Reporter -- User Guide

2. (Optional) If you want to set up an automated External Vulnerability Scan, click the Create Scan Task button and select the Reporter (NOT the Remote Data Collector). Then configure your External Vulnerability Scan.

3. Once you've created your optional external vulnerability scan, click Create Report Tasks. Use the wizard to create your report tasks.
Tip: Use the Internal Vulnerability Scan performed by Cyber Hawk to generate an automated Internal Vulnerability Scan Report.

Reporter -- User Guide

Network Detective

l Configure Reporter to Access Scan Data and Generate Reports l Setting Up Automatic Reports by Assessment Module

Network Detective

Reporter -- User Guide

Pre-Scan Network Configuration Checklist
RapidFire Tools products can gather a great deal of information from the target network with little advance preparation and with very little footprint! However, if you are having trouble with scans, or you have the ability to configure the target network in advance, we recommend the settings below.
These checklists detail the recommended network configurations for both Windows Domain and Workgroup environments.
Note: You must have the .NET 3.5 framework installed on machines in order to use all data collector and server/appliance tools.

Checklist for Domain Environments
Share this checklist with your IT Administrator and ask them to configure your network's Domain Controller as follows:

Complete

Domain Configuration

GPO Configuration for Windows Firewall (Inbound Rules)

Allow Windows Management Instrumentation (WMI) service to operate through Windows Firewall
This includes the following rules: l Windows Management Instrumentation (ASync-In) l Windows Management Instrumentation (WMI-In) l Windows Management Instrumentation (DCOM-In)
Allow File and printer sharing to operate through Windows Firewall
This includes the following rules: l File and Printer Sharing (NB-Name-In) l File and Printer Sharing (SMB-In) l File and Printer Sharing (NB-Session-In)
Enable Remote Registry "read only" access on computers targeted for scanning.

Reporter -- User Guide

Network Detective

Complete

Domain Configuration
Note: Remote Registry access should be restricted for use by the user access account credentials to be used during network and local computer scan.

Enable the Internet Control Message Protocol (ICMP) to allow authorized ICMP echo request messages and ICMP echo reply messages to be sent and received by Windows computers and network devices.
Windows firewall rules on Windows computers may need to be created/enabled to allow a computer:
l operating a Kaseya-RapidFire Tools product network data collector to issue ICMP echo request messages to be sent to Windows computers and network devices
l to send ICMP echo reply messages in response to an ICMP echo request
Note: ICMP requests are used to detect active Windows computers and network devices to scan.

GPO Configuration for Windows Services
Windows Management Instrumentation (WMI) · Startup Type: Automatic
Windows Update Service · Startup Type: Automatic
Remote Registry · Startup Type: Automatic
Remote Procedure Call · Startup Type: Automatic
Network Shares
· Admin$ must be present and accessible using supplied credentials (usually a local admin or user in the local Computer's Administrative Security group)

Network Detective

Reporter -- User Guide

Complete

Domain Configuration 3rd Party Firewalls
· Ensure that 3rd party Firewalls are configured similarly to Windows Firewall rules described within this checklist.
Note: This is a requirment for both Active Directory and Workgroup Networks.

Checklist for Workgroup Environments
Before you perform a workgroup assessment, run the following PowerShell commands on the target network and the machine that will perform the scan. These three configurations should help you avoid most issues in a workgroup environment. Each command is followed by an explanation and link to Microsoft documentation.
1. reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\syst em /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
By default, UAC only allows remote administration tasks to be performed by the Built-in Administrator account. To work around this, this command sets the LocalAccountTokenFilterPolicy registry key to 1. This allows any local admin to perform remote administrative tasks (i.e. access to system shares C$, Admin$, etc.).
https://support.microsoft.com/en-us/help/951016/description-of-user-accountcontrol-and-remote-restrictions-in-windows
2. netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
This command creates an Inbound firewall rule to allow access to the WMI service and namespaces.
https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmiremotely-starting-with-vista
3. netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

Reporter -- User Guide

Network Detective

This command creates an Inbound firewall rule which enables File and Printer Sharing on the machine. File and printer sharing is required in order to access the Admin$ share on remote machines.
https://answers.microsoft.com/en-us/windows/forum/all/turning-on-file-and-printersharing-windows-10/bb3066eb-f589-4021-8f71-617e70854354

You can also share this checklist with your IT Administrator and ask them to configure each computer in your workgroup as follows:

Complete?

Workgroup Configuration

Network Settings

· Admin$ must be present on the computers you wish to scan, and be accessible with the login credentials you provide for the scan

· File and printer sharing must be enabled on the computers you wish to scan

· Ensure the Windows Services below are running and allowed to communicate through Windows Firewall: · Windows Management Instrumentation (WMI) · Windows Update Service · Remote Registry · Remote Desktop · Remote Procedure Call

· Workgroup computer administrator user account credentials.
Note: Before configuring scan settings for workgroups, prepare a list of the workgroup computer(s) adminstrator user account credentials for entry into the scan settings wizard.

Network Detective

Reporter -- User Guide

Complete?

Workgroup Configuration
l operating a Kaseya-RapidFire Tools product network data collector to issue ICMP echo request messages to be sent to Windows computers and network devices
l to send ICMP echo reply messages in response to an ICMP echo request
Note: ICMP requests are used to detect active Windows computers and network devices to scan.

madbuild