Admin Guide
Welcome to the Admin Guide for Policy Tester.
In this guide, you will be able to:
 Create New Folder Directories
 Create a Scan and Report Template
 Create New Scans
 Change Scan Settings and Properties
 Change Report Settings and Properties
 Create Dashboards
Please note that an Administrator account has full access
and privileges to all features available throughout Policy
Tester.
1
Welcome to Policy Tester!
http://206.16.26.119/ase/FolderExplorer.aspx
Login with your user name and password!
Welcome to the Shire Directory within Policy Tester.
2
On the left, there is the Folder Directory. You will notice
there are three current folders: Archive, BU, and
Templates.
Archive is a collection of all the older scan and report
pack tests that were created prior to 2011.
BU is the current websites hosted in the imc2 environment.
Templates includes any template that can be used to
create jobs and reports with the same configurations.
3
You can create new Folder(s) in any existing folder or
subfolder.
You can do this be clicking the Create Button after clicking
the location you want to create the new Folder. For
example, if I wanted to create a new Folder in the BU
folder, I would do the following:
First click in the BU directory, this will open up the list of
current folders in that directory.
Then click
create.
4
This is the Create Folder Option.
Policy Tester will automatically default to your Contact
Name and Information.
When you are finished, click Create.
5
You will be asked to assign permissions to this folder. You
can choose individual users to view certain folders.
Click Save.
Policy Tester will create you a new Folder in the location
and with the name that you selected.
6
Before we create a new Scan, lets create a new Template
to use for future Scans.
Click on the Templates Folder in the Folder directory.
There is currently one template created, Default_Scan.
This Scan job and Report pack are linked to one another,
such that when the Scan Template is selected to be used,
the Report pack will also be used automatically.
In order to create a template, click the Create (
) button.
7
It will bring you to this screen.
From here, you can create different objects depending on
what you want.
Content Scan Job: The basic scan job that is most
frequently used to crawl your website’s content.
Infrastructure Scan Job: Used to collect information
about a website’s technology infrastructure.
Report Pack: A bundle of reports that summarizes the
issues within its reports and provides a window into those
reports.
Dashboard: Use the dashboard to track and consolidate
severity metrics and trends of your website over time.
8
For this guide’s purposes, I will describe the Content
Scan Job and Report Pack in depth.
Select Content Scan Job.
Select an appropriate name.
Scroll down for more options.
9
After scrolling down, you will see more options.
Automatic Report Pack Creation: You can decide whether
or not to automatically create a report pack when a scan is
created. To toggle this on or off, use this option. For now,
we will leave it on.
Method of Creation: Using default properties will set the
scan properties at their default settings. If you use a file,
you can import scan properties from a previously saved
file. An example would be if I had wanted to use the scan
settings from my Tier 1 Scan job, but use different reports
in a report pack, I could import a settings file that I saved
from the other Scan Template.
10
Click Create when finished. It will take you to this screen:
This is your Scan Job’s settings. Each section on the left
is clickable in order to configure your scan to your needs.
If you chose default properties on the page before, the
scan will automatically be set with default properties.
What to Scan: This section is to tell Policy Tester what
website to scan.
Starting URLs: The URL to start the crawl from.
Note: Make sure you include WWW.* if the website
includes it.
Scroll Down.
11
These are additional settings you may want to explore. For now, leave
them blank.
Manual Explore: This section allows you to include URLs that you want to
manually explore. This requires a Plugin. You can add additional URLs and
domains to the job by exploring them manually.
Domains Included in the Starting URLs: A list of domains that are currently
included in the scan because they are inherited from the starting URLs.
Any pages with these domains that the job encounters will be scanned and
analyzed for issues.
Additional Servers and Domains: A list of domains that are currently
included in the scan, in addition to those inherited from the starting URLs.
This list includes those discovered during Manual Explore or Recorded
Login. Add domains that should also be scanned and analyzed. The global
list includes domains from the Starting URLs of all jobs in your current
installation, and any other domain manually added to it.
Choose Login Management.
12
Login Management: Use this page to configure how the
scan handles login and logout pages. Use a login
sequence to follow a complex login process or enter
regular expressions for detecting logout pages that the
scan will encounter. Logout pages are identified to prevent
the scan from logging out of the application or website
prematurely.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_jo
b_advancedlogin
For this guide’s example, we are going to leave None
selected.
Select Environment Definition.
13
Environment Definition: Use this page to provide the
scan with a wide range of information about the
application environment, so that it can test your site faster
and more efficiently.
Environment definition prevents the scan from sending non-relevant tests,
resulting in a faster and more accurate scan. Here are some questions that
can help you properly define your environment:
1.What is the operating system being used? The Web Servers report
can help you determine this information.
2.What is the web server that is being used? The Web Servers report
can help you determine this information.
3.Does the site contain an application server? If so, what kind is being
used?
4.Does the site use a database? If so, what kind of database is it?
5.Are there any third party components installed on the site? If so, what
kinds?
6.Will the test be conducted on a production site or a test site?
7.Will the site be deployed internally or externally?
8.Is the site a remote or local installation?
14
We are only going to use these four settings for now:
Win32, Local, Production, Externally
Click Exclude Paths and Files, underneath Login
Management.
Exclude Paths and Files: Exclusions are used to exclude specific files,
directories or file types from being analyzed during the scan. You might
have a section of your site that would negatively affect the overall scan
results if it was included in the analysis, possibly because it is under
construction and has known issues. By excluding this section of your site,
you can prevent it from affecting the report and dashboard results.
Note: When false positives appear in the broken links report, you may want
to exclude the URL path from being searched. You can do this by clicking
the New URL Exclusion option.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_exclusions
Click on Explore Options.
15
Explore Options: Use this page to specify how the scan job will scan for
URLs in JavaScript™ and Flash components or to specify some of the
limitations you want to place on the scan.
For our purposes, we will uncheck Enable Flash to discover URLS.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_explore_options
Continue on with Parameters and Cookies
16
Parameters and Cookies: This page lists parameters and cookies that
require special treatment, such as session IDs and parameters, that you do
not want the scan to manipulate. You can also use this page to exclude
parameters and cookies from tests or normalization rules.
For this guide’s purpose, we will ignore these selections. Below is a more in
depth look.
Note: You can scroll down and over on the parameters and cookies section
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_parameters_c
ookies
Click on Automatic Form Fill.
17
Automatic Form Fill: Use the Automatic Form Fill page to supply a
content scan job with values for form fields that it encounters. Using the
field values that you provide, the scan can continue uninterrupted to
discover more URLs and content for analysis.
For this guide’s purpose, we will turn off Automatic Form Fill.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_auto_form_fill
Click on General Scan Options.
18
General Scan Options: Use this page to control how the
job navigates the site, and to manage the dictionaries (for
spell checking in Policy Tester™) and custom error pages
that the job finds during its scan.
For this guide, we will change the Supplemental dictionary
option to US English Medical.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_scan_options
Continue on with Advanced Options.
19
Advanced Options: Use advanced scan options to
programmatically extend functionality so that the scan job
can scan for data and technologies that might be specific
to your environment.
For the guide’s purpose, we will leave all numbers at their
default.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_jo
b_advanced_options
Continue on with Connections
20
Connections: The Connections page defines the scan job's behavior as it
connects to your network. If the proxy server is improperly configured,
external and possibly internal links might be reported as broken.
For our Guide’s Purpose, we will change Connection
Timeout to 30 seconds
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_jo
b_connetions
Continue on with Log Settings
21
Log Settings: Use the Log Settings page to enable, disable and configure
the logging of events related to items that are run, such as a job, report
pack or dashboard.
Where you choose to save the log determines how accessible it is to users.
When the log is saved to the database, it is available to users with a Job
administrator role or higher. When it is saved as a file, it is only accessible
from the Server; you must have access to the server to view the log.
For this Guide’s Purpose, we will leave all default settings alone.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_log
Click on Agent Server.
22
Agent Server: The Agent Service is a Windows® service that monitors the
database for jobs to perform. When a job, report pack or dashboard is
ready to run, it is added to a queue and the Agent Service spawns an agent
to run it.
During installation you can install agents on different servers. Providing that
you have installed agents this way, you can run the current job on a
specific agent server. If the agents have not been installed on different
servers, you cannot change any settings on this page.
For this guide’s purpose, we will leave it at No
Designated Server.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_agent_server
Continue on with Job Properties.
23
Job Properties: A content scan job scans your website and discovers as
much content as possible. The Website Architecture and the File Inventory
reports can help you see how much of your website a content scan job has
actually scanned. Use these reports to help you determine what areas of
the website or what technologies your job might be missing so you can
tweak its properties to get better coverage of the site.
If the job properties are grayed out and they cannot be edited, you must
take ownership of the job because you were not its creator; click Take
Ownership.
For the Guides’ purpose we will leave these at default.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_job_genprops
Click on Template Configuration.
24
Template configuration: Use this page to select the content scan job
options a QuickScan user can edit when they use the scan template you
have created for them. A scan template simplifies the process of creating
and configuring scan jobs and report packs for users who do not have indepth product knowledge but must run scans to complete their assigned
workflow tasks. QuickScan users might be developers or quality assurance
personnel in your organization.
For the guide’s purpose we will change the explore method to Starting
URL.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_content_quickscan
_config
Now click Save. This will save your report’s configuration.
25
After clicking save, it will bring you to this screen.
Your newly created scan should show up here, along with
an automatically created report pack.
You can edit your Scan at any time by clicking the Edit
button next to the name of the Scan Job.
The next step is to configure the report pack in the way
that you will utilize.
26
Back in the Template Folder, you should see your nearly created Scan
(Teir_2_Scan) and a Report Pack with the same name as your scan.
If the report pack does not encompass the same name as your scan job
template, they will not run and will not be usable as a template for other
scans.
Click Edit for the Report Pack that you just created.
27
This is the screen you will be brought to. This screen shows the Source Job
that is currently reporting to this Report Pack. You will notice it should be
the scan with the same name as the report pack.
This is done automatically because of the checkbox we marked on the
scan configuration.
You can add multiple scans to report to a single report pack.
Select General Properties.
28
You can change General Properties of your Report Pack.
For this guide, we will change the Description to “This is a Test”.
If you wanted to Export the saved properties to a document in order to
keep a backup of your settings file, click the Export Properties Button.
In the Status tab, it provides you the date and time of when the Report
Pack was last run, and also provides its next scheduled date and time.
Click on Reports.
29
This brings you to the selection of which Reports you would like to include
in your scan. If you recall, our Tier_2_Scan report pack had 25 different
reports currently running (this is the default).
This list shows all the current reports running within your report pack. In
order to add more or delete some, scroll down on the page.
Click Add Reports( ).
30
This is the list of Reports that are available within Policy Tester. The reports
that are eliminated from being checked are the reports currently selected to
be included already.
The reports that are black are able to be added to your report pack.
Scroll down for more.
31
There are a total of 44 reports that are available within Policy Tester.
Any combination can be run together. On the right side, Policy Tester has
placed a category name on each report.
For this Report Pack, I am going to run all Privacy reports.
Scroll through and find the reports categorized as privacy and add them to
the Report Pack. Click Add.
32
It will take you back to the Report screen. Now we must remove all the
reports that are not listed as Privacy.
Sort Modules by clicking on the Modules Tab. This will align the categories
based on alphabetic rules.
Anything that has Privacy listed, I will keep. Anything that does not, I will
remove from this Report Pack.
After you have selected all of those you would like to remove, click
Remove( ).
33
Now you should have the Reports that you have selected.
For more information on what the reports specifically do, refer to the
following links:
For Inventory Reports:
http://publib.boulder.ibm.com/infocenter/asehelp/v8r0m0/nav/1_6_6
For Privacy Reports:
http://publib.boulder.ibm.com/infocenter/asehelp/v8r0m0/nav/1_6_7
For Quality Reports:
http://publib.boulder.ibm.com/infocenter/asehelp/v8r0m0/nav/1_6_8
The IBM built in support is good at explaining each report’s importance.
Next Click on Page Filters.
34
Page Filters: You can include and exclude pages from the report pack to
reduce noise in your report results.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_reportpack_url_filt
ers
For our Guide’s purpose, we are going to leave this section blank.
Move onto XRule Filters.
35
XRule Filters: To filter the report results, add XRules that identify data to
include in the report pack or XRules that exclude data from it. An XRule
filter acts like a powerful Search tool in a word processing application that
can search for the presence or the absence of something. The options in
the Included Data section and the Excluded Data section behave the same.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_reportpack_xrulefilt
ers
For this Guide’s Purpose, we will also leave this section Blank.
Continue with Options.
36
Options (report pack): Use the Options page to define how much trend
data should be kept for the reports in your report packs. For example, if you
run a certain report pack on a daily basis, you can save the report trend
data for five days. If you run the report pack weekly, you can save its data
for one month.
The trend data is available when you click the history graph in a report pack
summary. Historical data is also available on a dashboard.
For this Guide’s Purpose, we also will leave the settings on Options at its
default.
Continue with Log Settings.
37
Log Settings: Use the Log Settings page to enable, disable and configure
the logging of events related to items that are run, such as a job, report
pack or dashboard.
Where you choose to save the log determines how accessible it is to users.
When the log is saved to the database, it is available to users with a Job
administrator role or higher. When it is saved as a file, it is only accessible
from the Server; you must have access to the server to view the log.
Refer to this link for additional help:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=idh_log
For this Guide’s Purpose, we will leave the settings at their defaults.
If you would like to edit User and Group privileges and access, click on
Users and Groups.
If not, skip that step, and select Save.
38
You will now notice that our Report Pack has been updated from it’s
previous 25 reports to 10.
Now we have created and edited a Template. From this, we can create
multiple Scan Jobs and Report Packs with consistent properties.
In order to test our new Template, Click on the BU folder in the Folder
Directory.
39
Now we are in the New Folder 1 that we have previously created.
In order to create a QuickScan using our Created Template, you must
select the Template Name from the drop down box. Ours is Tier_2_Scan.
Note: Default_Scan was our Tier 1 Scan job and Report Pack.
40
After having selected Tier_2_Scan, type the website in the URL box to
scan. For this guide, we will use www.daytrana.com
Note: If the WWW.* is included in the URL, you must include it as well.
Press Create QuickScan ( ).
This will create a QuickScan of www.daytrana.com using the Tier 2
Template that we have created. It will place this Scan Job and Report Pack
inside New Folder 1 which is located in the BU directory.
41
Remember to edit the Scan Name to something easily sortable.
Also make sure that your Starting URL is the correct URL of the website
you want to scan.
If you wanted to change this specific scan’s properties from something
different than the template, click Advanced Scan Configuration.
By clicking the Advanced Scan Configuration link, it will bring you here:
42
For more details and information on changing the scan, refer back to page
11 of this guide.
If you return to New Folder 1, you will see our newly created Scan Job and
Report Pack.
Mark the Scan Job and click Run (
).
Now while we wait for the Scan Job to Run, I will show you another way to
create a Report Pack and Scan Job.
Go to the BU Folder in the ASE Directory.
Click on New Folder 1.
43
Lets say you wanted to create a Scan Manually, but import the properties
from a document.
First we have to save an export of the Scan Job Properties.
Click Edit on the Scan Job that you would like to save properties from.
Go to Job Properties.
44
Click Export Properties.
Click Save.
45
Go Back to New Folder 1 by clicking it in the Directories links.
Do not Save Changes.
Click Create… (
)
46
This is another way to create Scan Job rather than use QuickScan.
QuickScan is preferred when you have a Template created in the Policy
Tester environment.
Name the scan appropriately.
Scroll down to Method of Creation. Select Use Settings File. Click
Browse.
47
Find the appropriate File.
If you also want to manually create the Report Pack and apply its custom
settings using this same method, uncheck this box.
To create the Report Pack, follow these same steps except Select Report
Pack instead of Content Scan Job.
Note: Remember to export a Report Pack’s properties in order to use the
settings file.
Your Scan Job has been created.
48
Now let’s go back and look at our Original Report Pack to
confirm that it ran.
Click on the Report Pack daytrana.com (or whatever it
was you named it)
Examine each report.
Look for any issues that may have occurred.
49
Go back to New Folder 1.
There is one more feature within Policy Tester.
In this current folder (New Folder 1), click Create…(
)
Select Dashboard.
G
Give the Dashboard an appropriate name.
50
For this guide, we will name it Dashboard_Tier2.
Click Create
This will bring you to the Dashboard Properties windows.
What is a Dashboard?
A dashboard summarizes the condition of a website by presenting report
data from the analysis. You choose the report packs that the dashboard
draws its results from. In one situation, each dashboard can represent a
different set of issues to be monitored. In another situation, each
dashboard can represent a different business unit within the organization.
In yet another situation, you can have a dashboard that summarizes similar
sets of data; for example, if you have folders broken up by business unit,
you can have the dashboard automatically pull report packs from each
folder and see all the data in one place.
51
Tabs page: When you open a dashboard you'll see that its report data is
organized into tabs. Each tab can have different information, depending on
the report packs and reports that comprise it. For example, one tab might
show security issues and another tab might show compliance issues. A tab
might even show certain compliance issues, such as only the California
Assembly Bill No. 1950 and the Data Protection Act compliance reports.
When creating a tab, you choose which report pack or folder to use, and
which of its reports will contribute data to that tab.
Change the position of the tab on the dashboard. Tabs are positioned left
to right. A tab at the top of the list is displayed in the far left position on the
screen.
Click Create Tab…(
)
52
On the Create Tab page, give the tab a meaningful Name and Description
(optional).
Select the type of tab and click Create:
Graphical summary: Use this type of dashboard to view a graphical
executive summary. The types of graphical summary tabs available depend
on the product you are using.
Detailed summary by Module: Use this type of dashboard to view issues
by many report types over a few report packs.
Detailed summary by Report Pack: This type of dashboard provides a
focused view on a small set of issues. For example, you can might have
hundreds of report packs for your organization, but you are just interested
in fixing broken links before you address other issues.
Refer to this link for additional help:
http://publib.boulder.ibm.com/infocenter/asehelp/v8r0m0/index.jsp?lang=enUS&topic=/com.ibm.ase.help.doc/topics/c_dashboard_scenarios.html
For this Guide, we will use Graphical Summary – Privacy.
Select the one you want and click Create.
53
Select the Reports that you would like the Dashboard to view.
For this Guide, I will select all Privacy Modules.
Click Apply and Save.
54
There is the tab that we have created.
You can create multiple Tabs in one Dashboard to view more than one
issue. Or you can dedicate one Dashboard per issue module.
You can change simple options and settings, or set the Dashboard to run
on a Schedule by using any of the properties settings.
You can also restrict User and Group access.
Click Save. Run the Dashboard.
55
After your Dashboard has run, open it.
The Dashboard gives your data a different look.
It categorizes it and sorts it into graphical views for the user.
For more in-depth instructions and descriptions, refer to:
http://206.16.26.119/ase/Help/CSHelp.aspx?helpid=Repor
tTypeId_112
This completes the Administrator Guide to Policy Tester.
For any further questions, issues, or concerns visit IBM’s
Policy Tester support:
http://publib.boulder.ibm.com/infocenter/asehelp/v8r0m0/in
dex.jsp?lang=en-US
56