Full K-Shield Workflow

Use this guide when you need the complete K-Shield workflow shown in the current screenshots: dashboard review, VM-level scanning, managed-node review, monitoring, compliance validation, and report downloads. New users should follow the sections in order: start with Node-Level Dashboard, review VM-Level Dashboard, complete any VM scan or schedule review, then open managed-node Overview, History, Monitoring, and Compliance.

1. Node-Level Dashboard

When to Use:

Use this first when reviewing the node-level dashboard shown below.

Purpose:

Review the node-level dashboard cards, charts, node table, and top vulnerabilities.

Steps:

  1. Open K-Shield -> Dashboard.

  2. Select Node level.

  3. Review category score cards across the top.

  4. Review fleet summary cards.

  5. Review the trend chart, risk distribution, security nodes table, and top vulnerabilities.

  6. Select a managed node if you need details.

K-Shield node-level dashboard

K-Shield node-level dashboard.

What this screenshot shows:

  • Managed nodes in the left panel.

  • Node level selected on the dashboard.

  • Node level and VM level tabs at the top of the dashboard.

  • Category cards for operating systems, databases, web servers and apps, network devices, virtualization, and storage.

  • Fleet cards for Total Nodes, Compliance Score, Risk Level, Total Findings, Scanned, and Not Scanned.

  • Compliance Trend Chart and Risk Distribution.

  • Security Nodes and Top Vulnerabilities tables.

What you can do from this screen:

  • Identify scanned and not-scanned node counts.

  • Compare node compliance scores.

  • Review CAT I, CAT II, and CAT III distribution.

  • Open a managed node from the table or left panel.

  • Use the selected managed-node card in the left panel to confirm which node will open.

  • Use top vulnerabilities to find repeated issues across nodes.

  • As a new user, start here before opening managed-node details.

Expected Outcome:

  • The node-level dashboard information is visible and readable.

  • Managed nodes are available for selection.

If this fails:

  1. Refresh the dashboard.

  2. Confirm managed nodes appear in the left panel.

  3. Confirm the Node level tab is selected.

2. VM-Level Dashboard

When to Use:

Use this when reviewing the VM-level dashboard shown below.

Purpose:

Review the VM list, VM status, K-Shield responding status, compliance score, and last scan data.

Steps:

  1. Open K-Shield -> Dashboard.

  2. Select VM level.

  3. Open VM List.

  4. Review VM status and K-Shield responding status.

  5. Check compliance score and last scan details.

  6. Select one or more eligible VMs when a scan is required.

K-Shield VM-level VM list

K-Shield VM-level dashboard.

What this screenshot shows:

  • VM level selected on the dashboard.

  • VM List, Batch History, and Schedule History tabs.

  • VM scan eligibility table.

  • VM name, IP, VM status, node IP, K-Shield responding state, compliance score, and last scan.

  • Eligibility filter dropdown, Schedule scan button, Run VM scans button, and refresh icon.

What you can do from this screen:

  • Find VMs shown in the eligibility table.

  • Confirm whether K-Shield is responding for each VM.

  • Use row checkboxes to select VMs before running or scheduling scans.

  • Run immediate VM scans.

  • Schedule VM scans.

  • Use the refresh icon to reload VM eligibility.

  • Open batch and schedule history.

  • As a new user, review this after the node-level dashboard so both dashboard scopes are covered.

Expected Outcome:

  • VM-level dashboard information is visible and readable.

  • VM scan actions are visible on the page.

If this fails:

  1. Refresh the VM list.

  2. Confirm the VM level tab is selected.

  3. Confirm VM rows are visible.

3. Run VM Scans

When to Use:

Use this when selecting VMs from the VM list shown below.

Purpose:

Select VMs and open the scan action shown on the VM-level dashboard.

Steps:

  1. Open K-Shield -> Dashboard -> VM level.

  2. Open VM List.

  3. Select one or more VMs.

  4. Click Run VM scans.

  5. Select the correct security profile for each VM.

  6. Choose Run now when immediate validation is required.

K-Shield run VM scans selection

VM scan selection from the VM-level dashboard.

What this screenshot shows:

  • Eligible VM rows selected for scanning.

  • Row checkboxes showing selected VMs.

  • VM status and K-Shield responding status.

  • Run VM scans action available.

  • Schedule scan action and refresh icon beside the scan action.

  • Compliance score and last scan information.

What you can do from this screen:

  • Select VMs for a batch scan.

  • Filter to eligible VMs.

  • Open the VM scan dialog.

  • Use the refresh icon if eligibility or scan state looks stale.

  • Refresh scan eligibility.

Expected Outcome:

  • Selected VM rows are clear.

  • The Run VM scans action is available.

If this fails:

  1. Confirm at least one VM row is selected.

  2. Refresh the VM list.

  3. Confirm the Run VM scans button is visible.

4. Start or Schedule VM Scan

When to Use:

Use this after the scan dialog shown below opens.

Purpose:

Review selected VMs, profile selectors, and run or schedule controls.

Steps:

  1. Confirm the selected VMs in the dialog.

  2. Select the correct security profile for each VM.

  3. Choose Run now for immediate execution.

  4. Choose Schedule for future execution.

  5. If scheduling, select the date and time.

  6. Click the visible scan or schedule action.

K-Shield start or schedule VM scans

Start VM Scans dialog.

What this screenshot shows:

  • Selected VMs.

  • Selected VM chips at the top of the dialog.

  • Per-VM security profile selectors.

  • Execution controls for Run now and Schedule.

  • Date and time fields for scheduled execution.

  • Close icon in the upper-right of the dialog.

  • Final Schedule Scan action.

What you can do from this screen:

  • Assign different profiles to different VMs.

  • Run the selected scans immediately.

  • Schedule scans for the selected date and time.

  • Use the close icon or Cancel if the selected VMs or profiles are wrong.

  • Cancel if the wrong VMs or profiles were selected.

Expected Outcome:

  • Selected VMs and profile selectors are visible.

  • Run and schedule controls are visible.

If this fails:

  1. Reopen the dialog.

  2. Confirm selected VMs are listed.

  3. Confirm profile selectors are visible.

  4. Confirm date and time fields are visible when Schedule is selected.

5. Schedule VM Scan Selection

When to Use:

Use this when the schedule selection screen shown below is open.

Purpose:

Review the schedule selection controls for the selected VMs.

Steps:

  1. Select eligible VMs from VM List.

  2. Click Schedule scan.

  3. Confirm selected VMs.

  4. Select profiles.

  5. Select date and time.

  6. Save the schedule.

K-Shield schedule VM scan selection

VM scan schedule selection.

What this screenshot shows:

  • Selected VM scan schedule flow.

  • Selected VM chips and security profile selectors.

  • Security profile selection.

  • Schedule controls for date and time.

  • Cancel and final schedule action.

What you can do from this screen:

  • Prepare a scheduled VM scan.

  • Review schedule controls.

  • Confirm the selected baseline profile before saving.

  • Cancel before saving if the selected VM or time is incorrect.

Expected Outcome:

  • Schedule controls are visible.

  • Selected VM scan details are visible.

If this fails:

  1. Confirm at least one VM is selected.

  2. Confirm the selected time is valid.

  3. Refresh and retry.

6. VM Batch History

When to Use:

Use this when viewing the VM batch history screen shown below.

Purpose:

Review VM scan batch records.

Steps:

  1. Open K-Shield -> Dashboard -> VM level.

  2. Open Batch History.

  3. Review scan batch status.

  4. Confirm included VMs.

  5. Check start and completion times.

  6. Review rows that need attention.

K-Shield VM batch history

VM batch history.

What this screenshot shows:

  • VM scan batch history.

  • Batch execution records.

  • Status and timing information.

  • Batch history tab selected in the VM-level view.

What you can do from this screen:

  • Confirm that a VM scan batch started.

  • Review which VMs were included.

  • Review visible status badges.

  • Identify rows with incomplete or non-success status.

  • Review batch status information.

Expected Outcome:

  • VM batch records are visible.

  • Batch status and timing information are visible.

If this fails:

  1. Refresh batch history.

  2. Confirm the Batch History tab is selected.

  3. Confirm batch rows are visible.

7. VM Schedule History

When to Use:

Use this when viewing the VM schedule history screen shown below.

Purpose:

Review scheduled VM scan records.

Steps:

  1. Open K-Shield -> Dashboard -> VM level.

  2. Open Schedule History.

  3. Confirm the scheduled scan appears.

  4. Review schedule time and target VMs.

  5. Check completed scheduled runs after execution time.

K-Shield VM schedule history

VM schedule history.

What this screenshot shows:

  • Scheduled VM scan records.

  • Schedule history tab.

  • Scheduled or completed execution information.

  • Schedule history tab selected in the VM-level view.

What you can do from this screen:

  • Verify scheduled scans.

  • Review past scheduled scan runs.

  • Confirm scheduled scan records.

  • Use visible status/timing fields to confirm the scheduled entry.

Expected Outcome:

  • Schedule history records are visible.

  • Schedule details are readable.

If this fails:

  1. Refresh schedule history.

  2. Confirm the Schedule History tab is selected.

  3. Confirm schedule rows are visible.

8. Dashboard Help

When to Use:

Use this when a user needs help interpreting K-Shield dashboard fields.

Purpose:

Explain the node-level and VM-level dashboard areas without leaving the K-Shield workflow.

Steps:

  1. Open K-Shield -> Dashboard.

  2. Click the help icon.

  3. Review dashboard guidance.

  4. Return to the dashboard.

K-Shield dashboard help

K-Shield dashboard help.

What this screenshot shows:

  • Dashboard help content.

  • Guidance for node-level and VM-level dashboard review.

  • Help icon that opens the dashboard guidance.

What you can do from this screen:

  • Confirm what dashboard fields mean.

  • Help a new user understand the workflow.

  • Use the help icon when a dashboard field is unfamiliar.

  • Return to dashboard review after reading guidance.

Expected Outcome:

  • Dashboard help content is visible.

If this fails:

  1. Close and reopen the help panel.

  2. Refresh the page.

  3. Confirm the help icon is visible.

9. Managed Node Overview

When to Use:

Use this when viewing the managed-node overview screen shown below.

Purpose:

Review the selected node’s overview cards, security score panel, and vulnerability table.

Steps:

  1. Open K-Shield -> Dashboard -> Node level.

  2. Select a managed node from the left panel or Security Nodes table.

  3. Open Overview.

  4. Review score cards and security score panel.

  5. Review vulnerabilities.

  6. Filter by severity when triaging findings.

K-Shield managed-node overview

Managed-node overview.

What this screenshot shows:

  • Managed-node breadcrumb.

  • Tabs for Overview, History, Monitoring, and Compliance.

  • Start Security Scan action.

  • Selected managed-node card in the left panel.

  • Overview cards for Compliance Score, System Status, CAT I Issues, CAT II Issues, and CAT III Issues.

  • Compliance Trend chart for score movement across scan dates.

  • Security Score Panel with profile, security posture, zero-day vulnerabilities, remediation pending, top vulnerability category, last scan status, and last scan completed.

  • Vulnerabilities table with internal ID, title, type, external ID, CWE ID, severity, CVSS, and detected-on date.

  • Severity filter for vulnerability rows.

What you can do from this screen:

  • Confirm the latest scan status.

  • Review compliance score and issue counts.

  • Review the security profile and posture in the score panel.

  • Filter vulnerabilities by severity.

  • Use linked IDs in the table to inspect specific rows when available.

  • Start a new security scan.

  • Move to history, monitoring, or compliance tabs.

Expected Outcome:

  • The selected node overview information is visible.

  • Overview cards, trend chart, score panel, and vulnerability rows are visible.

If this fails:

  1. Refresh the managed-node page.

  2. Confirm the selected node appears in the breadcrumb.

  3. Confirm the Overview tab is selected.

10. Run Security Scan for the Node

When to Use:

Use this when the node overview screen shows the Start Security Scan action.

Purpose:

Start the security scan action visible on the selected node screen.

Steps:

  1. Open the target managed node.

  2. Click Start Security Scan.

  3. Select the approved security profile.

  4. Start the scan.

  5. Return to Overview or History after the scan action is submitted.

K-Shield managed-node start scan

Node security scan start flow.

What this screenshot shows:

  • Node overview context.

  • Start Security Scan action.

  • Scan start workflow for the selected node.

  • Same node tabs remain visible so the user can return to Overview or History.

What you can do from this screen:

  • Start a security scan for the node.

  • Confirm the target node before scanning.

  • Use the visible tab row to return to Overview or History after starting the scan.

  • Return to the node tabs after the scan action.

Expected Outcome:

  • Start Security Scan is visible.

  • The selected node context is clear before starting the scan.

If this fails:

  1. Refresh the node page.

  2. Confirm the selected node is still visible.

  3. Confirm the Start Security Scan action is visible.

11. Managed Node History

When to Use:

Use this when viewing the managed-node history screen shown below.

Purpose:

Review scan records and report actions visible in the history tab. The report icons in the Reports column download the scan output as HTML and PDF files.

Steps:

  1. Open a managed node.

  2. Click History.

  3. Go to the Scan History table.

  4. Find the scan row you want to review.

  5. Confirm the row status, date and target, profile, compliance score, and vulnerabilities count.

  6. Move to the Reports column on the same row.

  7. Click the HTML report icon to download the HTML report file.

  8. Click the PDF report icon to download the PDF report file.

  9. Open the downloaded report file from your browser downloads when you need to review it outside K-Shield.

K-Shield managed-node history

Managed-node history.

What this screenshot shows:

  • Managed-node history tab.

  • Summary cards for compliance score, compliance grade, and vulnerabilities.

  • Previous Scan Details with scan time, initiator, top risk category, and common vulnerability type.

  • Recent Changes cards for new vulnerabilities and vulnerabilities closed.

  • Compliance Gap Analysis values for improving controls and declining controls.

  • Scan History table with scan ID, date and target, status, profile, compliance score, vulnerabilities, and report actions.

  • Refresh and Refresh History buttons.

  • Report icons for HTML and PDF downloads in the Reports column.

What you can do from this screen:

  • Confirm scan completion.

  • Compare scan runs.

  • Use Refresh or Refresh History to reload the history view.

  • In the Reports column, use the report icons on the scan row to find and download the available reports.

  • Click the HTML report icon to download an HTML file.
  • Click the PDF report icon to download a PDF file.

  • Use downloaded reports for review outside the dashboard.

  • Identify rows with incomplete or non-success status.

Expected Outcome:

  • Scan records are visible for the selected node.

  • Status and HTML/PDF report actions are readable.

If this fails:

  1. Refresh history.

  2. Confirm the History tab is selected.

  3. Confirm scan rows are visible.

  4. Confirm the Reports column contains the report icons.

12. Managed Node Monitoring

When to Use:

Use this when viewing the monitoring screen shown below.

Purpose:

Review Nmap score, open ports, unexpected ports, Rkhunter status, and Rkhunter warnings.

Steps:

  1. Open a managed node.

  2. Click Monitoring.

  3. Review monitoring cards.

  4. Review Nmap Network Scan details.

  5. Review Open Ports and Unexpected Ports.

  6. Review Rkhunter status and history.

K-Shield managed-node monitoring open ports

Managed-node monitoring open ports.

What this screenshot shows:

  • Nmap Score.

  • Open Ports Summary.

  • Unexpected Ports count.

  • Rkhunter Status and Rkhunter Warnings.

  • Nmap Network Scan details such as hostname, scan ID, scan time, and total ports scanned.

  • Port security risk timeline panel.

  • Open Ports and Unexpected Ports tabs.

  • Open ports table with service impact notes and View details buttons.

What you can do from this screen:

  • Review detected open ports.

  • Review port, protocol, service, and impact fields.

  • Confirm whether services are expected.

  • Click View details for a port row when available.

  • Review monitoring values shown on the screen.

Expected Outcome:

  • Monitoring cards and open-port rows are visible.

  • Nmap and Rkhunter fields are readable.

If this fails:

  1. Refresh the monitoring tab.

  2. Confirm the Monitoring tab is selected.

  3. Confirm monitoring cards are visible.

13. Unexpected Ports

When to Use:

Use this when viewing the unexpected-ports screen shown below.

Purpose:

Review the unexpected-port rows and impact guidance shown on the screen.

Steps:

  1. Open Monitoring.

  2. Select Unexpected Ports.

  3. Review each port, protocol, and service.

  4. Review the impact text.

K-Shield managed-node monitoring unexpected ports

Managed-node unexpected ports.

What this screenshot shows:

  • Unexpected ports tab.

  • Detected ports and services that need review.

  • Impact guidance for exposed services.

  • Port row fields such as port, protocol, service, impact, and details action.

What you can do from this screen:

  • Review unexpected listener details.

  • Review service and impact text.

  • Use the visible details action on a port row when available.

Expected Outcome:

  • Unexpected port rows are visible and readable.

If this fails:

  1. Refresh the monitoring tab.

  2. Confirm Unexpected Ports is selected.

  3. Confirm unexpected-port rows are visible.

14. Rootkit Hunter Monitoring

When to Use:

Use this when viewing the Rootkit Hunter monitoring information shown below.

Purpose:

Review the Rootkit Hunter status and warning fields shown on the monitoring screen.

Steps:

  1. Open the managed node.

  2. Click Monitoring.

  3. Review Rkhunter Status.

  4. Review warnings and scan history.

  5. Review the displayed status and warning fields.

K-Shield managed-node monitoring rootkit hunter

Managed-node Rootkit Hunter monitoring.

What this screenshot shows:

  • Monitoring tab with unexpected ports and Rootkit Hunter information.

  • Rootkit Hunter System Status.

  • Scan summary cards for files verified, suspect files, rootkits checked, possible rootkits, checks passed, and checks failed.

  • Last scan completed timestamp and duration.

  • Rootkit Hunter scan history table with scan ID, scan time, warnings, status, reports, and view details.

  • Report icons and View buttons in the scan history table.

What you can do from this screen:

  • Confirm whether Rkhunter status is clean.

  • Review warning count.

  • Review scan time.

  • Use report icons when reports are available.

  • Click View to inspect a scan row when available.

  • Review Rootkit Hunter fields shown on the screen.

Expected Outcome:

  • Rootkit Hunter status information is visible.

If this fails:

  1. Refresh monitoring.

  2. Confirm Monitoring is selected.

  3. Confirm Rkhunter fields are visible.

15. FIPS Security Profile

When to Use:

Use this when the Compliance screen shows FIPS security profile as the selected compliance framework.

Purpose:

Explain what the FIPS profile means on the Compliance screen and how it helps a user understand the security health of the selected node.

Steps:

  1. Open a managed node.

  2. Click Compliance.

  3. Locate Compliance framework.

  4. Confirm the selected framework is FIPS security profile.

  5. Review the profile chip on the right to identify the exact XCCDF profile ID.

  6. Review the score gauge for percentage, status, and grade.

  7. Review passed, failed, not applicable, and could-not-evaluate counts to understand how healthy the node is against the selected profile.

K-Shield FIPS security profile

FIPS security profile on the managed-node compliance screen.

What this screenshot shows:

  • Compliance framework set to FIPS security profile.

  • Profile chip showing the exact XCCDF profile ID.

  • Score gauge with percentage, status, and grade.

  • Summary cards for profile, passed, failed, not applicable, could not evaluate, and last scan.

What FIPS Means Here:

FIPS security profile is the compliance framework selected for this node. In this view, it is used as a security baseline: K-Shield checks the node against the rules in that profile and reports how many checks passed, failed, did not apply, or could not be evaluated.

How to Read Node Security Health:

  • A higher score and better grade indicate the node is closer to the selected FIPS baseline.

  • Passed shows controls that matched the profile.

  • Failed shows controls that did not meet the profile and need review.

  • Not applicable shows controls that do not apply to this node.

  • Could not evaluate shows checks where K-Shield could not determine a result.

  • Last scan shows when this compliance health view was last updated.

What you can do from this screen:

  • Confirm which FIPS profile was used for the node.

  • Use the profile chip when you need the exact XCCDF profile ID.

  • Use the score gauge to understand whether the node is passing or failing the selected profile.

  • Use passed, failed, not applicable, and could-not-evaluate counts to understand the scan result breakdown.

  • Use the failed count and findings table to decide what needs attention first.

Expected Outcome:

  • The selected FIPS framework is clear.

  • The exact profile ID, score, status, grade, and result counts are visible.

  • The user can tell whether the node looks healthy or needs review against the FIPS profile.

If this fails:

  1. Refresh the compliance tab.

  2. Confirm Compliance is selected.

  3. Confirm the Compliance framework and profile chip are visible.

16. Managed Node Compliance

When to Use:

Use this when viewing the compliance findings screen shown below.

Purpose:

Review compliance profile results and findings shown on the screen.

Steps:

  1. Open a managed node.

  2. Click Compliance.

  3. Review the Compliance framework value. In this screenshot, the selected framework is FIPS security profile.

  4. Review the profile chip on the right to see the exact XCCDF profile ID used for the scan.

  5. Review the score gauge to see the compliance percentage, status, and grade.

  6. Review passed, failed, not applicable, could-not-evaluate, and last scan cards.

  7. Review findings.

  8. Open compliance history when prior compliance rows need review.

K-Shield managed-node compliance findings

Managed-node compliance findings.

What this screenshot shows:

  • Compliance framework and security profile.

  • FIPS security profile selected as the compliance framework.

  • Exact profile chip with the XCCDF profile ID.

  • Help and refresh icons near the profile chip.

  • Score gauge with compliance percentage, status, and grade.

  • Summary cards for profile, passed, failed, not applicable, could not evaluate, and last scan.

  • Scan outcome and severity breakdown.

  • Findings table with severity, rule, and rule ID.

  • Filter chips for passed, failed, and not applicable rule sets.

  • Severity dropdown and download icon for the current outcome set.

What you can do from this screen:

  • Use FIPS security profile to understand that the node is being evaluated against the FIPS compliance framework shown on the page.

  • Use the profile chip to identify the exact XCCDF profile used for the scan.

  • Use the score gauge to understand the current score, status, and grade.

  • Review failed-rule rows.

  • Filter compliance findings.

  • Use filter chips to switch between passed, failed, and not applicable rows.

  • Use the severity dropdown to narrow the current findings set.

  • Use the visible download action when available.

  • Review failed-control rows.

Expected Outcome:

  • Compliance status and finding rows are visible.

  • The selected FIPS profile, exact profile ID, score, status, and grade are clear.

  • Passed, failed, not applicable, and could-not-evaluate counts are readable.

If this fails:

  1. Refresh the compliance tab.

  2. Confirm Compliance is selected.

  3. Confirm the profile and findings table are visible.

17. Compliance History

When to Use:

Use this when viewing the compliance history screen shown below.

Purpose:

Review compliance history records for the selected managed node.

Steps:

  1. Open the managed node.

  2. Click Compliance.

  3. Open Compliance history.

  4. Compare prior compliance results.

  5. Review the displayed history records.

K-Shield managed-node compliance history

Managed-node compliance history.

What this screenshot shows:

  • Compliance history tab.

  • Paged compliance history records for the selected node.

  • Columns for ID, profile, status, grade, score, passed, failed, scan time, and severity split.

  • Severity split badges for high, medium, low, and unknown or unspecified severity.

  • Expand chevron for each row.

  • Help icon in the compliance history panel.

What you can do from this screen:

  • Compare visible compliance history entries.

  • Review prior compliance status.

  • Review score, pass/fail counts, scan time, and severity split for each row.

  • Use the chevron to expand a history row when details are available.

Expected Outcome:

  • Compliance history is visible.

If this fails:

  1. Refresh the tab.

  2. Confirm Compliance history is selected.

  3. Confirm history records are visible.