Fixing compliance violations
You can fix compliance violations manually (by user) and automatically (by a policy).
User initiated fixes
Users can analyze violations on the Dashboard and Compliance Summary report and fix the violations by selecting Remediate.
To submit one request to resolve all violations network-wide, there are two options:
- User submits a job containing one Remediate span action for each realm, with Remediate With = All Assigned. You can fix one or more assigned rules by using the Filter Rules option (for example, by severity or by a value assigned to a dynamic field). BMC Network Automation builds sub-actions from the corrective actions of the rules that the devices are violating. You can preview the sub-actions and any generated incremental merge scripts or full compliant configurations before submitting the job.
- Schedule a policy to run daily or weekly or monthly to fix the compliance violations. The policy includes one Remediate action for each realm, with Remediate With = All Assigned, with rules filtered to limit the action to the auto-remediation rules.
Policy-initiated fixes (auto-remediate)
You can also define a policy to notify (for example, by email) and automatically correct (auto-remediate) a configuration change that does not comply with assigned rules.
To identify which rules to auto-remediate
- Create a dynamic field for rules called Auto-Remediate (Admin > System Admin > Dynamic Fields).
The following figure shows an example of creating such a dynamic field:
- Edit the rules to set Auto-Remediate = Yes when you want to automatically correct the configuration.
- The Remediate action in the Compliance Violations policy uses Filter Rules to correct detected violations when Auto-Remediate = Yes as shown in the following figure:
The details of this policy's Action tab are shown in the following figure:
The details of this action are shown in the following figure:
Click Filter Rules.
The Rule Filter dialog box shows that the dynamic Auto-Remediate field is selected: