×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Important

   

Starting version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about BMC Network Automation 8.9.02 and previous versions. For TrueSight Network Automation 8.9.03 and later releases, see the TrueSight Network Automation documentation.
BMC Network Automation 8.9 ... Using Managing reports

Viewing a Compliance Summary report

The Compliance Summary report displays the pass/fail compliance status for one or more devices for selected or assigned rules sets or rules. You can fix compliance violations directly from the report using the Remediate option.

To generate a Compliance Summary report

  1. Open the Compliance Summary Report page by navigating to Reports > Priority Reports > Compliance Summary.

  2. Enter information in the displayed fields, and click Next.

    Field or link

    Description

    Network Span

    Select a network span for the report. Select one of the following options:

    • Entire Network
    • Realm: Select one of the defined realms.
    • Group: Select one of the defined realms, and then select a group.
    • Device: Select one of the defined realms, and then select a device.

    Filter Devices

    Click to open the Device Filter dialog box and select a specific device or set of devices.

    View Devices

    Click to view the selected devices after using the Filter Devices option.

    Configuration

    Select which configuration to include in the report.

  3. Select one of the following options to include the rule sets or rules in the report, and click Next.

     

    • All Rule Sets: Include all rule sets in the report.

    • Selected Rule Sets: Includes the selected rule sets in the report. Use the Add and Remove buttons to transfer rule sets between the list of available rule sets and the list of selected rule sets.

    • Selected Rules: Includes the selected rules in the report. Click the Add button to display the Select Rule dialog box. Optionally, filter the rules. Then, select the desired rules and click OK.


      Note: The Applicable OS Images column is available only for version 8.9.01 and later.

  4. On the next page, select additional report parameters.

    Report parameter

    Description

    View By

    Select how you want to organize the display.

    • Devices: The report displays the device name in the first column. All rules applied to the device are grouped together.
    • Rules: The report displays the rule set and rule names in the first two columns. All devices that were checked against the rule are grouped together.

    Status

    The selected configuration in each device in the selected span is checked against the applicable rules in the selected rule set(s). Select the types of rule violation(s) results to include in the report.

    • Successful: A device is in compliance with a rule.
    • Failed: A device violates a rule.
    • Non-Applicable: A rule does not apply to a device (for example, not of the same device type or within the OS version range).

    Violation Severity

    Which rules are to be included in the results, filtered by the selected severity levels

    Note: This parameter is not available when you choose the Selected Rules option in the previous wizard page.

    Categories

    Which rules are to be included in the results, filtered by the selected categories. If you select no categories, it is the same as choosing all of them.

    Note: This parameter is not available when you choose the Selected Rules option in the previous wizard page.

    Only Show Devices Assigned to Selected Rule Sets/Rules

    Select this option to limit the devices included in the report to those that are assigned to the selected rule sets or rules. When you select this option, the included and excluded spans are considered, and only enabled rule sets are included. When you do not select this option, the included and excluded spans are ignored, and both enabled and disabled rule sets are included.

    Force Re-evaluation

    When you select this option, the report takes longer to run as each device and rule combination is evaluated. When you do not select this option, the report runs faster using violation data cached from the last Refresh Device Status action run. This option is available only when Only Show Devices Assigned to Selected Rule Sets/Rules is selected.

    Show Device Host Name/IP Address/URLSelect this option to include the host name, IP address or URL of the device in the report as a separate column.
    (Applicable for version 8.901 and later) Show Security Vulnerability Base Score

    Select this option to include the base score of the security vulnerabilities in the report as a separate column.

  5. Select Next to display the Compliance Summary report.


    Note: The View Security Vulnerability link is available only for version 8.9.01 and later.

Back to top

To view the report and remediate compliance violations

  1. Perform one of the following tasks by using the menu options that are available on the Compliance Summary Report page:

    Menu option
    Description
    BackReturn to the wizard to change report parameters.
    Print ViewPrint a copy of the report.
    Export

    Export the report to one of the following formats:

    • CSV
      Note: The Include All Details option is not available for this format.
    • HTML
    • PDF
    • RTF
    EmailEmail the report to one or more recipients in one of the export formats.
    HelpDisplay Help.
  2. Review the following fields and take necessary actions:
    • Rule: Select a rule to view the rule grammar and other details about the rule.

    • Result: If the Result column contains the Failed hyperlink, click the hyperlink to display the compliance violations for the selected rule. The right side of the report shows the compliant configuration (where the corrections applicable to the rule have been applied) and the left side shows the current non-compliant configuration. The hyperlink is available only if the rule grammar is correctable by adding or removing lines in the configuration.


    • Actions: Click hyperlinks in the Actions column to view further details. 
      • View Trace: The following figure shows the Device Compliance Trace report that is displayed when you click View Trace:



        As you scroll down through the trace, you will see where the system found a compliance violation. The yellow background and D sidebar designator indicate a domain line. In this case the domain is selected blocks; note the domain borders are in darker yellow. The trace indicates excess subject lines in red (D-) and matched set of subject lines in blue (D+).


        To interpret other foreground and background colors used in the trace see the following key, located at the very bottom of the trace:


        If a rule uses a trigger and the trigger is not found, no trace is shown.

        As you scroll further down the trace, details are provided for how Remediate corrects the configuration to enforce the rule.

      • (Applicable for version 8.9.01 and later) View Security Vulnerability: Click this hyperlink to view the details, such as title, CVE IDs, vendor link, and description of a security vulnerability. The vendor link contains complete information about the security vulnerability provided by the originator. The View Security Vulnerability hyperlink appears only when the rule has any associated security vulnerability. The following figure shows the details of a security vulnerabilty affecting a Cisco device.
           
      • Remediate: Launch the Remediate, Deploy to Active, or Deploy to Stored job edit page to make the device compliant to a rule according to the corrective action. The Remediate action appears when:
        • the evaluated configuration is a current configuration
        • the trail associated with the selected configuration is applicable to the rule
        • the rule has a corrective action for the trail
        • the result is Failed
        • the device is actively violating the rule for the trail (when the corrective action is not a Deploy to Active or Deploy to Stored)
        • the device supports the particular type of corrective action
        • the logged-in user is allowed to perform the action on the device
        • when the corrective action deploys a configuration Complying With This Rule, the domain and subject of the rule are correctable. That is, the system must be able to generate the compliant configuration by adding or removing lines. For example, a domain of OS Image Name is not correctable or a subject of Pattern without a correction is not correctable. Note that a Failed result is clickable only when the rule is correctable.

Back to top

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on Apr 18, 2017
viewing task report compliance_violation remediating compliance_summary

Comments

Log in or register to comment.

Viewing a System Diagnostics report
Viewing a Discrepancy Summary report
© Copyright 2013 - 2017 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.