Fixing compliance violations

You can fix compliance violations manually (by user) and automatically (by a policy).

User initiated fixes

Users can analyze violations on the Dashboard and Compliance Summary report and fix the violations by selecting Remediate.

To submit one request to resolve all violations network-wide, there are two options:

  1. User submits a job containing one Deploy to Active span action for each realm, with Configuration = Remediate With All Assigned. You can fix one or more assigned rules by using the Filter Rules option (for example, by severity or by a value assigned to a dynamic field). BMC Network Automation builds a script for each non-compliant device. You can review the scripts before submitting the job with the Deploy to Active actions.
  2. Schedule a policy to run daily or weekly or monthly to fix the compliance violations. The policy includes one Deploy to Active action for each realm, with Configuration = Remediate With All Assigned, with rules filtered to limit the action to the auto-remediation rules.

Policy-initiated fixes (auto-remediate)

You can also define a policy to notify (for example, by email) and automatically correct (auto-remediate) a configuration change that does not comply with assigned rules.

To identify which rules to auto-remediate

  1. Create a dynamic field for rules called Auto-Remediate (Admin > System Admin > Dynamic Fields).

    The following figure shows an example of creating such a dynamic field:

    DynField_Define.png
  2. Edit the rules to set Auto-Remediate = Yes when you want to automatically correct the configuration.
  3. The Deploy to Active action in the Compliance Violations policy uses Filter Rules to correct detected violations when Auto-Remediate = Yes as shown in the following figure:

    Policies_FixCompViolation.png

    The details of this policy's Action tab are shown in the following figure:

    AutoTooltip_FixCompViolation.png

    The details of this action are shown in the following figure:

    DTA_FixCompViolations.png

    Click Filter Rules.
    The Rule Filter dialog box shows that the dynamic Auto-Remediate field is selected:
    RuleFilter_FixCompViolation.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*