Viewing a Compliance Summary report
The Compliance Summary report displays the pass/fail compliance status for one or more devices for selected or assigned rules sets or rules. You can fix compliance violations directly from the report using the Remediate option.
To generate a Compliance Summary report
- Open the Compliance Summary Report page by navigating to Reports > Priority Reports > Compliance Summary.
Enter information in the displayed fields, and click Next.
- Select one of the following options to include the rule sets or rules in the report, and click Next.
- All Rule Sets: Include all rule sets in the report.
- Selected Rule Sets: Includes the selected rule sets in the report. Use the Add and Remove buttons to transfer rule sets between the list of available rule sets and the list of selected rule sets.
Selected Rules: Includes the selected rules in the report. Click the Add button to display the Select Rule dialog box. Optionally, filter the rules. Then, select the desired rules and click OK.
Note: The Applicable OS Images column is available only for version 8.9.01 and later.
On the next page, select additional report parameters.
- Select Next to display the Compliance Summary report.
Note: The View Security Vulnerability link is available only for version 8.9.01 and later.
To view the report and remediate compliance violations
Perform one of the following tasks by using the menu options that are available on the Compliance Summary Report page:
Menu option
Description
Back
Return to the wizard to change report parameters.
Print View
Print a copy of the report.
Export
Export the report to one of the following formats:
- CSV
Note: The Include All Details option is not available for this format. - HTML
- RTF
Email
Email the report to one or more recipients in one of the export formats.
Help
Display Help.
- CSV
- Review the following fields and take necessary actions:
- Rule: Select a rule to view the rule grammar and other details about the rule.
- Rule: Select a rule to view the rule grammar and other details about the rule.
- Result: If the Result column contains the Failed hyperlink, click the hyperlink to display the compliance violations for the selected rule. The right side of the report shows the compliant configuration (where the corrections applicable to the rule have been applied) and the left side shows the current non-compliant configuration. The hyperlink is available only if the rule grammar is correctable by adding or removing lines in the configuration.
- Actions: Click hyperlinks in the Actions column to view further details.
- View Trace: The following figure shows the Device Compliance Trace report that is displayed when you click View Trace:
As you scroll down through the trace, you will see where the system found a compliance violation. The yellow background and D sidebar designator indicate a domain line. In this case the domain is selected blocks; note the domain borders are in darker yellow. The trace indicates excess subject lines in red (D-) and matched set of subject lines in blue (D+).
To interpret other foreground and background colors used in the trace see the following key, located at the very bottom of the trace:
If a rule uses a trigger and the trigger is not found, no trace is shown.
As you scroll further down the trace, details are provided for how Remediate corrects the configuration to enforce the rule.
- (Applicable for version 8.9.01 and later) View Security Vulnerability: Click this hyperlink to view the details, such as title, CVE IDs, vendor link, and description of a security vulnerability. The vendor link contains complete information about the security vulnerability provided by the originator. The View Security Vulnerability hyperlink appears only when the rule has any associated security vulnerability. The following figure shows the details of a security vulnerabilty affecting a Cisco device.
- Remediate: Launch the Remediate, Deploy to Active, or Deploy to Stored job edit page to make the device compliant to a rule according to the corrective action. The Remediate action appears when:
- the evaluated configuration is a current configuration
- the trail associated with the selected configuration is applicable to the rule
- the rule has a corrective action for the trail
- the result is Failed
- the device is actively violating the rule for the trail (when the corrective action is not a Deploy to Active or Deploy to Stored)
- the device supports the particular type of corrective action
- the logged-in user is allowed to perform the action on the device
- when the corrective action deploys a configuration Complying With This Rule, the domain and subject of the rule are correctable. That is, the system must be able to generate the compliant configuration by adding or removing lines. For example, a domain of OS Image Name is not correctable or a subject of Pattern without a correction is not correctable. Note that a Failed result is clickable only when the rule is correctable.
- View Trace: The following figure shows the Device Compliance Trace report that is displayed when you click View Trace:
- Result: If the Result column contains the Failed hyperlink, click the hyperlink to display the compliance violations for the selected rule. The right side of the report shows the compliant configuration (where the corrections applicable to the rule have been applied) and the left side shows the current non-compliant configuration. The hyperlink is available only if the rule grammar is correctable by adding or removing lines in the configuration.