Managing rules

TrueSight Network Automation rules can be used to provision new devices and audit and enforce configuration best practices based on a set of rules. To improve network security and availability, BMC recommends using rules to audit network configuration standards. TrueSight Network Automation is delivered with rules that can help you get started. Some recommended rules include:

  • NTP servers
  • Syslog servers
  • Enable secret
  • Password encryption
  • Disable protocols
  • Defined access control lists should be assigned
  • SNMP community strings
  • Management ACL entries and assignment
  • OS Version

Any configuration lines or blocks in the running, startup, or any other configuration can be audited.

Rules can be used for:

  • Provisioning new devices based on a set of rules (that is, security policies)
  • Implementing decision-based changes that are not handled by simple template pushes
  • Auditing and enforcing your configuration standards

The use of rules to audit and enforce recommended configurations involves the following stages:

  • Rule Specification: Available for all supported devices. Rules can be used to audit configuration standards such as TACACS+/RADIUS, logging, NTP, virtual terminal access, login banner, interface attributes, SNMP, QoS policies, Access Control Lists (ACL), and other items. Rules are defined through a grammar specification.
  • Compliance auditing: Available for all supported devices. For enabled and assigned rule sets, TrueSight Network Automation verifies configuration compliance after each snapshot (for example, after each auto archive) or as requested by the user. TrueSight Network Automation audits both the Running and Startup configurations files.
  • Compliance Enforcement: You can enforce compliance by using the Deploy to Active, Deploy to Stored, or Remediate span actions, through a policy action, and through the Compliance Summary report. You can request enforcement to all assigned rule sets, to a specific rule set, or to a specific rule. The specific rule set or rule does not have to be enabled or explicitly assigned to the device. There are conditions under which TrueSight Network Automation can make the configuration compliant based on the rule grammar, device type, and corrective actions.

To help you get started, TrueSight Network Automation is delivered with sample rules for typical security enforcement. You can tailor, reorganize, copy, or delete these rules and parent rule sets in accordance with your configuration standards. The rule sets are disabled by default, so no checks are done against these sample rules and no violations are reported.

If the Admin > System Parameter called Check for Compliance Violations after Snapshots is enabled, TrueSight Network Automation automatically audits compliance of the configuration files after each snapshot operation. This enables TrueSight Network Automation to automatically detect compliance violations as configuration changes are made. The user can also force a compliance check for a selected network span (for example, device, group, network wide) by using the Network > Jobs > Span Actions > Refresh Device Status action. Compliance violations are logged to the event log and displayed on the Dashboard.

Policies can detect when compliance violation events are logged and then notify users via SNMP, email, or a Remedy ticket. Optionally, the policy can also enforce configuration compliance through Auto-Remediation.

The Compliance Summary report details the pass/fail status for each rule. The report can be used to view the details of current compliance violations, or to test rules before they are used in TrueSight Network Automation. The user can view the violation in detail by selecting the Failed indicator. Compliance violations can be corrected by selecting the Remediate action. Through policies, the Compliance Summary report can be automatically emailed to users upon detection of a violation or at any time. In addition, the report is available from the Reports tab and the Dashboard.

The following table contains conceptual information and tasks that describe how to manage rules and provides links to applicable topics:

Administering task

For more information

Benefit

To add or edit a rule

Use the following topics to configure a rule:

  • Defining-rule-grammar: A grammar specifies how to search a configuration file for the presence or absence of a line, multiple lines, pattern or multiple patterns. Learn how to define the grammar for a rule.
  • Grammar-field-metacharacters: Learn the metacharacters that you can use in regular expressions for pattern matching.
  • Using-substitution-parameters-in-rules: Learn how to insert substitution parameters in lines and patterns. TrueSight Network Automation substitutes these values when performing the compliance checks.
  • Conditions-for-rule-enforcement: Learn the conditions under which TrueSight Network Automation can enforce a rule in a configuration.
  • Grammar-examples: Use the examples provided to learn more about rule grammar.
  • Subject-field-compliance-scenarios: Learn through scenarios how selection of the AND and OR options for the Subject field and the value of the Subject Frequency field determine whether a configuration is found to be compliant with a rule.

To define substitution parameters and device dynamic fields for resolving the out-of-box rules

To use the rules shipped with TrueSight Network Automation, you must define global substitution parameters and device dynamic fields which make the rules resolvable. Learn how to define these global substitution parameters and device dynamic fields.

To upgrade rules in case of TrueSight Network Automation application server upgrade

When you upgrade the TrueSight Network Automation application server from an earlier version, your customized rule sets and rules are not changed. In that case, you might need to upgrade rules. Learn how to upgrade rules, if required.

To perform various rule actions

Use the rules list to perform the following rule actions:

  • Display rules matching a view
  • Filter rules
  • Add a rule
  • View rule details
  • Edit a rule
  • Copy a rule
  • Delete a rule

Related topics

About-defining-and-organizing-rules
Importing rules
Exporting-rules
Testing-rules

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*