Fixing compliance violations

You can fix compliance violations manually (by user) and automatically (by a policy).

• User initiated fixes
• Policy-initiated fixes (auto-remediate)
• To identify which rules to auto-remediate

User initiated fixes

Users can analyze violations on the Dashboard and Compliance Summary report and fix the violations by selecting Remediate.

To submit one request to resolve all violations network-wide, there are two options:

1. User submits a job containing one Remediate span action for each realm, with Remediate With = All Assigned. You can fix one or more assigned rules by using the Filter Rules option (for example, by severity or by a value assigned to a dynamic field). TrueSight Network Automation builds sub-actions from the corrective actions of the rules that the devices are violating. You can preview the sub-actions and any generated incremental merge scripts or full compliant configurations before submitting the job.
2. Schedule a policy to run daily or weekly or monthly to fix the compliance violations. The policy includes one Remediate action for each realm, with Remediate With = All Assigned, with rules filtered to limit the action to the auto-remediation rules.

Policy-initiated fixes (auto-remediate)

You can also define a policy to notify (for example, by email) and automatically correct (auto-remediate) a configuration change that does not comply with assigned rules.

To identify which rules to auto-remediate

1. Create a dynamic field for rules called Auto-Remediate (Admin > System Admin > Dynamic Fields).
   The following figure shows an example of creating such a dynamic field:
   
   
2. Edit the rules to set Auto-Remediate = Yes when you want to automatically correct the configuration.
3. The Remediate action in the Compliance Violation policy uses Filter Rules to correct detected violations when Auto-Remediate = Yes.
   
   
   
   The details of this action are shown in the following figure:
   
   
   
   Click Filter Rules.
   The Rule Filter dialog box shows that the dynamic Auto-Remediate field is selected: