Viewing a Compliance Summary report

The Compliance Summary report displays the pass/fail compliance status for one or more devices for selected or assigned rules sets or rules. You can fix compliance violations directly from the report using the Remediate option.

To generate a Compliance Summary report

1. Open the Compliance Summary Report page by navigating to Reports > Priority Reports > Compliance Summary.

2. Enter information in the displayed fields, and click Next.

   The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
   

3. Select one of the following options to include the rule sets or rules in the report, and click Next.
   • All Rule Sets: Include all rule sets in the report.
   • Selected Rule Sets: Includes the selected rule sets in the report. Use the Add and Remove buttons to transfer rule sets between the list of available rule sets and the list of selected rule sets.
   • Selected Rules: Includes the selected rules in the report. Click the Add button to display the Select Rule dialog box. Optionally, filter the rules. Then, select the desired rules and click OK.

4. On the next page, select additional report parameters.

   The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
   

5. Select Generate to begin the report generation and to display its progress on the Report Activity page.
   
6. Click Refresh until the report is completed, or wait until you receive the notification email. If the report is aborted, the Progress column indicates so, to alert you that the report data is partial. You can view the partial report, but be aware it is partial. You should refine your selections (if you asked for too-large a report) or re-generate the report (if it was aborted due to a system shutdown) in order to obtain a complete report. Then delete the aborted report as soon as possible. For more information about the Report Activity page, see Viewing-report-activity.
7. Click the Compliance Summary link in the Report column to display the report.
   
   
   
8. Verify that the report is complete. If the report was aborted, the title and the Report Generation information in the footer inform you so, and the footer informs you about the user who aborted it. An aborted report will be missing one or more devices and rules.

Back to top

To view the report and remediate compliance violations

1. Perform one of the following tasks by using the menu options that are available on the Compliance Summary Report page:
   
   

   Menu option	Description
   Refine	Return to the wizard to change report parameters and generate a new version of the report.
   Export	Export the report to one of the following formats: CSV Note: The Include All Details option is not available for this format. HTML PDF RTF
   Email	Email the report to one or more recipients in one of the export formats.
   Back	Return to the Report Activity page.

2. Review the following fields and take necessary actions:

• • Rule: Select a rule to view the rule grammar and other details about the rule.
    
    

  • Result: If the Result column contains the Failed hyperlink, click the hyperlink to display the compliance violations for the selected rule. The right side of the report shows the compliant configuration (where the corrections applicable to the rule have been applied) and the left side shows the current non-compliant configuration. The hyperlink is available only if the rule grammar is correctable by adding or removing lines in the configuration.
    
    
    
  • Actions: Click hyperlinks in the Actions column to view further details. 
    • Details: When the Result is Error, click Details to review the error message. Then make the necessary corrections (such as adding missing global substitution parameters, modifying the rule grammar, or satisfying ${exec} script references) and re-generate the report.
      
    • View Trace: The following figure shows the Device Compliance Trace report that is displayed when you click View Trace:
      
      
      As you scroll down through the trace, you will see where the system found a compliance violation. The yellow background and D sidebar designator indicate a domain line. In this case the domain is selected blocks; note the domain borders are in darker yellow. The trace indicates excess subject lines in red (D-) and matched set of subject lines in blue (D+).
      
      
      To interpret other foreground and background colors used in the trace see the following key, located at the very bottom of the trace:
      
      
      If a rule uses a trigger and the trigger is not found, no trace is shown.
      
      As you scroll further down the trace, details are provided for how Remediate corrects the configuration to enforce the rule.
      
      
    • New in 20.02.02 Export: Click this hyperlink to export the Device Compliance Trace report to XML format.
      
    • View Security Vulnerability: Click this hyperlink to view the details, such as title, CVE IDs, vendor link, and description of a security vulnerability. The vendor link contains complete information about the security vulnerability provided by the originator. The View Security Vulnerability hyperlink appears only when the rule has any associated security vulnerability. The following figure shows the details of a security vulnerability affecting a Cisco device.
         
    • Remediate: Launch the Remediate, Deploy to Active, or Deploy to Stored job edit page to make the device compliant to a rule according to the corrective action. The Remediate action appears when:
      • the evaluated configuration is a current configuration
      • the trail associated with the selected configuration is applicable to the rule
      • the rule has a corrective action for the trail
      • the result is Failed
      • the device is actively violating the rule for the trail (when the corrective action is not a Deploy to Active or Deploy to Stored)
      • the device supports the particular type of corrective action
      • the logged-in user is allowed to perform the action on the device
      • when the corrective action deploys a configuration Complying With This Rule, the domain and subject of the rule are correctable. That is, the system must be able to generate the compliant configuration by adding or removing lines. For example, a domain of OS Image Name is not correctable or a subject of Pattern without a correction is not correctable. Note that a Failed result is clickable only when the rule is correctable.

Back to top