Devices
In the Editor’s [Devices] tab, you can select devices using three criteria:
- All devices
- Search
- Static list
| Item | Explanation |
|---|---|
| All devices | Apply policies to all devices. |
| Search | Applies the policy to devices that match your search criteria. |
| Static list | Apply the policy to the selected and added devices on the [Devices] tab. |
Status
In the Editor’s [Status] tab, you can view violations for a selected compliance policy.
Rule Sets Subtab
Doubleclicking a Rule Set in the [Rule Sets] subtab opens the Editor at the bottom of the window. The Editor contains two tabs:
- [General] information
- [Rules] information
Editor General Tab
You can set rule descriptions and scopes for applications. Writing explanations for rules becomes important during maintenance. Even a minimal explanation of the rules is helpful, but it is best to also add an easy-to-understand explanation.
| General Items | Explanation |
|---|---|
| Category | Select a category for the rule. |
| Description | Enter a description for the rule. |
| Apply to the whole config | Applies the rule to the entire configuration. |
| Apply to block | Divide the configuration into blocks and apply rules to each block. |
| Template | The configuration is compared line by line from the template, and if there is a difference, it will be a violation. |
| Partial Template | The configuration is compared line by line against the template, but the comparison can be started from anywhere in the config text, not just from the first line. |
| Restrict the visibility of this Rule Set to the following networks | Enabling the check limits the networks to which the rule applies. |
Editor Rules Tab
In the Editor’s [Rules] tab, you can configure the rule itself:
| Rule Sets Item | Explanation |
|---|---|
| Violation message | Enter the message that will be displayed if the rule is violated. |
| Start/End | Specify the range to search for the string specified in the “Match” item. This field appears when Apply to Blocks is selected on the Editor’s [General] tab. |
| Match Expression | Specifies the string to be searched for. You can convert a string into a variable by enclosing it between ~ (tilde). Example: interface gigabitEthernet ~INT_NUM~ |
| Action | Select matching conditions: - If it doesn’t match, it’s not applicable - If matched, excluded - If it doesn’t match, it’s a violation - If matched, violation |
| Variable | Displays the value when a variable is used in the string specified in the “Match” item. |
| Type | Specify possible types of matches. If it does not match the type, it will be excluded from the search conditions: - Text: Matches all text - IP address: Matches only strings representing IP addresses - Hostname: Matches hostname - Word: Matches words - Regular expression: Search using regular expressions |
| Restriction | Enter the string or value to search for. If : is entered, it means “any value is fine”. |
| Ignore Case | Allows configuring case sensitivity through an explicit “Ignore Case” |
Remediation job or playbook ... |
Select a remediation job or playbook for incidents and compliance issues. Define variable Names to be used as Replacement Names in the Job. |