How to mitigate Non-Compliance

How to mitigate Non-Compliance

The next step after identifying non-compliancy is to mitigate it. 
We will be using the Network Automation module to fix the non-compliance configuration. 

Below are the things that are needed to fix:
  1. Policy name
  2. Commands to fix the Non-compliance
The custom created task would fetch the nodes that are non-compliant to the policy and then apply the configuration we defined.

Here is an example:
Below is the compliant report generated for the policy Logging server.  Refer to the article for creating reports
campus01-bdr01 and campus01-core01 are the non-compliant nodes for the policy Logging server


The first step to mitigate is to run the saved job by supplying the policy name and fix to apply.  
Here we are skipping about running a job and building customized task(Fix_non_cmpl).  They are covered exclusively under Network Automation.




In the job logs we can see that the job derived the nodes campus01-core01 and campus01-bdr01 (the non-compliant nodes) for applying the fix.



After few minutes, we can see that the compliance report is updated accordingly.


    • Related Articles

    • Triggering jobs from events through syslog

      Overview We can trigger netyce jobs from syslog messages. The event manager(SEC) can be used to match the syslog message pattern to trigger the suitable job.. The events on the device can be like config change, port/neighbor flap etc. Below is an ...