How to mitigate Non-Compliance
The next step after identifying non-compliancy is to mitigate it.
We will be using the Network Automation module to fix the non-compliance configuration.
Below are the things that are needed to fix:
- Policy name
- Commands to fix the Non-compliance
The custom created task would fetch the nodes that are non-compliant to the policy and then apply the configuration we defined.
Here is an example:
campus01-bdr01 and campus01-core01 are the non-compliant nodes for the policy Logging server
The first step to mitigate is to run the saved job by supplying the policy name and fix to apply.
Here we are skipping about running a job and building customized task(Fix_non_cmpl). They are covered exclusively under Network Automation.
In the job logs we can see that the job derived the nodes campus01-core01 and campus01-bdr01 (the non-compliant nodes) for applying the fix.
After few minutes, we can see that the compliance report is updated accordingly.