Feature Request: Detail Policy/Rules report

Provide ability to create/export a report that lists the Policy and associated Rules for each compliance report. We need to identify the rules being checked by the policy to be able to provide to auditors as well as a means to easily extract into a structured, printable format for documentation purposes (e.g., device configuration standards).

Edit:

I am looking more for the report to include rule details, particularly the string matching criteria.

What would be the ideal report would be something like this...

Compliance Report Name

Description

Assigned Policy(s)

Policy Name

Policy Description

Node Selection (All, Select Nodes, Dynamic Selection) If dynamic, list conditions.

Config Type (Any, Running, Startup, Baseline)

Assigned Policy Rules

Rule Name

Rule Description

Alert Level (Informational, Warning, Critical)

String Matching Criteria

Alert on (String found, String not found)

Search or Block Search

Search Config/File Block (entire config, config block)

String conditions

Find more posts tagged with

ncm_reporting

ncm

ncm_reports

Status: None

Comments

rstoney00

Throw this into report writer, put in the name of your NCM database, adjust your grouping.

Comment section on the rules can be used to give a "human readable" output of what you are doing.

Select

P.Name AS Policy_Name,

PR.Name AS Rule_Name,

PR.Comment

from [YourConfigMgmtdb].dbo.PolicyRuleAssignment PRA

Inner Join [YourConfigMgmtdb].dbo.PolicyRules PR on PRA.PolicyRuleID = PR.PolicyRuleID

Inner Join [YourConfigMgmtdb].dbo.Policies P on PRA.PolicyID = P.PolicyID

Order by PR.Name

FormerMember

Thanks rstoney00. This is a good start. I am looking more for the report to include rule details, particularly the string matching criteria. Would it be possible to include in your query the string matching criteria as shown below for each rule?

What would be the ideal report would be something like this...( I will clarify my feature request)

Compliance Report Name

Description

Assigned Policy(s)

Policy Name

Policy Description

Node Selection (All, Select Nodes, Dynamic Selection) If dynamic, list conditions.

Config Type (Any, Running, Startup, Baseline)

Assigned Policy Rules

Rule Name

Rule Description

Alert Level (Informational, Warning, Critical)

String Matching Criteria

Alert on (String found, String not found)

Search or Block Search

Search Config/File Block (entire config, config block)

String conditions

FormerMember

I was able to expand on your query and add the policy rule patterns to the report. This works great and gives me what I was looking for!

Select

P.Name AS Policy_Name,

PR.Name AS Rule_Name,

PR.Comment AS Policy_Description,

PRP.BeginBracket AS BB,

PRP.Condition AS Condition,

PRP.PatternType AS PatternType,

PRP.Pattern AS Pattern,

PRP.EndBracket AS EB,

PRP.OrderBy AS OrderBy

from [ConfigMgmt].dbo.PolicyRuleAssignment PRA

Inner Join [ConfigMgmt].dbo.PolicyRules PR on PRA.PolicyRuleID = PR.PolicyRuleID

Inner Join [ConfigMgmt].dbo.Policies P on PRA.PolicyID = P.PolicyID

Inner Join [ConfigMgmt].dbo.MultiLinePolicyRulePatterns PRP on PR.PolicyRuleID = PRP.PolicyRuleID

Order by PR.Name, PRP.OrderBy

Set Report Grouping to Policy_Name and Rule_Name and hide OrderBy column.

Adding a WHERE clause, you can limit report to a select policy. Ex. WHERE P.Name LIKE '<yourpolicyname>'

rstoney00, Thanks for providing the query to get me rolling!