Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Policy Reporting

In the Cirrus version 3, SolarWinds is adding Policy Reporting. Included within Cirrus will be numerous out-of-the-box policy reports. We want to ensure we include the types of policy reports our customers would want to see included. Please let me know what types of rules you would like to see included in these default policy reports. An example would be as follows:

Business Logic - Show me all Cisco devices with public as a read only community string

Syntax - snmp-server community public RO

Please email comments to Haley_Oyler@Solarwinds.Net

Thank you,
Haley Oyler

Find more posts tagged with

Accepted answers

christineb

Hi Dmjcomputing - policy reporting enhancements are top of the list of things we are working on right now. We plan to include all sorts of new features. I know you all have been asking for this for a while, and rest assured we are on it.

--C

All comments

irishjd

Hi Haley,

We are a Dept. of the Army shop, and as such have to comply with DISA Security Technical Implementation Guides (specifically the Network STIG V7R1). Any chance that you guys could get with DISA and come up with compliance reports for the STIGs?

Jon

ggamarra

I second Jon's request!!! The policy reporter policies seem to aim at SOX requirements. I would like to see policies checks applicable to goverment requirements (FISMA, DISCAP). Policy compliance include; NSA/DISA Stigs, CIS at least for now. We're currently having to use the CIS Router Auditor Tool (RAT) tool in order to provide compliance reports. Any assistance would be greatly appreciated.

irishjd

Not to sound like I am begging (but I am ;-), is there any chance that the DoD/Government compliance reports (i.e. STIG, DIACAP, FISMA, etc.) will be added? We really, really, really need these compliance reports in our environment. Currently, the only way we can do these is manually (RAT works on the routers, but that is all). When you have several hundred devices to maintain, this becomes an unsurmountable task. Please add these compliance reports!

Jon

SW59816

Has anyone had any luck transposing the DISA STIG's into NCM Policies & Rules? The reason I ask is, I am trying to do the same.

If anyone has had any success and would be willling to exchange rules, please let me know.

Thanks,

Jeff

christineb

If there is anyone on this thread that is interested in joining the 6.1 RC - please send me a note. We are starting to provision it now.

--Christine

irishjd

Hi Christine,

I was just doing some research and ran across something I was not aware of that relates to this. There are now multiple STIGs for different classes of devices and for which layer they are operating at. Most of them were just updated in October, and here is a listing off all of the Networking STIGs that are currently in effect:

Network Infrastructure STIG Version 8 Release Memo	March 24, 2010	196 KB	PDF
Network Firewall Version 8, Release 4 Manual STIG	October 29, 2010	2,075 KB	ZIP
Network L2 Switch Version 8, Release 4 Manual STIG	October 29, 2010	2,050 KB	ZIP
Network IDS/IPS Version 8, Release 4 Manual STIG	October 29, 2010	2,016 KB	ZIP
Network Infrastructure Router L3 Switch Version 8, Release 4 Manual STIG	October 29, 2010	2,215 KB	ZIP
Network Other Devices Version 8, Release 4 Manual STIG	October 29, 2010	2,020 KB	ZIP
Network Perimeter Router L3 Switch Version 8, Release 4 Manual STIG	October 29, 2010	2,325 KB	ZIP
Network Policy Version 8, Release 4 Manual STIG	October 29, 2010	2,050 KB	ZIP

christineb

Hi Jon - we're focusing on Cisco right now. However, we hope that with the new ability to share compliance content within the community, there will quickly be additions available. I would imagine that compliance reports might require some customization for each individual environment, no matter how comprehensive they are - so we focused on providing a good foundation and making the reports easy to build on.

Once we get the report out - we'll definitely be listening for where we should focus enhancements.

--Christine

damiancbessemer

Hello,

Is there a CIS compliant reporter?

Thank You