Sorry for be newbie to NCM. I am showing violations in Compliance Policy Report that are "Policy and Procedure" (PCI Policy P30 - 07.1.2 ) or "Documentation" (PCI P30 - 07.1.4). How are those violations remove through remediation?
NCM cannot remediate this particular policy violation using a Remediation Script.
The information presented in your screen shot tells you what must be done. Someone actually has to go to the team (or person) who provides a specific kind of access to certain user ID's, and perform the rest of the steps that are hidden by the right side of the window. You should refer to Page 30 of your corporate / I.T. Policies & Procedures Manual and review Area-Sec120b.
You may have to work with your manager, or your security team, or H.R. to determine who has to be contacted, and what the actual steps are to be taken.
If this were NOT a corporate manual inter-person configuration correction step, you might be able to create a Remediation script that NCM could perform automatically every time it sees this specific violation.
For example, suppose you wanted to ensure that all of your routers & switches had http and https disabled. You could write out the command line steps to shutdown http and https access to the device, then paste those CLI steps into the Remediation Script box. They'd be applied to the switches & routers anytime NCM saw http or https was enabled.
This can be done for pretty much anything that you'd do vial CLI--deny SSH v1 and require SSH v2, configure snmp strings and syslog servers and the list goes on.
Just remember that automated Remediation of a Policy Violation is powerful. It'll do exactly what you tell it to do, to any devices you tell it to work on, every time it runs. This can be a huge time saver, but also has the potential for terrible abuse. Ensure you know what you're doing with it before you test anything. Ensure you have received approval from your Change Management Board and your boss, and have receive the blessing for the scripts and Remediation and target devices from Security and your Peer Review team--BEFORE ENABLING A REMEDIATION SCRIPT.
thank you for you response.I understand all of that. I am actually going though my PCI audit this week. I have my documentation for the violation. It is the documentation or policy and procedure violation I am trying to clear (the red dot). They show up on dashboard as violation. I would like to clear them. And yes I am a little OCD about this type of thing.
The red dots will appear until one of the following occurs:
On "Manual Verification" rule, is there a way to clear the violation after the rule is verified? There is no changes to be made on config. it is a manual verification that a policy or procedure exists. Once verified, I would like to be able to clear the violation.
I'm unaware of such a method. I'd think that providing it would allow folks to try to fool auditors by clearing the alerts while not removing their cause.
I recommend you open a support case with Solarwinds and learn what they recommend.
If you do, please post their suggestions and procedures here, so we all can learn from your experience.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.