We're at a point where we want to start checking our devices for compliance with our companies security policies, so I've started playing with the Compliance Policy Reports and I'm trying to figure out how to accomplish some basic stuff that I'm probably missing.
So, out of the box you get a bunch of different reports already - Cisco, CISP, Foundry, HIPAA, Juniper and SOX reports. While there are bits and pieces of some of the reports that might work for me, none of them really fit our companies policies as closely as I'd want, or at least not what we want to report on at the moment.
But on the main "Config Summary" page, it shows in the "Policy Violations" box 4 of these reports in what appears to be a somewhat random order, and the Report I'm building doesn't show up at all on this page. I'd like to be able to either customize the order that its in, to show my report at the top, or to be able to hide the other reports from this box. However, there doesn't seem to be a good way to do this. Am I missing something? I don't want to remove those other reports through "Manage Policy Reports" since I might want to use them or at least look at them to help figure out my own stuff. Ideally I'd love to be able to lock them so others can't go in and customize them either, so if new versions come out they don't replace any customizations we might have done. But for now I'd just like to be able to stop them from being reported on for at least the time being.
Also, when working on my reports, I'll usually "View Reports By Folder" and I have my own folder set up for my report. However, I've noticed if I build a new rule or policy and want to check on things, when I go in and select my report and then do an "update all" to test it against all my configs, that I'm not only just updating my own report but all of the reports on the server. Is there a way to only refresh the report you've selected or are working with?
So, how does everyone else work with the Compliance Reports? Do you just leave the default reports in there? Do you edit them directly or build your own? Any hints/tricks would be helpful!!
I build my own compliance policies & reports but i saved the rules or edit it.
there is a Feature request: https://thwack.solarwinds.com/ideas/1666 for the box "policy violations". For me I build a Workaround to Display all my policy Violation. It isn't nice but it works.
Create a custom swql query and paste following select-statement: "SELECT pr.Name, rv.Info, rv.Warning, rv.Error FROM Cirrus.PolicyReportViolations rv, Cirrus.PolicyReports pr where rv.ReportID=pr.PolicyReportID and rv.TimeStamp > GETDATE()-1 and rv.Granularity!='Weekly' " into the box. Then save it and you have an overview over all policy violations.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.