Remediation with Restorepoint (Part I)
The Basics It’s important to understand that remediation options are part of the compliancerule definition, not the policy. That means a single policy can contain rules with different remediation options. To see the remediation options, go to Compliance --> Device Policies, open up a policy, and bring up the rule editor by either creating a new rule or selecting an existing one. You will see the “Remediation” drop-down menu: 1 - Remediation Type "Manual" The first and simplest remediation type is “Manual”. This is simply a text string providing instructions to an operator who is responding to a compliance alert. For example, a simple rule that checks for the existence of a default “public” SNMP community on a Cisco IOS device could have these very simple instructions: When a device is in violation of this rule, the remediation text will be included in the alert that gets generated. Here, in an email alert: 2 - Remediation Type "Automatic" The second remediation type, “Automatic”, lets you specify a series of commands to execute on the device. For example, to enable auto-remediation of our example “No Public SNMP Community” rule, you could run the “no snmp-server community public” IOS command: When a device is in violation of this rule, the specified commands are automatically executed on the device, bringing it back into compliance. 3 - Remediation Type "Command" The final remediation type, “Command”, is similar to “Automatic” except that, instead of entering the commands to run on the device, you can specify a previously saved Device Control script to run. In our example: Here, the "Remove Public SNMP Community" script has previously been saved and contains the same commands we used in the "automatic" example: Since device controls can be created as Lua scripts instead of simple lists of commands, using the “command” remediation type allows for more complex actions. Summary The goal of this article was to introduce the different Remediation options in Restorepoint. Remember: You don't have to add remediation steps to every rule in a policy -- and the ones you do add don't have to be of the same type. Even if you are not ready to enable automatic reconfiguration of devices in your environment, don’t be afraid to add a “manual” Remediation action to your compliance rules. Coming soon, I’ll post a follow-up article about using variables and Lua scripting to improve on the simple remediations we used today.Restorepoint 20241121 Release Notification
We are please to announce that Restorepoint 20241121 has been released with the following updates:Addressed issues in which: the Device Control Action Names were displaying as "Unknown", existing command outputs did not display for users in the Test Rule modal, the "Select All" options on the Device table did not operate when the "Disabled=True" filter was applied, users received an error message when clicking the Test Connection button on any device, restoring appliance backups required additional checks to ensure both their integrity and handling of legacy database dump formats were intact from CentOs 6.8-based appliances to an OL8-based one. Updated the Restorepoint API to enforce specificheaders. Updated the appliance backup process so that users now receive verification messages in conjunction with additional checks of the archive and backups within the archive. Update the API call logs to include user information, such as User ID, Username, and User address.Restorepoint Automation PowerPack v104 is Released
Hello, We are pleased to announce that Restorepoint Automation PowerPack version 104 has been released. This PowerPack contains supporting changes to enhance compatibility withRestorepoint SyncPack version 2.3.0. Restorepoint Automation PowerPack version 104 is supported for SL1 v12.1 or higher, and for PowerFlow version 2.6.0 and higher, and works with the Datacenter Advanced Enrichment Actions PowerPack. Thank you, Release ManagementRestorepoint 20241106 Release notification
We are pleased to announce the Restorepoint 20241106 has been released with the following updates: Users can now disable bulk processes on multiple devices with different protocols. The API is updated so calls on the /logs and /settings endpoints are now logged and syslogged for every API call that comes in. Users are redirected to the correct user security page when they need to update missing details on their account or logging in the first time via an email activation link.Restorepoint 20241023 Release notification
We are pleased to announce the Restorepoint 20241023 has been released with the following updates: Backups that failed when opening directories will now complete successfully and be accessible. A "Selected Only" checkbox was added to the Device Select table to allow only the selected devices to display instead of a full list. Writing appliance archives for FTP, SFTP, CIFS, and SCP storage servers now operates correctly and the archives retained are the newest archives. Device transcripts for backups via agents are no longer being cut short so users can now see any errors from backups that may occur.
Restorepoint 20240814
Reminder:Restorepointv5.5 is EOL on August 31, 2024. Enhancements: Enabled option to disable SSH strict host key validation between Strict (current) and None (logging when the key changed) on the global and device levels. (5.6) Implemented a retry mechanism for the archive process so that users can configure the number of retries and the retry interval, both set at 0 default. If configured, any archive process step that fails will be retried set number of times and the archive process will fail completely only if all the retries fail. (5.6) Bug fixes: Addressed an issue in which users were unable to export single-selected .tgz files for configurations. These filetypes are now extracted to a directory so that when users attempt to export a single-selected file they are successful. (Case: 00445520) (5.6) Addressed an issue so that SSH key owners and permissions work properly when restoring an archive from CentOS6 to OL8. (Case: 00443673) (5.6) Addressed an issue in which SNMP fingerprint output tiles exposed security data. (Case: 00418761) (5.6) Updated startup logic so that backup sizes are calculated in the background, ensuring the user interface is instantly available. TheStorage Data Usagepage displays the message "Back up data size calculation in progress..." until it completes. (RES-3467)(5.6) (5.6) Improved the TCP Dump enumeration so that appliances with multiple NICs will determine which interface to dump with, trying until an interface provides dumping capability. Also improved error handling so that the TCP dumps that fail to start will issue error reports. (Case: 00427074) (5.6)Restorepoint
Restorepoint is a Disaster Recovery and Secure Configuration Management appliance for network devices such as routers, switches, proxies, and firewalls. Restorepoint can automatically retrieve your network device configurations, detect changes and compliance violations, and report these automatically to network administrators. In this Powerhour session we will share with you how to add devices into Restorepoint, why having backups collected is useful in an autonomic IT environment, and how to leverage the SL1 platform in support of key workflows. Additionally, we will present the benefits of Governance, Risk and Compliance (GRC). Within the ScienceLogic Network Change and Configuration Management (NCCM) platform you will be backup over 100 different types of network equipment including firewalls to a central repository. Once the backup is collected then you can track change over time for auditing purposes as well as day to day operational needs to manage effective change control. Integration to the monitoring and automation platform adds layers of value which we will discuss during our session. When your organization is tasked with managing GRC then Restorepoint will apply your rules to assist in real time awareness of compliance. When configuration drift occurs then an alert will be sent to the SL1 platform for execution of automations in support of your defined workflow. For instance if you need to collect the difference of the last two configurations to compare an unplanned change while opening an incident into your IT Service Management (ITSM) product that can be completed so your operations team only need to receive the enhanced information set and begin resolutions steps. Often the best step is to revert the change and of course that’s supported from SL1 to allow for reduction in your Mean Time to Repair (MTTR). At the end of the June PowerHour you will have learned how to add devices into Restorepoint, why having backups collected is valuable and how to leverage the SL1 platform in support of key workflows. Additionally, we will present the benefits of Governance, Risk and Compliance (GRC). While blending into the overall SL1 platforms workflow operational needs
Configuration Recovery - SL RestorePoint
Hello all, I just had this question posed to our team regarding config recovery. "Do you have any way of retrieving the configs for switches that have been deleted from SLRP please?" Is there a way to retrieve a backup of RestorePoint (and maybe restore to a temp location) from a specific point in time? If anyone has any advice or previous experience with this SL RestorePoint scenario, your input would be greatly appreciated!
