Remediation with Restorepoint (Part I)
The Basics It’s important to understand that remediation options are part of the compliancerule definition, not the policy. That means a single policy can contain rules with different remediation options. To see the remediation options, go to Compliance --> Device Policies, open up a policy, and bring up the rule editor by either creating a new rule or selecting an existing one. You will see the “Remediation” drop-down menu: 1 - Remediation Type "Manual" The first and simplest remediation type is “Manual”. This is simply a text string providing instructions to an operator who is responding to a compliance alert. For example, a simple rule that checks for the existence of a default “public” SNMP community on a Cisco IOS device could have these very simple instructions: When a device is in violation of this rule, the remediation text will be included in the alert that gets generated. Here, in an email alert: 2 - Remediation Type "Automatic" The second remediation type, “Automatic”, lets you specify a series of commands to execute on the device. For example, to enable auto-remediation of our example “No Public SNMP Community” rule, you could run the “no snmp-server community public” IOS command: When a device is in violation of this rule, the specified commands are automatically executed on the device, bringing it back into compliance. 3 - Remediation Type "Command" The final remediation type, “Command”, is similar to “Automatic” except that, instead of entering the commands to run on the device, you can specify a previously saved Device Control script to run. In our example: Here, the "Remove Public SNMP Community" script has previously been saved and contains the same commands we used in the "automatic" example: Since device controls can be created as Lua scripts instead of simple lists of commands, using the “command” remediation type allows for more complex actions. Summary The goal of this article was to introduce the different Remediation options in Restorepoint. Remember: You don't have to add remediation steps to every rule in a policy -- and the ones you do add don't have to be of the same type. Even if you are not ready to enable automatic reconfiguration of devices in your environment, don’t be afraid to add a “manual” Remediation action to your compliance rules. Coming soon, I’ll post a follow-up article about using variables and Lua scripting to improve on the simple remediations we used today.Restorepoint
Restorepoint is a Disaster Recovery and Secure Configuration Management appliance for network devices such as routers, switches, proxies, and firewalls. Restorepoint can automatically retrieve your network device configurations, detect changes and compliance violations, and report these automatically to network administrators. In this Powerhour session we will share with you how to add devices into Restorepoint, why having backups collected is useful in an autonomic IT environment, and how to leverage the SL1 platform in support of key workflows. Additionally, we will present the benefits of Governance, Risk and Compliance (GRC). Within the ScienceLogic Network Change and Configuration Management (NCCM) platform you will be backup over 100 different types of network equipment including firewalls to a central repository. Once the backup is collected then you can track change over time for auditing purposes as well as day to day operational needs to manage effective change control. Integration to the monitoring and automation platform adds layers of value which we will discuss during our session. When your organization is tasked with managing GRC then Restorepoint will apply your rules to assist in real time awareness of compliance. When configuration drift occurs then an alert will be sent to the SL1 platform for execution of automations in support of your defined workflow. For instance if you need to collect the difference of the last two configurations to compare an unplanned change while opening an incident into your IT Service Management (ITSM) product that can be completed so your operations team only need to receive the enhanced information set and begin resolutions steps. Often the best step is to revert the change and of course that’s supported from SL1 to allow for reduction in your Mean Time to Repair (MTTR). At the end of the June PowerHour you will have learned how to add devices into Restorepoint, why having backups collected is valuable and how to leverage the SL1 platform in support of key workflows. Additionally, we will present the benefits of Governance, Risk and Compliance (GRC). While blending into the overall SL1 platforms workflow operational needs
