5.4. Monitoring Compliance
- Verifying policy compliance.
- Detecting changes in compliance.
5.4.1. Compliance Policy Dashboard
- A ring chart illustrating a high-level view of hosts' compliance with the policy.
- A statistical breakdown of hosts' compliance with the policy, in tabular format.
- Links to the policy's latest report for each host.
Failedstatistic provides a useful metric for prioritizing compliance effort. Those hosts detected as
Never auditedshould also be a priority, since their status is unknown.
Figure 5.1. Compliance Policy Dashboard
5.4.2. Compliance Reports Overview
Figure 5.2. Compliance Reports Overview
5.4.3. Searching Compliance Reports
has. Regular expressions are not valid search criteria, however multiple fields can be used in a single search expression.
not: Negates an expression.
has: Object must have a specified property.
and: Combines search criteria.
The following search criteria finds all compliance reports for which more than five rules failed.
failed > 5
host ~ prod- AND date > "Nov 5, 2015"
rhel7_auditfrom an hour ago.
"1 hour ago" AND compliance_policy = date = "1 hour ago" AND compliance_policy = rhel7_audit
You can bookmark a search, allowing you to apply the same search criteria again.
Procedure 5.8. To Bookmark a Search:
- Apply your search criteria.
- From the Search list select Bookmark this search.
- Complete the Name field.If you want the bookmark available to other users of this Satellite instance, select the Public check box.
- Click Submit.
5.4.4. Viewing a Compliance Report
- Evaluation Characteristics
- Compliance and Scoring
- Rule Overview
220.127.116.11. Evaluation Characteristics
- The fully-qualified domain name (FQDN) of the evaluated host. Example:
- The URL of the SCAP content against which the host was evaluated. Example:
- The identifier of the benchmark against which the host was evaluated. A benchmark is a set of profiles. Example:
- The identifier of the profile against which the host was evaluated. Example:
- The date and time at which the evaluation started, in ISO 8601 format. Example:
- The date and time at which the evaluation finished, in ISO 8601 format. Example:
- The local account name under which the evaluation was performed on the host. Example:
Figure 5.3. Evaluation Characteristics
18.104.22.168. Compliance and Scoring
Figure 5.4. Compliance and Scoring
22.214.171.124. Rule Overview
Figure 5.5. Rule Overview
126.96.36.199. Examining Rule Results
Figure 5.6. Rule Evaluation Result
5.4.5. Compliance Email Notifications
- Details of the time period it covers.
- Totals for all hosts by status: changed, compliant, and incompliant.
- A tabular breakdown of each host and the result of its latest policy, including totals of the rules that passed, failed, changed, or where results were unknown.