Editing compliance rules

A Compliance Policy stipulates conditions that the devices must adhere to. A Compliance Policy contains Compliance Rules and can be configured to send an e-mail action in the event that a policy fails. Compliance Rules enable the user to combine multiple compliance definitions to build the full validation to which a device must adhere in order to pass a compliance test. Use this procedure to edit an existing Compliance Rule.

Before you begin

To define new Compliance Rules or edit existing Rules, access to the User Interface wizard is required. Compliance Rules can cover all devices in an entire network, a subset of devices or a specific device. Users have the option of editing an existing Compliance Rule at any time. When all changes have been saved, the user can activate Compliance Rule as a new version. The previous version becomes inactive.

About this task

Follow these steps to edit an existing Compliance Rule.

Procedure

  1. Access the Policy Definitions tab, and select Rules.
  2. Right click on the Rule you want to edit, and select "Edit Rule". Alternatively, select the Rule and Click the Edit Rule icon on the toolbar.

    The Edit Rule window displays.

  3. Make any necessary edits to the Compliance Rule. Amendments may be made to the graphical rule, and the action required in the event of non compliance. Use the following descriptions as a guide to editing the fields displayed in the Edit Rule window.
    Name
    Specifies the name of the Compliance Rule. The maximum number of characters for the name is 255. This is a mandatory field.
    Description
    Specifies a brief narrative attached to the newly created Compliance Rule that explains its function or use. The maximum number of characters for the description is 4000.
    Revision
    This number is automatically assigned and initially given a value of 1. Each time the Compliance Rule is edited, the revision number automatically increments by 1. This is for versioning control.
    Applicable Device Filter
    This filter allows the ability to select which device VTMOS applies to this rule. As well as drop down selection for VTMOS, a regular expression is supported for all filters. The selected value entered in the Model Filter will be checked against both 'Model' and 'Actual Model' fields (as in the Device Viewer).
    Note: The devices selected in the device filter rule must appropriately reflect the type of devices against which all compliance definitions and remedial actions in the rule can be applied. For example, Juniper routers must not be included if the definitions in a rule are specific to CISCO routers only. If in this example Juniper routers were included in the compliance rule device filter, each of the Juniper routers would fail the compliance evaluation, since the CISCO specific compliance definition would not be found in the Juniper device configuration. On the other hand, if a rule with the device filter is set appropriately is used against a device that is not supported by that rule, the device will be marked NA (not applicable) in the test results.
    Prev
    Go to previous selection.
    Next
    Go to next selection.
    Finish
    Finish current activity.
    Cancel
    Cancel current activity without saving.
  4. Click Finish to complete the editing of the specified Compliance Rule.

What to do next

The Revision Number on the modified Rule increments by 1, and the Compliance Rule can now be activated.

It is not necessarily the Compliance Rule with the highest Revision Number that is active, as the user may return to a previous version and activate. A new revision will only be created if the rule being edited is in an "active" or "inactive" state. No new revision will be created when the rule is in "workspace" mode.