Editing an existing compliance definition

A compliance definition captures the device characteristics that must be validated as part of a specific policy. The scope of a compliance definition may range from a single configuration line that must evaluated to a complex evaluation of multiple configuration snippets with regular expression logic and parameters. Use this procedure to edit an existing compliance definition.

Before you begin

Users have the option of editing an existing compliance definition at any time. When all changes have been saved, the user can activate the policy component as a new version. The previous version becomes inactive.

About this task

Follow these steps to edit an existing compliance definition.

Procedure

  1. Select the Policy Definitions tab, and select Definitions.
  2. Right-click on the definition you want to edit, and select Edit Definition. Alternatively, select the definition and click the Edit Definition icon on the toolbar.

    The Edit Definition Details window displays.

  3. Make any necessary edits to the compliance definition. Use the following descriptions as a guide to editing the fields displayed in the Edit Definition Details window.
    Evaluation Line
    The value or expression on which you want to search.
    Parameters
    This is an optional field. This field provides a drop down list for the type of parameter you want. There is also an Insert Parameter button used to insert the parameter.
    Note: Placing a parameter inside another parameter is not supported.
    Match Criteria
    Specifies a drop down list for the criteria used to match the device configuration. The following table describes the options in the drop down list:
    Match option Description

    Match All

    Matches all evaluations added to the Compliance Definition.

    Match Any

    Matches any of the evaluations added to the Compliance Definition.

    Match None

    Matches none of the evaluations added must be found in the Device Configuration.

    Match One

    Matches only one of the evaluations added to the Compliance Definition. If more than one of the evaluations are matched, the match fails.

    Match Exactly

    Find and match all evaluations, and only these evaluations. If any found outside this criteria, the test result will Fail.

    Match Specific Number

    Matches a specific number of evaluations as defined by the user. For example, Match 2 out of the 6 evaluations listed. This choice activates an integer field called Specific Number.

    Number
    This is activated when the Match Specific Number option is chosen. An integer must be entered here.
    Evaluation Result if Context not found
    You can opt to choose the result you wish to receive if the context is not found. The options are: Fail, Pass, Not Assessed, Not Applicable.

    If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.

    Evaluation List Criteria
    Used to match evaluations shown in the list.

    See Match Criteria (for Group/Extraction Parameter values) above for explanation of choices available.

    Regex Tool
    You use the regex tool to test native definition regular expressions against a device configuration or a snippet of CLI. The regex tool is available for both definitions using native CLI configuration lines, and using native commands. You can either create your regex in the tool, or edit it using the text in the evaluation field.
    Regex Tool window elements Description

    Tabs

    You can add as many tabs as your memory allows. The regex in the Regex Pattern field is applied to each tab and the matches are highlighted.
    • To create a new tab, click the green plus (+).
    • To delete a tab, click the red X.
    • To rename a tab, double-click the name.
    Note: The test tabs are only available when the wizard is open.
    Regex Test Data evaluation field

    Configurations are displayed here, as are any matches when the regex is run.

    Matches are alternately highlighted in yellow and blue.

    Import Device

    The Import Device icon is displayed under the first tab. Using this, you can import a configuration from a device into the Regex Test Data field.

    When you click this option, the Device Select dialog opens. Drill down into the device realms and select a device. Click OK to populate the Regex Test Data field

    Import File

    This icon is displayed next to the Device tree icon. Using this, you can import a configuration from a text file into the Regex Test Data field.

    When you click this option, a standard file selection dialog opens. Drill down into your folders and select a file.
    Note: You can only select a text file.
    Click Open to populate the Regex Test Data field with the contents of the selected text file.
    Up arrow
    Down arrow

    These icons are displayed next to the Import File icon.

    Once you have obtained matches, the arrow icons are enabled and you can use them to move from match to match.

    Matches in the evaluation window are alternately highlighted in yellow and blue.

    Currently selected matches are highlighted in grey.

    These are enabled if there are matches on the selected tab. Up arrow highlights the previous match, down arrow highlights the next match. Current highlight matches are highlighted in grey

    Regex Pattern field

    Enter the regular expression for testing into the Regex Pattern field.

    Match

    Execute the test against all open tabs, and highlight the matches in each tab with a count of the number of matches returned on each tab.

    Clear Matches

    Clear the matches highlighted, as well as the Match count on each tab.

    OK

    Move the regular expression in the Regex Pattern field into the Regex Test Data field.

    Cancel

    Closes the Regex Tool window.

    Menu bar
    All options described are also available from the menu bar (File, Edit, Regex, Tabs):
    Edit
    In addition to the button options, you can access the cut, copy and paste functionality from the Edit menu.
    Regex
    In addition to the Regex button options, you can access a History dropdown from the Regex menu.
    The last ten successful matches are stored as history, with the most recent one at the top.
    Note: If the regex is over a certain length, the History dropdown list displays a truncated version of it.
    Add
    Adds another selection.
    Update
    Updates screen.
    Edit
    Edits current selection.
    Delete
    Deletes current selection.
    Test
    The definition test button is enabled when editing or creating a definition, but not when opening a definition. Also, it is only available for modeled and native definitions (not scripts).
    You use the definition test functionality to execute a definition against all open tabs, and view the results.
    You can test definitions using native CLI configuration lines, native commands or device models. You can view results in the evaluation list either in detail, or as a summary.
    Definition Test window elements Description
    Definition Test window

    When you click Test, the Definition Test window is displayed (it resembles the Regex Tool window).

    When you import definitions from a device, the type of definition you are creating determines what content is imported from the device:
    For modeled definitions
    Imports the xml configuration from the device.
    For native CLI definitions
    Imports the CLI configuration for the device.
    For native commands definitions
    Imports the show commands from the device into the text area in the tab.
    Warning: Importing a text file from a file with an xml extension may result in an error when you execute the test.

    Tabs

    You can add as many tabs as your memory allows. The definition is applied to each tab and the results are flagged on the tabs.
    Green flag
    Passed
    Red flag
    Failed
    Yellow flag
    Not assessed
    Evaluation list
    Results are displayed in the Evaluation list under a number of columns.
    Evaluation
    532: Is the same as XPath
    533: Is the same as Evaluation Line
    534: Is the same as Evaluation Line
    This is the search criteria for the Definition or the XPath to search for in the case of Device Models
    Match Criteria
    The criteria used to match the device configuration: Match All, Match Any, None, One, Exactly, Specific Number
    Match Criteria Argument
    532: Is the same as Number
    533: Is the same as Number
    534: Is the same as Number
    Only available on group parameters and extractions. Same as Match Specific Number.
    Default Result
    The default result is the value defined in the Evaluation Result if Context not found option, that is, one of Fail, Pass, Not Assessed, and Not Applicable.
    Note: If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
    User can opt to choose the result they wish to receive if the context is not found. The options are: Fail, Pass, Not Assessed, Not Applicable.
    If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
    Result
    Green text = Pass, Red text = Fail, Yellow text = Not Assessed/Not Applicable, Blue text =Error
    Restriction: Script parameters and extractions are not supported. If any are found in the evaluation they will not be assessed during the test, and the overall definition result will be not assessed.
    Details mode You can toggle between Details and Summary mode to select the level of detail displayed in the test results. When in Summary mode, you can click on each evaluation to display detailed results.
    Clear all Clears the results from the Evaluation List and tabs.
    Test Click to run the test
    Close
    Closes the Definition Test window.
    Note: The test tabs are only available when the window is open.
    Menu bar

    All options described are also available from the menu bar (File, Edit, Mode, Tabs).

  4. Click Finish to complete the editing of the specified compliance definition.

What to do next

The revision number on the modified compliance definition will have been incremented by one, and the compliance definition can now be activated.

It is not necessarily the compliance definition with the highest revision number that is active, as you can return to a previous version and activate it.