4 Understand Compliance Results
Oracle Configuration and Compliance uses a compliance score to give a numerical measurement to your system based on how compliant it is. This service makes use of alerts, remediations, and reports to give users a course of action.
Create an Alert Rule
Using Oracle Configuration and Compliance, you can create rules and select users who get notifications when the desired conditions activate.
-
From the menu, select Library, click Rules, and click Add.
-
Enter a name for the rule.
-
Select whether this rule applies to entity types or to individual entities, and click Add Condition.
-
Select Condition Type, and click Rule or Rule Set.
-
Select the Scope of this alert rule.
-
Select a Metric with the desired Operator, Warning, and Critical values.
-
Click Save.
-
Enter the names of the users to be notified when this alert rule activates, and click Save.
Note:
You can also notify your channels by adding them to this alert rule.
Prioritize Violations
Assessment results help compliance administrators prioritize compliance violations, create a remediation plan based on business objectives, and validate that those changes have been successfully made.
You can sort the assessment results by:
-
Entity Type
-
Entity Instance
-
Individual Violation
- From the menu, select Assessments, then click Runs.
- Click on a Assessment Run ID.
- Select a severity such as Critical or High.
- Click on the Violation Name to display the Violations Details page and plan your remediation.
Plan Remediations
Planning remediations will give you a clear vision on how to take care of compliance violations.
You can write and execute an automated remediation script or manually remediate the violation. Rerun your assessment template, validate successful remediation of the violation, and then verify the remaining violations.
You can find the following list located in the Compliance Violation Details Panel.
-
From the Summary page, click the Violations tab.
-
Click the Violation Name.
-
Rule Description - A description of the rule.
-
Entity - The host, database, or middleware target that the rule was run against.
-
Rule-Set Name - representing the typed benchmark that the rule belonged to and produce the violation.
-
Rationale - Explains the importance of this rule and consequences of non-compliance.
-
Remedy - Explains the steps necessary to bring the entity into compliance with regard to this rule.
Upload SCAP Results
Upload SCAP results from OpenSCAP and other SCAP engines directly to Oracle Configuration and Compliance .
- From the Oracle Configuration and Compliance landing page, click the Upload button.
- Enter a Upload Name.
- Select the Entities.
- Upload the Result File.
- Click Upload.
Generate Assessment Report
Generate a complete, self-contained HTML report for any historic assessment using Oracle Configuration and Compliance.
- From the Oracle Configuration and Compliance landing page, select Results, then click History.
- Select an Entity.
- Select a Rule-Set.
- Click a Data Point from the Stack Bar graph.
- Click Report.