I am currently developing numerous Policy Reports/ Rules and Remediation scripts.
Firstly, we have implemented something called 'base config' which basically means all devices (mainly Cisco) will all have the same 'base' config items standardised. These include;
Banners (out of date and missing banners), Local user and secret/s, SNMP, SSH, sylogs, TACACS+, Time (timezone, BST, timestamps), ACLs, password encryption, NetFlow and the list goes on...
Now we have a myriad of device types, Firewalls, switches, routers, WLCs, content switches, blade 3020s, some old CatOS devices etc now I don't want to create separate Base Config Policy for all Device Types, I need one policy that covers all for ISO and Audit purposed..
However not all 'remediation scripts' can be applied to all types of devices or versions of IOS we still have some older IOS as we are in the process of a major hardware refresh.
The easiest way forward but be to be able to quickly exclude a device that has violated a rule for a set time (a bit like ignore in discovery, with the addition of a start/end date as with node 'unmanage'). This would mean that I can ignore banner rules when violated against Firewalls and content switches, but keep active against other devices.
Secondly, Remediation scripts from the above need to be able to interpret what IOS is running and various idiosyncrasies with different chassis etc . Is it possible to create a variable script for use with remediation scripts? - also can you make the text box where the remediation script is larger and expandible - as it only shows 3 lines of code!
And finally, Will there be the option to run some remediation on a schedule? for instance I would be quite happy for timezone, banners and smaller remediation scripts to be run instanltly on viloation being detected or on a schedule daily. I would want to enable/disable which rules within a policy would be allowed to be 'auto' run however - for peace of mind.
I have also attached some pics of reports i have created in Reporting Services, as I think NCM need to be able to provide this easy drill-down reports via sql RS and subscritions so that the violations reports can be emailed/exported on schedule to management etc