Compliance and Essential Configurations

The Compliance and Essential Configurations section in the CMS ensures that software, services, and security policies are properly monitored and enforced. This encompasses managing compliance rules, configuring essential software/services.

Compliance Rules Management

Compliance rules are essential for enforcing security policies and ensuring adherence to company or regulatory standards.

Using Regex for Compliance and Non-Compliance Rules

Regular Expressions (RegEx) define patterns for compliant and non-compliant conditions.

• Example of a Compliance Rule (RegEx):

• "Services":"McAfeeFramework","Is Running":"Yes","Description":"(.*)","Startup Type":"(.*)","Group":"(.*)"
  

   This rule ensures that McAfee Antivirus Services are running.

• Example of a Non-Compliance Rule (RegEx):

• "Services":"McAfeeFramework","Is Running":"(No|NA)","Description":"(.*)","Startup Type":"(.*)","Group":"(.*)"
  

   Identifies systems where the McAfee service is not running.

 Activating and Publishing Compliance Rules

To activate and publish compliance rules:

Navigate to Compliance Rules Management in the CMS.

Click “+Create Rule” to add a new compliance rule.

Provide the following details:

• Name: Title of the compliance rule (e.g., “Antivirus Running”).
• Compliance Rule: Enter the RegEx pattern for compliant conditions.
• Non-Compliance Rule: Enter the RegEx pattern for violations.
• Rule Is Active?: Mark YES to enforce the rule.
• Publish: Set to YES to make the rule system-wide.

Click Save, and the rule will now be enforced.

Verifying Rule Effectiveness

After publishing, ensure the rule is effectively monitoring compliance.

For Auto Proactive Solutions:

• Go to the Self-Heal Section under the Compliance Page.
• Search for the compliance rule using filters.
• Check status and logs to confirm enforcement.

For Device Analytics Solutions:

• Navigate to Device Analytics → Compliance Page.
• Locate the compliance rule in reports.
• Verify if compliance/non-compliance records are being tracked.

Managing Essential Configurations

Essential Configurations focus on monitoring and updating key software/services.

Adding and Updating Configurations

To add a new configuration:

• Navigate to Essential Configuration Management.
• Click “+Configuration”.
• Enter the following details:
  • Name: Specify the service/software (e.g., “Firewall Service”).
  • Type: Choose between Service or Software.
  • Publish: Set to YES to activate the configuration.
•  Click Save to finalize.

To update an existing configuration:

• Click Edit next to the configuration.
• Modify the required fields.
• Click Save to apply changes.

 Monitoring Status and Updates

The Essential Service/Software Table helps monitor configurations with fields like:

• Name, Type, Status (Active/Inactive), Monitoring Status (Enabled/Disabled), Last Updated Date.

To manage updates:

• Use the Search Bar to filter by name/type.
• Click “+Update Configuration” to install updates for services/software.