Administer > Audit and compliance > Audits, audit policies, and audit results > Audit results > Remediation methods

Remediation methods

In the Audit Result window, there are several ways to remediate non-compliant rules in audit results:

  • Remediate all: In the Audit Result window, from the Actions menu, select Remediate all to remediate differences found in the audit results.
  • Remediate by Server: Remediate by servers targeted by the audit results.
  • Remediate by rule: Remediate specific, individual audit rules.
  • SA does not support the remediation of the following two values on Windows Server 2000 servers for the Windows Local Security Settings rule, under Security Options: Rename AdministratorAccount and Rename Guest Account.
  • In this release, you cannot remediate ISAPI filters for the IIS 7.0 audit rule.

Remediate all

You can select to remediate all differences found in an audit result for all rules that are remediable. This option remediates all remediable rules on all servers targeted by the audit. Rules that have a status of Compliant are not remediated when the audit is run.

To remediate all differences found in an audit results:

  1. In the navigation pane select Library > By Type > Audit and Remediation > Audits.
  2. Select an audit. In the details pane below the audit list, all audit results associated with the audit are displayed.
  3. Select an audit result, right-click, and then select Open.
  4. In the Audit Result window, from the Actions menu select Remediate All.
  5. In the Remediate Audit window, step one shows the name of the audit, the target of the audit, and the rules defined in the audit. If you want to bypass all audit task steps, click Start Job to immediately run the audit job.
  6. Click Next.
  7. In the Scheduling page, specify whether you want the audit to run immediately or at a later time and date. To run the audit at a later time, select Start Time and then specify the start time and date.
  8. Click Next.
  9. In the Notifications page, by default your user will have a notification email sent when the audit completes, whether or not the audit job is successful. To add an email notifier, click Add Notifier and enter an email address.
  10. (Optional) You can specific whether you want the email to be sent on success or failure of the audit job.
  11. (Optional) You can specify a Ticket Tracking ID in the Ticket ID field. The ticket ID field is only used when HPE Professional Services has integrated SA with your change control systems. Otherwise, leave this field empty.
  12. Click Next.
  13. In the Job Status page, click Start Job to run the audit. When the audit has run, click View Results to view the results of the audit.

Remediate by rule

You can remediate specific differences found in rules in audit results by selecting individual rules that are out of compliance, and then re-running the audit to remediate only the rules you select. You can select to remediate by individual rule for all servers targeted by the audit, or choose only selected servers to have rules remediated.

To remediate specific differences found in audit results:

  1. In the navigation pane select Library > By Type > Audit and Remediation > Audits.
  2. Select an audit.
  3. In the details pane below the audit list, you see all audit results associated with the audit.
  4. Select an audit result, right-click, and select Open.
  5. In the Audit Result window, expand the Summary list, and then select Remediate By Rule. All differences discovered by rule in the audit results are displayed.
  6. For each rule you want to remediate, select the check mark in the list in the Enable Remediation column. This means that when you remediate the audit results, the rule will be remediated on all servers targeted by the audit that the rule is applied to.

    If you want to globally select all rules, right-click and then select Select All. To deselect all rules, right-click and then select Deselect All.
  7. When you have selected the rules you want to remediate, from the Actions menu, select Remediate.
  8. In the Remediate Audit window, step one shows the name of the audit, the target of the audit, and the rules defined in the audit. If you want to bypass all audit task steps, click Start Job to immediately run the audit job.
  9. Click Next.
  10. In the Scheduling page, specify whether you want the audit to run immediately or at a later time and date. To run the audit at a later time, select Start Time and then specify the start time and date.
  11. Click Next.
  12. In the Notifications page, by default your user will have a notification email sent when the audit completes, whether or not the audit job is successful. To add an email notifier, click Add Notifier and enter an email address.
  13. (Optional) You can specific whether you want the email to be sent on success or failure of the audit job.
  14. (Optional) You can specify a Ticket Tracking ID in the Ticket ID field. The ticket ID field is only used when HPE Professional Services has integrated SA with your change control systems. Otherwise, leave this field empty.
  15. Click Next.
  16. In the Job Status page, click Start Job to run the audit. When the audit has run, click View Results to view the results of the audit.

Remediate by server

You can remediate specific differences found in rules in audit results by the server that the audit targets. You can select to remediate all rules on all servers, or, all rules on selected servers.

To remediate specific differences found in an audit results by server:

  1. In the navigation pane select Library > By Type > Audit and Remediation > Audits.
  2. Select an audit.
  3. In the details pane below the audit list, all audit results associated with the audit are displayed.
  4. Select an audit result, right-click, and then select Open.
  5. In the Audit Result window, expand the Summary list.
  6. The contents pane lists servers targeted by the audit. For each server you want to audit, select the check box next to the server in the list in the Enable Remediation column, and then click Run Partial Audit.
    Or

    You can and expand the list of servers in the Views pane, and for each server you see all differences discovered on all servers targeted by the audit.

    For each server you want to remediate, select the check mark in the list in the Enable Remediation column. This means that when you remediate the audit results, all rules will be remediated on the selected servers.

    Or

    If you want to globally select all servers in the audit results, right-click and then select Select All. To deselect all servers, right-click and then select Deselect All.
  7. When you have selected the servers you want to remediate, from the Actions menu, select Remediate.
  8. In the Remediate Audit window, step one shows the name of the audit, the target of the audit, and the rules defined in the audit. If you want to bypass all audit task steps, click Start Job to immediately run the audit job.
  9. Click Next.
  10. In the Scheduling page, specify whether you want the audit to run immediately or at a later time and date. To run the audit at a later time, select Start Time and then specify the start time and date.
  11. Click Next.
  12. In the Notifications page, by default your user will have a notification email sent when the audit completes, whether or not the audit job is successful. To add an email notifier, click Add Notifier and enter an email address.
  13. (Optional) You can specific whether you want the email to be sent on success or failure of the audit job.
  14. (Optional) You can specify a Ticket Tracking ID in the Ticket ID field. The ticket ID field is only used when HPE Professional Services has integrated SA with your change control systems. Otherwise, leave this field empty.
  15. Click Next.
  16. In the Job Status page, click Start Job to run the audit. When the audit has run, click View Results to view the results of the audit.

Send Help Center feedback