Configure remediation policies on tag policy audit findings

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • Configure and preview remediation options, generate keys, and perform actions to remediate non-compliance or failures that are based on your tag audit reports.

    Before you begin

    • Ensure that the tag audit policies are configured and in Active state.
    Role required: sn_itom_tag.tag_governance_admin, admin

    About this task

    Configure remediation policies that are based on your tag audit findings. Preview remediation options, generate keys, and perform actions to remediate non-compliance or failures that are based on your tag audit reports. You can run remediation automatically if you have mapped a remediation policy to an audit policy. You can also update the tags on non-compliant CIs at the cloud provider's end in real time.

    Important:
    Configure remediation policies and logic and also enable updating tags on cloud resources associated with the following CMDB classes:
    • Virtual Machines
    • Compute Security Groups
    • Storage Volumes
    • Cloud Networks
    • Cloud Subnet
    • Network Interfaces
    • Load Balancers
    • Availability Zones
    • Public IP addresses
    • Storage Accounts
    • Resource Groups
    The list of CMDB classes for which you can update tags on CIs in the CMDB as well as cloud resources also displays on the Tag Remediation form. If you select the Update Tags in Cloud check box in the Remediation form, remediation will only preview CI failures belonging to the CMDB classes listed.

    Procedure

    1. Navigate to All > Tag Governance > Remediation.
    2. Click New to create a new record.
    3. In the Name field, provide a unique descriptive name.
    4. In the Policy field, click the Lookup icon lookup icon.
      Note:
      The Policy Type field is automatically populated after you select a policy from the lookup list.
    5. In the Tag Policies list, configure a remediation tag policy in one of the following ways:
      • Select an existing tag policy from the lookup list.
      • Click New.
        Note:
        If you are creating a new policy you will have to run an audit before your can run remediation flows.
      1. Optional: Fill in fields on the Tag Policies form.
        For description of the form fields, see Tag Policies form.
      2. Click Submit.
      You have created or selected a policy for the remediation record.
    6. Optional: Select the AutoRemediation check box, to automatically run remediation on all non-compliant CIs in the CMDB.
      Remediation runs on CIs identified with policy failures, when the policy execution completes.
    7. Optional: Select the Update Tags in Cloud check box to apply remediation and update the tags in the relevant cloud provider environment for supported CMDB CI classes.
      Important:
      The Update Tags in Cloud feature works only for AWS and Microsoft Azure Cloud resources for CMDB classes listed in the Tag Remediation form.
    8. In the Tag Remediation form, click Submit.
      The Remediation policy is configured. You are redirected to the Tag Remediations list.