ExtremeCompliance Overview (Legacy)
ExtremeCompliance, contained in the ExtremeCloud IQ - Site Engine > Compliance tab, provides oversight into the configuration of your devices and wireless threat alerts to ensure you are compliant with industry best practices.
|IMPORTANT:||The Compliance tab is available and supported by Extreme on an ExtremeCloud IQ - Site Engine engine running the Linux operating system supplied by Extreme. Other Linux operating systems can support ExtremeCompliance functionality, but python version 2.7 or higher must be installed. Additionally ExtremeCompliance functionality requires the git, python2, python mysql module, python setuptools module, and python "pygtail" module packages be installed and related dependencies managed by the customer for their server’s unique operating system and version.|
Run an ExtremeCompliance audit against devices on the Compliance tab or against device archives on the Archives tab.
|NOTE:||Compliance tab functionality requires you to acquire an additional license.|
ExtremeCloud IQ - Site Engine provides a set of audit tests that enable you to test the configuration of your devices. Groups of audit tests comprise a regime, which tests for a specific regulation or standard. ExtremeCloud IQ - Site Engine uses the results to determine a score that indicates compliance with a regulation or standard.
The regimes included in the Compliance tab are automatically included in your ExtremeCloud IQ - Site Engine version 23.02.11 installation on an ExtremeCloud IQ - Site Engine engine, but you must import them on a non-ExtremeCloud IQ - Site Engine engine by accessing the engine console, navigating to the
<install directory>/GovernanceEngine directory and entering
./governance-engine.py --db-import-all-tests --governance-type PCI to import the PCI regime and
./governance-engine.py --db-import-all-tests --governance-type HIPAA to import the HIPAA regime.
Configure a regime by disabling or editing specific audit tests within the regime. When the regime meets your needs, use it to run an ExtremeCompliance audit against a device or set of devices. You cannot run individual audit tests against a device.
The Compliance tab contains the following sub-tabs:
The Dashboard tab displays an overview of the audit test results for each regime. Additionally, the tab provides information about how the regime test results changed over time, the performance of each of the devices included in the audit test, and a list of the tests performed as part of the regime.
The Audit Tests tab contains a variety of audit tests organized into the regime or standard of which it is a part. You can also create your own audit tests for the devices on your network via the Audit Tests tab.
Audit tests can be run ad-hoc or on a scheduled basis. Use the results to ensure your devices are configured to industry standards and are safe from vulnerabilities.
ExtremeCompliance Integration with Workflows
You can integrate ExtremeCompliance with workflows functionality to automatically remediate devices that fail an audit test. By creating an alarm that is generated when a device fails an audit test, you can configure ExtremeCloud IQ - Site Engine to automatically run a workflow when the alarm occurs.
When configured, any time ExtremeCompliance performs an audit test for which a device fails, an alarm occurs that initiates a workflow designed to remediate the reason for the failure. To enable this functionality, configure ExtremeCompliance to send syslog messages by opening the
Installation Directory/GovernanceEngine/logger.conf file and ensure
For information on related help topics: