Compliance Dashboard

When you edit running and designed configurations of provisioned devices, CloudVision automatically computes the difference and updates the compliance status in response to changes in the network.

The Compliance dashboard displays the real-time summary view of image, configuration, and security compliances for all managed devices. You can filter devices using All Devices, EOS Devices, and Wireless/AP Devices dropdown options available next to breadcrumbs. See the figure below:
Figure 1. Compliance Dashboard - Managed Devices

The assessment uses bug details published on https://www.arista.com and leverages the network wide database to compute the exposure based on hardware and software versions. The CVP 2020.2.0 release comes packaged with a file named AlertBase.json which contains information about software defects and security vulnerabilities.

The compliance dashboard table consists of Bugs and CVEs, Device Configuration, and End Of Life tabs.

Bugs and CVEs

The Bugs and CVEs tab displays graphical and tabular presentation of bug alerts. See the image below:
Figure 2. Compliance Dashboard- Bugs and CVEs
Note: You can filter bug alerts using All Alerts, Unacknowleged Alerts, and Acknowledged Alerts dropdown options available next to the tab title.

The donuts display the count of devices exposed to bugs and security and advisories where green signifies secured devices and red signifies exposed devices. Hover the cursor on the donut ring to view the count of devices exposed, total count of devices, and the percentile of exposed devices.

The table provides the following information:

  • Identifier: Bug number for issues tracked.
    Note: The checkmark next to identifier ID signifies acknowledged bugs.
  • Type: Identifies the type of bug. Security vulnerabilities are tracked by type CVE. Software defects are tracked by type Bug. This field can be used to filter on either of these types.
  • Summary: Provides a description of the software defect/security vulnerability.
  • Severity: Calls out the severity of the software defect.
  • Device Count: Lists the number of devices impacted by the tracked issue.
    Note:
    • If a device is acknowledged in tracked issues, this count is decreased by one.
    • If the bug is acknowledged, CVP displays zero.
    • Unacknowledged actions undo these results.
  • Exposed Devices: Lists the names of devices impacted by the software defect or security vulnerability.
    Note:
    • If a device is acknowledged in tracked issues, CVP does not list its name.
    • If a bug is acknowledged, CVP displays None.
    • Unacknowledged actions undo these results.
    • CVP generates events for CVE bugs that are exposed on device(s). These events last until the bug either is resolved on the device or is acknowledged.

Click the listed bug alert to view more details from the corresponding Bug Alert - Identifier ID pop-window. See the figure below.

Figure 3. Bug Alert Pop-Up Window

You can fix listed bugs through one of the following ways:

  • Upgrading your device to versions mentioned under Version(s) Fixed

  • Installing the hotfix available at https://www.arista.com/en/support/advisories-notices as either a part of an image bundle or directly using the EOS CLI.
    Note: You can search for hotfixes via identifier IDs.

Click the Acknowledge Bug on n Device(s) and Close button to hide the corresponding bug from bug info in selected devices.

Note:
  • n presents the count of selected devices.
  • (Optional) Provide reasons for acknowledgement in the text box.
  • To undo the acknowledgement, reopen the bug to select acknowledged devices and click the Unacknowledge Bug on n Device(s) and Close button.

To acknowledge a bug for all current and future devices, select Always acknowledge instances of this alert checkbox and click Save and Close button.

Note:
  • (Optional) Provide reasons for acknowledgement in the text box.
  • To undo the acknowledgement, reopen the bug, unselect the checkbox, and click Save and Close.

Device Configuration

The Device Configuration tab displays graphical and tabular presentation of image and configuration compliances. See the image below:
Figure 4. Compliance Dashboard - Device Configuration

The donuts display the total count of devices available for image and configuration compliances where green signifies compliant devices and red signifies non-compliant devices. Hover the cursor on the donut ring to view the count of non-compliant devices, total count of devices, and the percentile of non-compliant devices..

The table displays the following information:

  • Device - Lists the hostnames of devices.
    Note: Clicking on a device name opens the Running Configuration screen.
  • Status - Displays the device status on configuration compliance.
    Note: CVP tracks out of sync status for configuration, image, and extensions.
  • Last Compliance Check - Displays the timestamp of the last compliance check.

End of Life

The End of Life tab displays graphical and tabular presentation ofEnd Of Life (EOL) of devices . See the image below:
Figure 5. Compliance Dashboard - End of Life

The donuts display the total count of devices where green signifies the percentile of devices with more than 6 months of life, amber signifies the percentile of devices that are approaching EOL, and red signifies the percentile of devices that reached EOL. Hover the cursor on the donut ring to view the count and percentile of devices with more than six months of life.

The table displays the following information:

  • Device: Lists the hostnames of devices.
    Note: Clicking on a device name displays the hardware inventory details of child devices.
  • Type: Lists whether the device is a hardware or software.
  • Component: List the device model numbers for hardware devices and version numbers for software devices.
  • End of Life: Lists the earliest date of EOL.