Compliance Dashboard

When you edit running and designed configurations of provisioned devices, CloudVision automatically computes the difference and updates the compliance status in response to changes in the network.

The Compliance dashboard displays the real-time summary view of image, configuration and security compliance for all managed devices. The assessment uses bug details published on https://www.arista.com and leverages the network wide database to compute the exposure based on hardware and software versions. The CVP 2020.2.0 release comes packaged with a file named AlertBase.json which contains information about software defects and security vulnerabilities. See the figure below.

Figure 1: Compliance Dashboard

The Compliance Dashboard screen displays graphical and tabular presentation of bugs alerts.

Note: You can filter bug alerts using All Alerts, Unacknowleged Alerts, and Acknowledged Alerts dropdown options available next to breadcrumbs.

The compliance dashboard table consists of Bug Alerts and Device Configuration tabs.

Bug Alerts

The Bug Alerts tab provides the following information:

  • Identifier: Bug number for issues tracked.
    Note: The checkmark next to identifier ID signifies acknowledged bugs.
  • Type: Identifies the type of bug. Security vulnerabilities are tracked by type CVE. Software defects are tracked by type Bug. This field can be used to filter on either of these types.
  • Summary: Provides a description of the software defect/security vulnerability.
  • Severity: Calls out the severity of the software defect.
  • Device Count: Lists the number of devices impacted by the tracked issue.
    Note:
    • If a device is acknowledged in tracked issues, this count is decreased by one.
    • If the bug is acknowledged, CVP displays zero.
    • Unacknowledged actions undo these results.
  • Exposed Devices: Lists the names of devices impacted by the software defect or security vulnerability.
    Note:
    • If a device is acknowledged in tracked issues, CVP does not list its name.
    • If a bug is acknowledged, CVP displays None.
    • Unacknowledged actions undo these results.
    • CVP generates events for CVE bugs that are exposed on device(s). These events last until the bug either is resolved on the device or is acknowledged.

Click the listed bug alert to view more details from the corresponding Bug Alert - Identifier ID pop-window. See the figure below.

Figure 2: Bug Alert Pop-Up Window

You can fix listed bugs through one of the following ways:

  • Upgrading your device to versions mentioned under Version(s) Fixed

  • Installing the hotfix available at https://www.arista.com/en/support/advisories-notices as either a part of an image bundle or directly using the EOS CLI.
    Note: You can search for hotfixes via identifier IDs.

Click the Acknowledge Bug on n Device(s) and Close button to hide the corresponding bug from bug info in selected devices.

Note:
  • n presents the count of selected devices.
  • (Optional) Provide reasons for acknowledgement in the text box.
  • To undo the acknowledgement, reopen the bug to select acknowledged devices and click the Unacknowledge Bug on n Device(s) and Close button.

To acknowledge a bug for all current and future devices, select Always acknowledge instances of this alert checkbox and click Save and Close button.

Note:
  • (Optional) Provide reasons for acknowledgement in the text box.
  • To undo the acknowledgement, reopen the bug, unselect the checkbox, and click Save and Close.

The list of software defects and security vulnerabilities affecting a device are also available in the device view under the Compliance section.

Note: A checkmark is displayed next to an Identifier ID when either the bug is acknowledged or the current device is acknowledged for the correpoding bug.
Figure 3: Compliance Section Showing Status of Bugs

Device Configuration

The Device Configuration tab displays the following information:

  • Device - Lists the hostnames of devices.
    Note: Clicking on a device name opens the Running Configuration screen.
  • Status - Displays the device status on configuration compliance.
    Note: CVP tracks out of sync status for configuration, image, and extensions.
  • Last Compliance Check - Displays the timestamp of last compliance check.
Figure 4: Device Configuration Tab