After running an assessment and reviewing your assessment results, you can remediate any non-compliant items.

On the policy home page, the Activity tab shows a list of completed or in-progress assessments and remediations and their statuses:

Status Description
Queued The operation is ready to run but the minions have not started the operation.
Completed The operation is finished running.
Partial The operation is still waiting for some minions to return, although the operation has finished running.

When non-compliant systems have been identified during a compliance assessment, you can remediate them to bring them into compliance. You can choose to remediate individual checks or nodes (minions), or you can alternatively remediate all checks on all nodes.

Note: When you select to Remediate all, any exempted checks or nodes are not remediated.

You can add check and minion exemptions by selecting either the check from the policy home page, or the minion from the Minions tab and clicking Add Exemption. To remove an exemption, click the Exemptions tab, click the drop down arrow next to the exemption you want to remove, and click Remove Exemption.

Prerequisites

Before you can remediate your results, you must first run a compliance assessment. For more information, see How do I run a compliance assessment.

Procedure

  1. On the SaltStack SecOps Compliance home page, select a policy to view the most recent assessment results.
  2. You can choose to remediate all, remediate by check, or remediate by minion.
    1. To remediate all: On the Checks tab, click Remediate all.
    2. To remediate by check: Select a check to open the check description, scroll to the list of results from your last assessment, select all minions you want to remediate, and click Remediate.
    3. To remediate by minion: On the policy home page, click the Minions tab, select a minion, and click Remediate.

Results

Non-compliant results are remediated and made compliant.