How to apply configuration for CMDB Compliance Dashboard. From my personal instance, In CMDB Health - > CMDB Compliance Scorecard, its showing calculated score is 57% {audit is showing 397/916 (43%)} How its calculated.
These scores are based on KPIs that are in the OOTB system, see Enable and configure a CMDB Health Dashboard job for the specific jobs.
These then feed in to the CMDB Health in this manner
Completeness: CIs are tested for required and recommended fields that are not populated.
Correctness: CIs are tested against pre-defined data integrity rules such as identification rules, orphan CI rules, and stale CI
rules.
Compliance: The CMDB data is audited for adherence to pre-defined certificates.
Relationships: The health of CI relationships is tested for indicators such as orphan and duplicate relationships. And for
compliance with suggested relationships, hosting and containment
rules.
Each of these are configurable within your instance using the Guided Setup
To get to the specific spot:
Navigate to Guided Setup > ITOM Guided Setup and click Continue.
Under to Configuration (CMDB), click CMDB Health.
You can configure these there
Related
I've been doing research on policy sets over the past little while and am trying to find more information about them. I believe I have a good idea of the answer to this question but I wanted to confirm.
To my understanding in WAS you have a server -> server profile -> policy sets -> services deployed to your server / server profile.
So that would mean that the only ways to define a policy set and apply it to multiple services at the same time would be to define the policy set within the context of a server profile and then apply it to any of the services that were deployed to that server/profile. We could also define a profile with certain policy sets and apply it to disparate servers that were housing different services?
Does that all sounds correct?
I just found out that what I mentioned in the original question is not completely true.
It turns out that you are able to define a policy set and then export it to your local drive and apply it to any server you like. This means that policy sets are not dependent on any parent, child relationship, rather they can be put into the appropriate slot as needed.
I am trying to locate a web page or alert service that I can sign up for to receive information on security patches / alerts relating to SonarQube.
I need to rate these advisories on a monthly basis to ensure that all security patches are applied in a timely manner.
Regards
Sean
The downloads page lists all the updates. You could just check there once a month.
If you pay SonarSource for support, you could express the desire to receive this information by email as well.
I don't know of any service that lists the info you need. That said, I don't remember seeing a lot of security alerts. It's not like Java where there are quarterly patches.
I followed the instructions on http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-scale-based-on-demand.html in order to have a CPUUtilization based auto scale group. i noticed that the alarms created by mon-put-metric-alarm create alarms that are listed on the cloudwatch dashboard. This means that on low cpu utlilization I always have a metric in ALARM state. Can I hide the auto scale metrics in the CloudWatch web interface?
Interesting question (+1) - I'm not aware of any option to hide the auto scale metrics in the Amazon CloudWatch web interface and the respective PutMetricAlarm API action doesn't feature a related option either.
While your use case is sound, the AWS team usually follows the Minimum viable product approach when implementing a new service initially, and despite steadily adding additional features later on, they still tend to obey the Pareto principle when choosing worthwhile features, so I doubt that your understandable request will be implemented anytime soon.
AWS has now added this feature, there is a check box next to the search var to hide all AutoScaling alarms.
I am looking to learn a little more about Oracle Identity Analytics (OIA) and how it works in conjunction with other Oracle Identity Management (OIM) products. For example, what is it's role in Identity/Access Management and how do companies typically utilize it?
You can think of OIA as of an accounts and entitlements warehouse where you'd go to figure out who has access to what, when OIM is more oriented to providing automation in managing (granting and revoking access).
Where I work we utilize it mainly for Identity Audit. It covers prevention and reaction to Segregation of Duties violations. ( For example developers shouldn't have direct, high-privileged access to production environment - that would be a violation ). It's done by designing and executing Identity Audit Policies and Rules against set of employees.
Unfortunately the tool has a lot of deficiencies, so one needs to test it thoroughly before making final decision. Some of them you will be able to solve by writing some small scripts, but some of them are fully on Oracle (scaling, performance, WebUI) so you might want to wait to find out more details about OIG (Oracle Identity Governance suite) that they've announced in Oct'12 ( http://www.oracle.com/us/corporate/press/1859216 )
Oracle Identity Analytics (OIA) augments the provisioning, re-certification and privileged access components of OIM by allowing you to run Audit Policies and Role Management.
OIM allows you to define roles to automate and simplify provisioning, but it does not have the role mining capability to suggest roles based on Who has access What already. Therefore in OIM you have to manually define the roles for users. OIA can partially automate the process by looking at the data bottom up to find commonality. Oracle suggest a hybrid approach, a combination of the two.
The audit polices are aimed at Separation of Duties (or toxic combinations) which allow you to prevent access being granted where there is a conflict of interest. A typical example would be the permissions to raise a payment request and permissions to approve a payment request in some software. This is particularly important in highly regulated environments such as banking and the health sector.
In OIM for Privileged Access you would not normally use a SoD constraint for a user to have both a non-privileged and a privileged account. In fact you would want a user to by default use the Standard account and then Step-Up through a break glass process to get their password and use a Privileged Access manager to maintain the audit trail. I am more familiar with CyberArk than the Oracle product included as part of OIM.
Under Oracle Identity Governance 11g PS 2 the licence agreement should give you all the products in the suite. Over time Oracle are further integrating the two products.
I'm evaluating CRM 2011 to replace an existing app and and have some questions about security and segregating information by Client (or Account).
I have a custom entity for 'Client'. There are lot of custom entities that are related to 'Client' which consitute the data needed to be captured.
I would like to limit specific teams/users to work on specific clients and see only the data for those clients that they have access to.
I'm seeing that individual entities can be assigned to teams/users but I need all related entities to be locked down by Client so that regular users
Dont see records in views or searches that belong to other clients.
Can't create or access records for other clients.
Can this be done in CRM 2011? How?
Also - is it possible to limit processes/workflows to operate or trigger on records of specific clients only?
Probably the easiest thing to do would be do base your security on business units. Groups of clients an their related records would all be in the same business unit, and as long as you set their security roles to only allow access to records in their own business unit, that would work.
For workflows that only trigger on particular clients, it depends on the exact requirements. You could certainly check the business unit of the client as the first step in the workflow and continue or exit based on that. If it's something more complex, you can write a custom workflow assembly to do the check for you.