The AUDIT_XML check pulls XML data from a the target, transforms it, and provides the result based on the evaluation criteria.



type : AUDIT_XML

description : ["description"]

request : ["api endpoint"]

xslt_stmt : ["xsl transformation"]

(optional) regex : ["regular expression"]

expect : ["regular expression of text that needs to be found"]

not_expect : ["regular expression of text that can not be found"]

(optional) check_option : [YES|NO]

(optional) match_all : [CAN_BE_NULL|CAN_NOT_BE_NULL]

(optional) match_case : [YES|NO]



The request is the identification of the NetApp API endpoint that is queried to retrieve the data.

Example endpoint: "<volume-get-filer-info></volume-get-filer-info>"


The xslt_stmt is an XSL template transformation that is used to convert the returning API result into a block of text that can be evaluated.

The xslt_stmt can be a multi-line field, or multiple single line fields. In the plugin, the multiple single lines would be combined into a single multi-line value. If the xslt_stmt does not exist, or is empty, a FAILED/ERROR result is produced, but will contain the original XML for debugging and development purposes.


(Optional) The regex is used to filter the full configurations to a smaller set of lines of text based on the regular expression.

expect or not_expect

The evaluation is based on expect or not_expect. Use only one of these fields in a check.

  • For expect, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.
  • For not_expect, if the regular expression matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.


The primary value used in check_option is CAN_BE_NULL. This option allows the evaluation of the data to be empty to produce a PASSED result. The default is to require data to be returned.


Setting match_all to YES requires the item to match all lines of text, and not just a single line of text. If match_all is set to the default NO, only one line must match for the check to pass.


Setting match_case to YES makes the comparison case sensitive. If match_case is set to the default NO, the comparison is case insensitve.



type : AUDIT_XML

description : "Telnet is disabled"

request : "<security-protocol-get><application>telnet</application></security-protocol-get>"

xsl_stmt : '<xsl:template match="/">Telnet: <xsl:value-of select="//security-protocol-info/enabled" /></xsl:template>'

expect : "Telnet: false"