The AUDIT_XML check pulls XML data from a the target, transforms it, and provides the result based on the evaluation criteria.
type : AUDIT_XML
description : ["description"]
request : ["api endpoint"]
xslt_stmt : ["xsl transformation"]
(optional) regex : ["regular expression"]
expect : ["regular expression of text that needs to be found"]
not_expect : ["regular expression of text that can not be found"]
(optional) check_option : [YES|NO]
(optional) match_all : [CAN_BE_NULL|CAN_NOT_BE_NULL]
(optional) match_case : [YES|NO]
The request is the identification of the NetApp API endpoint that is queried to retrieve the data.
Example endpoint: "<volume-get-filer-info></volume-get-filer-info>"
The xslt_stmt is an XSL template transformation that is used to convert the returning API result into a block of text that can be evaluated.
The xslt_stmt can be a multi-line field, or multiple single line fields. In the plugin, the multiple single lines would be combined into a single multi-line value. If the xslt_stmt does not exist, or is empty, a FAILED/ERROR result is produced, but will contain the original XML for debugging and development purposes.
(Optional) The regex is used to filter the full configurations to a smaller set of lines of text based on the regular expression.
expect or not_expect
The evaluation is based on expect or not_expect. Use only one of these fields in a check.
- For expect, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.
- For not_expect, if the regular expression matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.
The primary value used in check_option is CAN_BE_NULL. This option allows the evaluation of the data to be empty to produce a PASSED result. The default is to require data to be returned.
Setting match_all to YES requires the item to match all lines of text, and not just a single line of text. If match_all is set to the default NO, only one line must match for the check to pass.
Setting match_case to YES makes the comparison case sensitive. If match_case is set to the default NO, the comparison is case insensitve.
type : AUDIT_XML
description : "Telnet is disabled"
request : "<security-protocol-get><application>telnet</application></security-protocol-get>"
xsl_stmt : '<xsl:template match="/">Telnet: <xsl:value-of select="//security-protocol-info/enabled" /></xsl:template>'
expect : "Telnet: false"