I'd like to see the Compliance reporting tools get some additional functionality, to make it easier to find configurations that are in violation when viewing the compliance reports. As an example, when we check NTP settings on our devices, we want to make sure that one of a set of specific lines in the configuration, and that certain other lines are NOT present. Currently, the compliance check will indicate whether or not a configuration item was found, but not whether it should have been found, or if one of the alternate lines was present instead. I'd like to see something as simple as green checks and red crosses added to each subsection of a rule check.
E.g. For a rule that checks the following:
Rule must contain "ntp server 1.1.1.1" and "ntp server 2.2.2.2"
AND
Rule must NOT contain either "ntp server 3.3.3.3" or "ntp server 4.4.4.4"
If the lines "ntp server 1.1.1.1" and "ntp server 3.3.3.3" are present in the configuration, then the rule would be failed, but when expanding on why, a tick would be present to indicate that the first NTP server was found, and a red cross for the second, indicating that "ntp server 2.2.2.2" was not found in the configuration. Similarly, a red cross would be against the line for "ntp server 3.3.3.3" indicating it was found when it should not be, and a green tick for "ntp server 4.4.4.4" to indicate it was not present as desired.
This would greatly assist us with remediating configuration items and making more comprehensive complex checks, rather than having to customise a rule for every variation of a config line for each type of device that we have.
