ACI Security Report

This application provides simple audit reports that can be used for compliance checks or security audits.

Installation

This reporting application is included in the acitoolkit package when downloaded using the git clone method of installation. The application can be found in the acitoolkit/applications/reports directory.

Usage

The application is started from the command line. In its simplest form, it can be invoked by the following command:

python aci-report-security-audit.py

The full command help is shown below:

python aci-report-security-audit.py -h

usage: aci-report-security-audit.py [-h] [-u URL] [-l LOGIN] [-p PASSWORD]
                                    [--csv CSV]

Simple application that logs on to the APIC and produces a report that can be
used for security compliance auditing.

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     APIC URL e.g. http://1.2.3.4
  -l LOGIN, --login LOGIN
                        APIC login ID.
  -p PASSWORD, --password PASSWORD
                        APIC login password.
  --csv CSV             Output to a CSV file.

Output

By default, the audit report is displayed on the screen as comma separated values. If the --csv command line option is provided, the output will be sent to the specified filename in proper CSV format.

Each row of the report contains the following information:

* Tenant name
* Context (VRF) name
* Bridge Domain name
* Application Profile name
* EPG name
* Number of Consumer EPG Endpoints
* Provided Contract name
* Number of Providing EPG Endpoints
* Consumed Contract name
* Protocol specified in the Filter entry
* Source port range specified in the Filter entry
* Destination port range specified in the Filter entry