# Golden Template Rule-Based Policy Execution Golden Template Rule-Based Policy Execution enables NCCM to **automatically validate device configurations** against approved Golden Templates using Rules, Rule Groups, and scheduled Policies. This mechanism ensures continuous compliance monitoring and enables alerting and remediation when deviations are detected. This use case demonstrates how to configure and execute a Golden Template–based compliance policy end to end. ## **Purpose** * Enforce standardized device configurations using Golden Templates * Automatically detect configuration deviations * Trigger alerts and remediation actions on violations * Maintain auditability for compliance operations ### **Expected Outcome** After successful execution: * Devices are validated against Golden Template rules * Each device is marked as Complied or Violated * Violation severity is applied as configured * Notifications are sent to selected users * Optional remediation jobs are created * All actions are logged in the audit trail ### **Prerequisites** * Golden Templates are created and available * User has required privileges to manage Rules, Rule Groups, and Policies * Devices are onboarded, and configuration backups are available ## **Use Case Workflow** This use case consists of three mandatory steps: * Create a Golden Template Rule * Create a Rule Group * Create and schedule a Policy ### **Step 1: Create a Golden Template Rule** * Navigate to Network Configuration → Rules A Golden Template Rule defines **what configuration must be validated**, **how violations are identified**, and **what action should be taken** when a violation occurs. When **Golden Template** is selected as the Rule Type: * The **Configuration** field is disabled * Only Golden Templates matching the selected Vendor, OS Type, and user visibility are listed. **Rule Information |** Add Rule

Label	Action	Description / Example
Rule Name	Enter value	Enter a unique name to identify the Golden Template rule. Example: Golden Template – Interface Compliance
Description	Enter value	Provide a short description explaining the purpose of the rule. Example: Validates interface configuration using a golden template.
Vendor	Select	Select the device vendor. This value controls the list of eligible Golden Templates. Example: Cisco.
OS Name	Select	Select the operating system of the devices. Only templates matching this OS are displayed. Example: IOS.
OS Version	Optional	Specify the OS version if the rule must apply only to a specific version. If left empty, all versions are considered.
Rule Type	Select	Select Golden Template. When selected, the Configuration field is automatically disabled as per system design.
Configuration	System disabled	Select the configuration source against which the Golden Template validation must be performed. This field remains enabled for Golden Template rules and allows you to choose between device configuration types. Available options: Running – Validates the current running configuration on the device. Startup – Validates the startup configuration stored on the device. Example: Select Running to validate the live device configuration against the Golden Template.
Status	Enable / Disable	Enable to allow rule execution. Disabled rules are ignored during policy execution.

**Match Criteria |** Add Rule

Label	Action	Description / Example
Select and Load Template	Select	Displays only Golden Templates that match the selected Vendor, OS Name, and are visible to the logged-in user (Public or Private).
Golden Template Pattern	Auto-populated / Edit	Displays the configuration pattern loaded from the selected Golden Template. Patterns define the expected configuration structure using regex.
Ignore Patterns	Enter regex	Specify regex patterns to exclude matching configuration lines before validation. Example: ^ntp clock-period.*
Regex Validation	System validation	Both Golden Template Pattern and Ignore Pattern fields accept only valid regex. Invalid patterns block navigation and display an error message.

**Validation Rules:** * Only valid regular expressions are allowed * Invalid regex patterns block rule creation * Validation is case-insensitive

**Remedy Action |** Add Rule

Label	Action	Description / Example
Violation Severity	Select	Define the severity level raised when the rule violates. Values: Critical, Major, Minor
Rule Violation Message	Enter value	Message displayed when a violation occurs. Example: Golden Template Rule Violates
Notifier	Select	Select one or more users or entities to receive violation notifications.
On Violation Perform	Select	Define the remediation action to execute on a violation. Options: Script Execution, Rollback to Baseline, Rollback to Previous
Remediation Comments	Optional	Enter notes describing the remediation logic or expected corrective action.

![](https://content.gitbook.com/content/E4mkwSP8a1BSD9BFNFav/blobs/P5knJfnVvKXCtxcw0d9p/Unknown%20image) ### **Step 2: Create a Rule Group** * Navigate to Network Configuration → Rule Group A Rule Group associates one or more Golden Template rules with a **specific set of devices**. **Rule Group information |** Add Rule Group

Label	Action	Description / Example
Name	Enter value	Enter a name for the Rule Group that logically groups Golden Template rules. Example: Golden Template Check Devices
Description	Optional	Provide a brief description of the rule group's purpose.
Status	Enable / Disable	Enabled rule groups are eligible for policy execution.
Visibility	Select	Choose who can view and use this rule group. Values: Public, Private
Vendor	Select	Select the vendor of devices to which the rule group applies. Example: Cisco
OS Name	Select	Select the OS of the devices to be validated. Example: IOS
Asset Tags	Optional	Filter devices using asset tags if tagging is configured.
IP Address Range	Enter value	Define the IP range of target devices.Example: 10.0.4.*
Exclude IP Address	Optional	Exclude specific IPs or hostnames from rule execution. Example: 10.0.4.5

![](https://content.gitbook.com/content/E4mkwSP8a1BSD9BFNFav/blobs/ssbvQaSZ2m2BnyI2ccZf/Unknown%20image) **Rule Selection |** Add Rule Group

Label	Action	Description / Example
Associated Rules	Add	Add one or more Golden Template rules to the rule group. Only the rules of the Golden Template are selectable.
Actions	Edit / Delete	Modify or remove the group's associated rules.

![](https://content.gitbook.com/content/E4mkwSP8a1BSD9BFNFav/blobs/Dqk1TdbY4K1I7g69Enls/Unknown%20image) ### **Step 3: Create and Schedule a Policy** * Navigate to Network Configuration → Policies A Policy defines **when and how often** Golden Template rules are executed. **Add Policy |** Basic Details

Label	Action	Description / Example
Policy Name	Enter value	Enter a name to identify the policy. Example: Golden Template Policy
Description	Enter value	Describe the objective of the policy execution.
Status	Enable / Disable	Enabled policies execute based on the configured schedule.
Rule Group	Select	Associate one or more Golden Template rule groups with the policy.

![](https://content.gitbook.com/content/E4mkwSP8a1BSD9BFNFav/blobs/6uRu2atRy7zjqTrgk4eN/Unknown%20image) ### **Summary** This use case demonstrates how to enforce configuration compliance across network devices using a **Golden Template–based rule execution workflow**. In this process, a Golden Template rule is created to validate device configurations against a predefined standard, grouped with relevant devices using a rule group, and executed through a scheduled policy. Once the policy runs, device configurations are automatically evaluated for compliance. Devices that match the Golden Template are marked as compliant, while deviations are flagged as violations, triggering alerts and optional remediation actions such as script execution or rollback.