diff --git a/content/automate/api_tokens.md b/content/automate/api_tokens.md index 744fffddd..484bb6f43 100644 --- a/content/automate/api_tokens.md +++ b/content/automate/api_tokens.md @@ -25,7 +25,7 @@ Navigate to _API Tokens_ in the **Settings** tab. Then, use the **Create Token** If a policy is assigned to an API token on creation, the API token will have permissions. If no policy is selected during its creation, the API token will have no permissions. To assign permissions to the API token any time after creation, navigate to _Policies_ in the **Settings** tab, locate the appropriate policy, and then add the API token as a member of the policy using a [member expression]({{< relref "iam_v2_guide.md#member-expressions" >}}). -![API Tokens](/images/automate/admin-tab-API-tokens-list.png) +![The API Tokens list in the Settings tab, showing the Create Token button and a table of existing tokens.](/images/automate/admin-tab-API-tokens-list.png) #### API Token Value diff --git a/content/automate/applications_dashboard.md b/content/automate/applications_dashboard.md index b02daec93..4ec25b358 100644 --- a/content/automate/applications_dashboard.md +++ b/content/automate/applications_dashboard.md @@ -31,7 +31,7 @@ The _Applications_ dashboard _Service Groups_ display gives you a top-level view The default _Service Groups_ view shows only the services that are available. The right sidebar provides detailed reporting for each individual service. -![EAS Service Groups List](/images/automate/eas-service-groups.png) +![Chef Automate Applications dashboard showing the Service Groups list with health status indicators and instance counts grouped by criticality in the sidebar.](/images/automate/eas-service-groups.png) ### Service Health Status Count @@ -92,7 +92,7 @@ Available search field types include _Origin_, _Service Name_, _Version_, _Chann After selecting your search field type, enter your specific search term, or select one from the auto-populated list of existing values. Applying the filter changes the Service Groups list to display matching results and updates health status display accordingly. -![EAS Filtered Service Groups List](/images/automate/eas-filtered-service-groups.png) +![Chef Automate Service Groups list filtered with environment:demo showing filtered services with their health status donut charts and updated health status counts in the sidebar (Total 5, Critical 2, Warning 2, OK 1).](/images/automate/eas-filtered-service-groups.png) ## Lifecycle Management diff --git a/content/automate/architectural_overview.md b/content/automate/architectural_overview.md index 3b411e1cc..85f188a80 100644 --- a/content/automate/architectural_overview.md +++ b/content/automate/architectural_overview.md @@ -15,7 +15,7 @@ draft = false ## Chef Automate 2 Architecture -![Chef Automate 2 Architecture](/images/automate/a2-architecture-os.png) +![Chef Automate 2 architecture diagram showing the load balancer, gateway, microservices including config management and compliance services, and backend databases with their port configurations.](/images/automate/a2-architecture-os.png) ## Component overview diff --git a/content/automate/client_runs.md b/content/automate/client_runs.md index 1526c58d3..c072eb0b8 100644 --- a/content/automate/client_runs.md +++ b/content/automate/client_runs.md @@ -21,7 +21,7 @@ Nodes appear in this view after a Chef Infra Client run completes. The Chef Infra Client Run Status chart displays a summary of node statuses: failed, successful, or missing, and the total node count. The chart changes as you select filters. -![Client Runs Overview](/images/automate/client-runs.png) +![Chef Automate Client Runs page showing a donut chart with Chef Infra Client run status (passed, failed, and missing nodes) with a status summary below and a node list table showing check-in status and platform details.](/images/automate/client-runs.png) ## Node list table diff --git a/content/automate/data_lifecycle.md b/content/automate/data_lifecycle.md index 3ba4e8957..31fb11ee0 100644 --- a/content/automate/data_lifecycle.md +++ b/content/automate/data_lifecycle.md @@ -21,7 +21,7 @@ Navigate to _Settings_ > _Data Lifecycle_ and adjust any settings you would like Users with `dataLifecycle:*` IAM access can see the data lifecycle job statuses, configure jobs or run jobs. While configuring the data lifecycle in a number of days, please refer to the section on [Impact On OpenSearch Shards](/automate/data_lifecycle/#impact-on-opensearch-shards) to set the appropriate maximum shards per node value. -![Data Lifecycle](/images/automate/data-lifecycle.png) +![Chef Automate Settings page for Data Lifecycle showing retention configuration options for event feed, Chef Infra Server actions, service groups, client runs, and compliance data.](/images/automate/data-lifecycle.png) ### Event Feed diff --git a/content/automate/event_feed.md b/content/automate/event_feed.md index 91fc079b4..6af4f9d02 100644 --- a/content/automate/event_feed.md +++ b/content/automate/event_feed.md @@ -19,7 +19,7 @@ The Guitar Strings visualization helps you drill into infrastructure and complia Users require permission for the `event:*` action to view and interact with _Event Feed_. Filter and search ability in _Event Feed_ requires user permission for the `infra:nodes:list` action. -![Event feed](/images/automate/event-feed.png) +![Chef Automate Event Feed dashboard showing a timeline of infrastructure events with symbols for create (blue circles), delete (pink circles), and update (purple diamonds) events.](/images/automate/event-feed.png) ## Event Guitar Strings @@ -31,7 +31,7 @@ Hovering over the icon shows a text box summarizing the events for that 4-hour w ## Icon Legend -![Event feed icon legend](/images/automate/event_icons.png) +![Chef Automate event feed icon legend showing symbols for Cookbook, Data Bag, Environment, Group, Multiple Events, Node, Organization, Permission, Policyfile, Profile, Role, Scan Job, and User.](/images/automate/event_icons.png) ## Grouped Events diff --git a/content/automate/ha.md b/content/automate/ha.md index a19d30301..082e686fc 100644 --- a/content/automate/ha.md +++ b/content/automate/ha.md @@ -30,7 +30,7 @@ Although this requirement isn't explicitly illustrated in the network architectu ### Chef Automate HA Architecture for OnPremise / Cloud Non-Managed -![High Availability Architecture](/images/automate/ha_arch_on_prem.png) +![Chef Automate High Availability on-premises architecture diagram showing DNS routing, primary and secondary load balancers, Chef Automate and Chef Infra frontend clusters, and PostgreSQL and OpenSearch backend clusters with backup storage.](/images/automate/ha_arch_on_prem.png) {{< note >}} In Chef Automate HA architecture for on-premises or non-managed Cloud deployments, frontend nodes connect to PostgreSQL over port **5432** and use port **6432** to perform leader checks. @@ -40,7 +40,7 @@ Chef has deprecated the earlier configuration that required frontend nodes to us ### Chef Automate HA Architecture for AWS Managed -![High Availability Architecture](/images/automate/ha_arch_aws_managedservices.png) +![Chef Automate High Availability architecture for AWS Managed Services showing DNS routing, load balancers for Chef Automate and Chef Infra, frontend clusters, and managed backend services (PostgreSQL and OpenSearch) with backup S3 storage.](/images/automate/ha_arch_aws_managedservices.png) {{< note >}} Chef Automate HA for Managed Services has default port 5432 for Managed PostgreSQL and 9200 for Managed OpenSearch. You can also change to your custom port. @@ -50,7 +50,7 @@ Chef Automate HA for Managed Services has default port 5432 for Managed PostgreS The following shows a five-node cluster, which is a supported deployment pattern. Work with your Progress technical teams to determine the appropriate cluster configuration for optimal performance based on parameters such as node count and data size. -![High Availability Architecture](/images/automate/ha_arch_minnode_cluster.png) +![Chef Automate High Availability architecture for on-premises minimum node cluster showing DNS, frontend nodes with Chef Automate and Chef Infra, and backend clusters for PostgreSQL and OpenSearch with specific port configurations.](/images/automate/ha_arch_minnode_cluster.png) {{< note >}} In Chef Automate HA architecture for on-premises or non-managed Cloud deployments, frontend nodes connect to PostgreSQL over port **5432** and use port **6432** to perform leader checks. diff --git a/content/automate/ha_disaster_recovery_setup.md b/content/automate/ha_disaster_recovery_setup.md index 3455b7a40..ec0c1edfc 100644 --- a/content/automate/ha_disaster_recovery_setup.md +++ b/content/automate/ha_disaster_recovery_setup.md @@ -26,7 +26,7 @@ In the above approach, there will be 2 identical clusters - primary cluster (or production cluster) - disaster recovery cluster -![Disaster Recovery Setup with 2 Identical Clusters](/images/automate/DR-2-cluster.png) +![Disaster recovery setup diagram showing a primary Chef Automate cluster and identical disaster recovery cluster with DNS failover routing, load balancers, and cron-triggered backup and restore operations.](/images/automate/DR-2-cluster.png) The primary cluster will be active and regular backups will be performed using `chef-automate backup create`. At the same time, the disaster recovery cluster will be restoring the latest backup data using `chef-automate backup restore`. diff --git a/content/automate/ha_disaster_recovery_setup_AWS.md b/content/automate/ha_disaster_recovery_setup_AWS.md index 67f123d76..27781c484 100644 --- a/content/automate/ha_disaster_recovery_setup_AWS.md +++ b/content/automate/ha_disaster_recovery_setup_AWS.md @@ -27,7 +27,7 @@ In the above approach, there will be two identical clusters - Primary Cluster (or Production Cluster) - Disaster Recovery Cluster -![Disaster Recovery Setup with 2 Identical Clusters](/images/automate/DR_AWS_Deployment.png) +![Chef Automate High Availability disaster recovery setup on AWS with DNS routing, primary and secondary load balancers, primary and DR clusters containing Chef Automate and Chef Infra frontend clusters, PostgreSQL and OpenSearch backend clusters, backup S3 storage, and cron-triggered backup/restore operations at regular intervals.](/images/automate/DR_AWS_Deployment.png) The primary cluster will be active and regular backups will be performed using `chef-automate backup create`. At the same time, the disaster recovery cluster will be restoring the latest backup data using `chef-automate backup restore`. diff --git a/content/automate/ha_troubleshooting.md b/content/automate/ha_troubleshooting.md index 07ca8d5ea..9a00a6194 100644 --- a/content/automate/ha_troubleshooting.md +++ b/content/automate/ha_troubleshooting.md @@ -17,7 +17,7 @@ This page explains the frequently encountered issues in Chef Automate High Avail ### Post Automate HA deployment if the chef-server service is in a critical state -![Chef Infra Server critical Error](/images/automate/chef-server-critical-error.png) +![Chef Infra Server service status output showing critical health check failures with process state, uptime, and error messages indicating deployment issues.](/images/automate/chef-server-critical-error.png) #### Solution diff --git a/content/automate/ha_verification_check.md b/content/automate/ha_verification_check.md index e12d6024c..644fc4ace 100644 --- a/content/automate/ha_verification_check.md +++ b/content/automate/ha_verification_check.md @@ -74,7 +74,7 @@ Once you run the verify command, it checks all the test cases defined. After it An example of a checks performed are shown in the below image: -![Config Verify Check](/images/automate/verify_checks_example.png) +![Chef Automate verify command output table showing health check results for system resources, software versions, certificates, SSH configuration, and backup settings with success and failure status indicators.](/images/automate/verify_checks_example.png) The above image shows the checks performed for Automate node. The checks in the above image are also performed on all the nodes in Automate HA, i.e., Chef Infra Server, PostgreSQL, OpenSearch, and Chef Automate (the one showed above). diff --git a/content/automate/iam_v2_guide.md b/content/automate/iam_v2_guide.md index 2fcdff249..af084038b 100644 --- a/content/automate/iam_v2_guide.md +++ b/content/automate/iam_v2_guide.md @@ -33,7 +33,7 @@ This policy display includes the following: * Imported v1 default policies--now called _legacy policies_--in the new v2 policy format and marked with the `[Legacy]` prefix. * Imported v1 custom policies that you created, which are marked with the `[Legacy]` prefix and a `(custom)` suffix. -![Migrated IAM v2 policies page](/images/automate/admin-policies-migrated.png) +![Chef Automate Settings Policies page showing the IAM v2 policies table with migrated legacy policies marked with [Legacy] prefix, indicating their type as custom, and status as in use.](/images/automate/admin-policies-migrated.png) ## Policy Conversion @@ -311,13 +311,13 @@ Compliance reports must be using **audit cookbook 7.5+** in order to make use of } ``` -![Create project rule interface](/images/automate/create-project-rule.png) +![Chef Automate Create Project Rule form showing fields for rule name, resource type selection (Node), and conditions for filtering resources by Chef Organization.](/images/automate/create-project-rule.png) Save the rule. If you later need to change the name or the conditions, select the project rule name on the project details page. When edits are pending, a banner will be shown at the bottom of every page. Selecting the `Update Projects` button on that banner will apply those changes. -![Chef Automate admin projects page](/images/automate/admin-projects.png) +![Chef Automate Settings Projects page showing a table of projects with their names, IDs, and ingest rule statuses, plus a banner indicating pending edits that need to be applied.](/images/automate/admin-projects.png) Updating a project begins an operation that applies all pending rule edits and then moves ingested resources into the correct projects according to those latest changes. An ingested resource is moved into a project if it matches at least one of the project's rules. In this example, upon successful update, all ingested resources whose Chef Organization matches `devops` will be considered a part of the project `project-devops`. @@ -335,7 +335,7 @@ Once rules have been successfully applied, the banner will be dismissed until th To verify that the ingested resources have been moved into the correct projects, select `project-devops` in the global projects filter, which is on the top navigation. The data in Chef Automate filters by the selected `project-devops` project. In this example, the effect is revealed by navigating to the Compliance Reports' Nodes tab, which only features nodes that belong to the `devops` Chef Organization. -![Global projects filter in navigation](/images/automate/global-projects-filter.png) +![Chef Automate global projects filter dropdown in top navigation showing project-devops selected with (unassigned) option and Apply Changes button, filtering Compliance Reports to show 3 nodes from DevSec Prod Beta environment.](/images/automate/global-projects-filter.png) Now that the first set of ingested data associated is in the new project, add another condition and a new rule to add more data to `project-devops`. @@ -373,7 +373,7 @@ Upon completion of the update, you should be able to filter by `project-devops` To create a project that contains all Effortless Infra nodes, create a ingest rule with resource type `Node` and a condition that uses attribute `Chef Infra Server`, operator `equals`, and value `localhost`. -![Effortless Infra project rule configuration](/images/automate/effortless-project-rule.png) +![Chef Automate project rule form for Effortless Infra showing Rule Name (all nodes), Resource Type (Node), and Conditions section with NODE ATTRIBUTE (Chef Infra Server), OPERATOR (equals), VALUE (localhost) fields, plus Save Rule and Cancel buttons.](/images/automate/effortless-project-rule.png) The above rule matches on a node's Chef Infra Server field, which is set to `localhost`. This rule works because all Effortless Infra nodes list the `Chef Infra Server` attribute as `localhost`. diff --git a/content/automate/iam_v2_overview.md b/content/automate/iam_v2_overview.md index 2689f9336..44a6092bf 100644 --- a/content/automate/iam_v2_overview.md +++ b/content/automate/iam_v2_overview.md @@ -26,7 +26,7 @@ The "who" may be a user, a team, or an API token. The following diagram shows the new policy structure. We detail the specifics in the next sections. -![IAM v2 policy structure diagram](/images/automate/iam-v2-diagram.png) +![Chef Automate IAM v2 policy structure diagram showing WHO (User, Team, API Token) connected to Policy, Policy containing Statements (Allow/Deny) and Roles with Actions, and WHERE (Project with Resource) scoping.](/images/automate/iam-v2-diagram.png) ## Policy Definition diff --git a/content/automate/large_compliance_report.md b/content/automate/large_compliance_report.md index d34930527..facbe3ee0 100644 --- a/content/automate/large_compliance_report.md +++ b/content/automate/large_compliance_report.md @@ -22,7 +22,7 @@ Chef Automate fails to ingest compliance reports larger than 4 MB sent through t The following architecture change enables Chef Automate to ingest reports larger than 4 MB. -![LCR Architecture](/images/automate/lcr_architecture.jpg) +![Chef Automate Large Compliance Report architecture diagram showing Chef Infra Client/InSpec sending compliance reports through data collector to Chef Automate OpenSearch, with backup S3 storage and an external MinIO service for storing large reports.](/images/automate/lcr_architecture.jpg) With this configuration, Chef Automate allows ingestion of large compliance reports and sends data to OpenSearch and an externally deployed MinIO service. In this configuration, Chef Automate expects a MinIO server running outside the Chef Automate ecosystem. diff --git a/content/automate/major_upgrade_4.x.md b/content/automate/major_upgrade_4.x.md index 32eb488b7..9060286b5 100644 --- a/content/automate/major_upgrade_4.x.md +++ b/content/automate/major_upgrade_4.x.md @@ -35,7 +35,7 @@ For example, if today you are on version _2021201164433_, your upgrade journey s ## Upgrade and migration flow -![Upgrade flow](/images/automate/migration-and-upgrade-v4-flow.png) +![Chef Automate upgrade and migration flowchart showing the major upgrade process from Start major upgrade through prerequisite checks, Y/N decision points, Elasticsearch to OpenSearch migration, and completion or termination outcomes.](/images/automate/migration-and-upgrade-v4-flow.png) ## Prerequisites diff --git a/content/automate/node_credentials.md b/content/automate/node_credentials.md index 1df006b6b..1f32ba78a 100644 --- a/content/automate/node_credentials.md +++ b/content/automate/node_credentials.md @@ -19,7 +19,7 @@ The Chef Automate Credentials page allows you to add, edit, and delete ``SSH``, To manage your credentials, navigate to the _Node Credentials_ page from the **Settings** tab. -![Node Credentials](/images/automate/node-credentials.png) +![Chef Automate Node Credentials page in Settings showing Create Credential button, credentials table with columns for Name, Credential Type, and Last Modified, displaying one example SSH credential entry.](/images/automate/node-credentials.png) Adding SSH, WinRM, and Sudo credentials is the first step for using the Chef Automate Compliance Scanner. After adding credentials, you'll be able to add nodes and create scan jobs. @@ -35,13 +35,13 @@ Select _Add Credential_ and a dialog box appears as shown below. Select the _Cre ### Add a SSH Credential -![SSH Credential Form](/images/automate/credentials-ssh.png) +![Chef Automate Create Credential form for SSH with fields for Name, Credential Type dropdown (SSH selected), SSH Username (abc), SSH Credential Type radio buttons (Password selected), SSH password field, and Create Credential/Cancel buttons.](/images/automate/credentials-ssh.png) **SSH** requires a credential name, a user name and either a SSH password **or** a SSH Private key, but not both. ### Add a WinRM Credential -![WINRM Credential Form](/images/automate/credentials-winrm.png) +![Chef Automate Create Credential form for WinRM with fields for Name, Credential Type dropdown (WinRM selected), WinRM Username, WinRM password (password for private WinRM), and Create Credential/Cancel buttons.](/images/automate/credentials-winrm.png) **WinRM** requires a credential name, a user name, and a WinRM password. @@ -69,7 +69,7 @@ Windows machines **must have** the following configurations: ### Add a Sudo Credential -![Sudo Credential Form](/images/automate/credentials-sudo.png) +![Chef Automate Create Credential form for Sudo with fields for Name, Credential Type dropdown (Sudo selected), Sudo Password (password for sudo), Command Line options field, and Create Credential/Cancel buttons.](/images/automate/credentials-sudo.png) **Sudo** requires a credential name, a user name, and a password **or** sudo options, but not both. diff --git a/content/automate/node_integrations.md b/content/automate/node_integrations.md index 228c48eac..79d1ea8d2 100644 --- a/content/automate/node_integrations.md +++ b/content/automate/node_integrations.md @@ -16,7 +16,7 @@ Set up Chef Automate to detect and monitor the nodes in your AWS EC2 and Azure a Access the _Node Integrations_ page from the **Settings** tab. -![Node Integrations](/images/automate/node-integrations.png) +![Chef Automate Node Integrations page in Settings showing Nodes by IP Address with manually managed nodes manager and Cloud Platform Providers section with Create Integration button and node managers table displaying Example AWS Integration (aws-api provider, reachable status).](/images/automate/node-integrations.png) ## Add an AWS EC2 Node Manager @@ -30,13 +30,13 @@ To create an AWS EC2 Node Manager, you need the following information: 1. Your AWS credentials (access key ID and secret access key) 1. The default region to target (if `us-east-1` isn't desired) -![Chef Automate Create AWS-EC2 Manager](/images/automate/node-integrations-full.png) +![Chef Automate Create AWS EC2 Node Manager form showing Name field, Service Type radio buttons (API selected for EC2), checkbox to read credentials from EC2 environment, AWS access key ID and secret access key fields, option to add new credential association by tag with Name key and vj-* value for ssh ec2 credential.](/images/automate/node-integrations-full.png) You can use associate your `ssh` or `WinRM` credentials with your EC2 instances using tag keys or values, using the option at the bottom of the screen. This feature supports wildcard matching, which is useful for grouping nodes. Chef Automate detects your nodes immediately after any update to the Node Manager, and maintains a current list of your node status. The following example uses tag with the key 'Name' and the value 'vj-' to associate those nodes with the 'ssh ec22' credential. Filter instances for scanning by specifying either regions or tags by their keys and values. -![Chef Automate Instance Credentials](/images/automate/instance-credentials.png) +![Chef Automate Node Manager credential association form showing Where field (Name tag key), vj-* value matching, and ssh ec2 credential selected for associating SSH credentials to EC2 instances matching that tag pattern.](/images/automate/instance-credentials.png) ### AWS EC2 Node Discovery @@ -58,7 +58,7 @@ Scan Jobs ### Create a Scan Job Targeting Your AWS Account Configuration -![Chef Automate Create AWS-API Scan Job](/images/automate/create-aws-api-scanjob.png) +![Chef Automate Create AWS API Scan Job form showing step 1 (Add Nodes) with 1 available node and 1 selected.](/images/automate/create-aws-api-scanjob.png) ### AWS API Scanning Endpoints @@ -132,7 +132,7 @@ The `ssm` Scan Job: Your Automate instance must be reachable (open to incoming traffic) from the instances being scanned in order for the SSM scanning to work. You can filter the instances to be scanned by specifying tag key/value matches or regions. -![Chef Automate Create AWS-EC2 Scan Job](/images/automate/create-aws-ec2-scanjob.png) +![Create scan job form for an AWS EC2 manager with selected nodes and optional region and tag filter rules.](/images/automate/create-aws-ec2-scanjob.png) ### AWS Credential-less Scanning @@ -163,7 +163,7 @@ When creating an Azure VM Node Manager, you will be required to provide: This information is required to detect the nodes in your Azure account. Chef Automate creates a nodes reference for each VM in your account, reading in all tags associated with each instance. Chef Automate detects your nodes immediately after any update to the Node Manager in order to maintain a current list of your node status. The following example uses a tag with the key 'Name' and the value 'vj-' to associate those nodes with the 'ssh ec2' credential. -![Chef Automate Create Azure-VM Manager](/images/automate/create-azure-vm-mgr.png) +![Add cloud management service form with Azure VM selected and fields for client ID, client secret, tenant ID, and tag association rules.](/images/automate/create-azure-vm-mgr.png) Chef Automate uses Azure's RunCommand functionality to run scan jobs on instances without needing `ssh` and `WinRM` credentials. In order for this functionality to work, the Automate instance must be reachable (open to incoming traffic) from the instances being scanned. @@ -178,7 +178,7 @@ You also have the option of using the traditional `ssh` and `WinRM` scanning by Chef Automate detects your nodes immediately after any update to the Node Manager, keeping a current view of your nodes' reachability. -![Chef Automate Instance Credentials](/images/automate/instance-credentials.png) +![Node manager credential association fields for matching VM tags to SSH or WinRM credentials.](/images/automate/instance-credentials.png) ### Create a Scan Job Targeting Your Azure VMs @@ -186,7 +186,7 @@ Filter the regions for the scan job by specifying regions to include or exclude. Filter instances for scanning by specifying either regions or tags by their keys and values. -![Chef Automate Create Azure-VM Scan Job](/images/automate/create-azure-vm-scanjob.png) +![Create scan job form for an Azure VM manager with selected nodes and optional region and tag filters.](/images/automate/create-azure-vm-scanjob.png) ## Use Case: Azure Account Scanning with Chef Automate @@ -203,7 +203,7 @@ When creating an Azure API Node Manager, you will be required to provide: This information is required to detect all subscriptions available to your Azure account. Chef Automate creates a nodes reference for each subscription in your account. -![Chef Automate Create API-Azure Manager](/images/automate/Node-Integrations-api-Azure.png) +![Add cloud management service form with Azure API selected and fields for Azure credentials and subscription ID.](/images/automate/Node-Integrations-api-Azure.png) ### Create a Scan Job Targeting Your Azure Account Configuration @@ -211,7 +211,7 @@ From the **Scan Jobs** tab, select the "Create new job" button. Filter the regions for the scan job by specifying regions to include or exclude. -![Chef Automate Create Azure-API Scan Job](/images/automate/create-azure-api-scanjob.png) +![Chef Automate Create Azure API Scan Job form showing step 1 (Add Nodes) with azure-api manager having 1 available and 1 selected node, and Inspec profile listed for scanning Azure resources.](/images/automate/create-azure-api-scanjob.png) ## Google Cloud Platform Account Scanning with Chef Automate @@ -226,7 +226,7 @@ To run a GCP scan in Chef Automate: Note: The service account json credential requires the following fields: `type`, `project_id`, `client_id`, `private_key_id`, `private_key`, `client_email`, `auth_uri`, `token_uri`, `auth_provider_x509_cert_url`, `client_x509_cert_url` -![Chef Automate Create GCP-API Integration](/images/automate/add-gcp-api-integration.png) +![Chef Automate Create GCP API Node Manager form showing cloud platform provider selection with GCP option, service account JSON credential upload field, and credential fields for service account setup.](/images/automate/add-gcp-api-integration.png) Set up Chef Automate to detect and monitor the nodes in your AWS EC2 and Azure accounts by providing your credentials in the [Node Credentials]({{< relref "node_credentials.md" >}}) page in the Settings tab and creating a node manager. Chef Automate creates a node reference for each instance in your account. Associate your EC2 and Azure instances with ssh and WinRM credentials using tags--the values support wildcard match--in your node manager. Run scan jobs with your node manager reference and you're suddenly running an `inspec exec` across your instances. Every two hours Chef Automate queries your AWS or Azure account to see the current state of all your nodes, if they're running, stopped, or terminated, and then updates Chef Automate accordingly. If the node manager finds an instance that used to be running and reachable, but which no is--if the node is stopped, terminated, or a transition state--it updates the status of that node in Chef Automate accordingly. @@ -236,4 +236,4 @@ From the **Scan Jobs** tab, select the "Create new job" button. Filter the regions for the scan job by specifying regions to include or exclude. -![Chef Automate Create GCP-API Scan Job](/images/automate/add-gcp-api-scanjob.png) +![Chef Automate Create GCP API Scan Job form showing step 1 (Add Nodes) with gcp-api node manager selected showing 1 available and 1 selected node, and step buttons for Add Profiles and Add Schedule.](/images/automate/add-gcp-api-scanjob.png) diff --git a/content/automate/notifications.md b/content/automate/notifications.md index 46855bd52..370bf7973 100644 --- a/content/automate/notifications.md +++ b/content/automate/notifications.md @@ -36,7 +36,7 @@ The steps to add different notifications to the Chef Automate is shown below: To add a servicenow notification for Chef Automate, follow the steps given below: -![ServiceNow notifications](/images/automate/servicenow-notifications-navigation.png) +![Chef Automate Notifications page showing ServiceNow webhook notifications table with columns for Name, Webhook Type, Failure Type, and Webhook URL displaying configured snow_client_run and snow_inspec_scan notifications.](/images/automate/servicenow-notifications-navigation.png) 1. In the **Settings** tab, navigate to the _Notifications_ page in the sidebar. 1. Select **Create Notification**. @@ -73,7 +73,7 @@ To delete a ServiceNow notification for Chef Automate: To add a Slack notification for Chef Automate: -![Slack Navigation](/images/automate/notifications-navigation.png) +![Chef Automate Notifications page showing Notifications list in Settings tab with Create Notification button, notification table with Name and Alert Type columns displaying Example Notification for Chef client run failures, and pagination controls.](/images/automate/notifications-navigation.png) 1. In the **Settings** tab, navigate to the _Notifications_ page in the sidebar. 1. Select **Create Notification**. @@ -107,7 +107,7 @@ To delete a Slack notification for Chef Automate: To add a webhook notification for Chef Automate: -![Webhook Navigation](/images/automate/notifications-navigation.png) +![Chef Automate Notifications page showing Notifications list in Settings tab with Create Notification button, notification table with Name and Alert Type columns displaying Example Notification for Chef client run failures, and pagination controls.](/images/automate/notifications-navigation.png) 1. In the **Settings** tab navigate to the _Notifications_ page in the sidebar. 1. Select **Create Notification**. diff --git a/content/automate/policies.md b/content/automate/policies.md index 26e9d2f14..61040648c 100644 --- a/content/automate/policies.md +++ b/content/automate/policies.md @@ -20,7 +20,7 @@ You need permission for the `iam:policies` action to interact with policies. Any user that's part of the `admins` team or the `Administrator` policy will have this permission. Otherwise, you can create [IAM custom policies]({{< relref "iam_v2_guide.md#creating-custom-policies" >}}) to assign this permission. -![Chef Automate Settings Policies page](/images/automate/settings-policies.png) +![Chef Automate Settings Policies page showing a policies table with columns for Name, Type, and Status, listing Chef-managed policies (Administrator, Editors, Ingest, Viewers) and custom project policies with their membership status.](/images/automate/settings-policies.png) ### Chef-Managed Policies diff --git a/content/automate/profiles.md b/content/automate/profiles.md index 3c0a8ec84..11769f022 100644 --- a/content/automate/profiles.md +++ b/content/automate/profiles.md @@ -18,7 +18,7 @@ Compliance profiles help you secure your infrastructure continuously. Chef Automate compliance profiles translate CIS Benchmarks and other security standards into easily readable policy. You can install and download one of our 300+ ready-to-use compliance profiles from Profiles, or upload your custom profiles. -![Chef Automate Profiles](/images/automate/asset-store-installed.png) +![Chef Automate Compliance Profiles page showing one installed profile and 395 available profiles to download with an Upload Profile button and profile table.](/images/automate/asset-store-installed.png) ## Using Profiles @@ -30,7 +30,7 @@ and the _Available_ page, which displays all of the ready-to-use compliance prof ### Installing Profiles -![Available Profiles](/images/automate/asset-store-profiles.png) +![Chef Automate Available Profiles list showing CIS Benchmark profiles with versions and Get buttons for installation.](/images/automate/asset-store-profiles.png) Locate profiles by browsing the list, or by using the search bar. To install a compliance profile into your namespace, simply select **Get** on the right side of the profile name. @@ -86,7 +86,7 @@ License Installed profiles display a cURL command for an ad-hoc profile run. -![Installed Profile Details](/images/automate/asset-store-details-installed.png) +![Chef Automate installed InSpec profile details page showing profile metadata (Status, Version, Maintainer, License, Platform) and a table of 54 controls with Impact severity and Total Tests columns.](/images/automate/asset-store-details-installed.png) ### Profile Body @@ -104,7 +104,7 @@ Severity Selecting the shaded area next to the control name or the `+` on the right side expands the control to show a more detailed description. Selecting **View Code** displays the control's InSpec code. -![Profiles Body](/images/automate/profile-detail-body.png) +![Chef Automate profile detail body showing a table of controls with control IDs (os-01, os-02, os-03, os-04), descriptions, severity levels marked as CRITICAL (1.0), and test counts, plus expandable InSpec code for each control.](/images/automate/profile-detail-body.png) ### About the Profile Identifier diff --git a/content/automate/projects.md b/content/automate/projects.md index a52a48090..8f70a1dc8 100644 --- a/content/automate/projects.md +++ b/content/automate/projects.md @@ -25,7 +25,7 @@ Navigate to _Projects_ in the **Settings** tab. Then use the **Create Project** When a project is created, three policies that control access to that project are also created. Those policies include: _Project Owner_, _Project Editor_, and _Project Viewer_. Adding members to these policies will grant them access to the project. -![Chef Automate projects settings page](/images/automate/settings-projects.png) +![Chef Automate Settings Projects page showing Create Project and Update Projects buttons with a projects table listing Dev Ops, Example Project, and Finance with their IDs and ingest rule statuses (Applied, No rules, Edits pending).](/images/automate/settings-projects.png) ### Deleting Projects diff --git a/content/automate/reports.md b/content/automate/reports.md index 5d705e7d2..576ff84dc 100644 --- a/content/automate/reports.md +++ b/content/automate/reports.md @@ -16,7 +16,7 @@ The _Reports_ page provides a comprehensive insight into all scanned infrastruct {{< note >}} If the size of a report goes over 4MB, enable the **Large Compliance Report** feature to make the **Reports Page** and **Download Report** work as expected. {{< /note >}} -![Reports](/images/automate/reports.png) +![Chef Automate Reports page showing a Node Status donut chart with 30 total nodes (29 failed, 0 passed, 1 skipped), severity bar chart with critical/major/minor failures, Node Status trend graph over time, and platform/environment bubble charts.](/images/automate/reports.png) ## Dates in Compliance Reports @@ -24,7 +24,7 @@ The dashboard shows the results of all scans with end times on the _current sele To view scan reports in the past, users can select a different date from the calendar located in the search bar. -![Reports Date Selector](/images/automate/reports-date.png) +![Chef Automate Reports page date selector showing a blue calendar button with "10 Aug 2020" in the upper right corner for selecting different scan report dates.](/images/automate/reports-date.png) ## Search Bar and Filters @@ -129,31 +129,31 @@ When you configure Chef Automate to ingest an extensive compliance report of siz - Select **Download JSON** or **Download CSV** buttons to trigger the report generation process. A notification pops up to confirm that the generation has started. -![Notification upon Download request submitted](/images/automate/lcr-acknowledgement.png) +![Chef Automate Large Compliance Report download confirmation notification stating 'Download request is submitted. You will get notification once it's ready for download.' with blue notification banner and Node Status overview visible.](/images/automate/lcr-acknowledgement.png) - Select **Open Report** link to view the report status. -![Report Status Link](/images/automate/lcr-request-view.png) +![Chef Automate Report status showing Download CSV and Download JSON buttons and Open Report link with the Reports page displaying Node Status donut chart and severity failure chart.](/images/automate/lcr-request-view.png) - The report's status shows the generation and processing status of the Reports on a sidebar. -![Report Generation Status Check Panel](/images/automate/lcr-request-view-panel.png) +![Chef Automate Generated Reports sidebar panel showing pending and completed report requests with timestamps, sizes (275.20kb), and durations, plus a progress bar for the report generation status.](/images/automate/lcr-request-view-panel.png) - The system generates and processes the requested report on a sidebar showing the status. -![Report Generation Completed and Ready for Download](/images/automate/lcr-report-ready.png) +![Chef Automate report generation completion notification stating 'JSON report is ready for download' with blue banner and Reports page showing Node Status overview.](/images/automate/lcr-report-ready.png) ### Download Report Select the corresponding link on the status sidebar to download the generated report. -![Report Download](/images/automate/lcr-report-download.png) +![Chef Automate Generated Reports sidebar showing completed report downloads with blue highlighted first row, file size (183.60kb), and generation duration (3s) ready for download selection.](/images/automate/lcr-report-download.png) ## Compliance Status and Report Metadata The _Compliance Status and Report Metadata_ bars are directly beneath the search bar. Select the compliance status bar to expand the `Report Metadata` information. The report metadata summarizes the nodes, report date, duration, status, number of platforms, number of environments, and number of profiles used in your scan. -![Reports Metadata](/images/automate/reports-metadata.png) +![Chef Automate Report Metadata bar showing 30 Nodes, Report Date Mon, 10 Aug 2020, Status Failed on left side and 5 Platforms, 10 Environments, 12 Profiles on right side.](/images/automate/reports-metadata.png) ## Compliance Overview @@ -211,7 +211,7 @@ The _Nodes_ view provides more detailed insight into the compliance status of th Sort this table by node name, platform, environment, last scan, and the number of control failures from the most recent compliance scan. Scroll to the bottom of the page for pagination navigation options. -![Reports Nodes](/images/automate/reports-nodes.png) +![Reports Nodes tab showing node compliance totals and a table of nodes with platform, environment, last scan time, and control failures.](/images/automate/reports-nodes.png) Node : A node is any machine that's under management by Chef. @@ -238,7 +238,7 @@ More Options Use the **Profiles** tab to examine the compliance profiles installed under your user account. -![Reports Profiles](/images/automate/reports-profiles.png) +![Reports Profiles tab showing profile compliance totals and a table of profile titles with versions and identifiers.](/images/automate/reports-profiles.png) Profile Title : The profile's name is obtained from the _Profile Store_ or uploaded. @@ -256,7 +256,7 @@ More Options Use the **Controls** tab to examine the compliance controls installed under your user account. -![Reports Controls](/images/automate/reports-controls.png) +![Chef Automate Controls tab showing a table of compliance controls from CIS Azure Foundations Benchmark profile with columns for Control Name (for example, 1.1, 1.10, 1.11, 1.12), Profile, Impact severity (MAJOR 0.5), Last Scan, and Node Status counts.](/images/automate/reports-controls.png) Control Name : Control name and a short description of its purpose @@ -280,7 +280,7 @@ More Information The node name is at the top of the header, directly above the node compliance status. -![Reports Node Detail](/images/automate/reports-node-detail.png) +![Chef Automate node detail page for q2-local-desktop-fresh-install-acceptance.cd.chef.co showing failed scan results with 71 total controls (62 failed, 9 passed, 0 skipped), plus control details table with ssh-01 control showing CRITICAL severity, ssh-baseline profile, 11 test results, and Results/Source tabs.](/images/automate/reports-node-detail.png) The node history table displays the following information: @@ -304,4 +304,4 @@ More Information Select **Scan History** in the upper right corner to open a side-window. Choosing a compliance scan from this list redirects you to a view of all controls run during the selected scan. -![Scan History](/images/automate/reports-scan-history.png) +![Chef Automate Scan History side panel showing scan history for node q2-local-desktop-fresh-install-acceptance.cd.chef.co with a list of scan results including Mon, 10 Aug 2020 16:19:36 UTC (6 hours ago) highlighted in blue.](/images/automate/reports-scan-history.png) diff --git a/content/automate/roles.md b/content/automate/roles.md index 481bc3dde..0da360e16 100644 --- a/content/automate/roles.md +++ b/content/automate/roles.md @@ -19,7 +19,7 @@ To interact with roles, users need permission for the `iam:roles` action. Users who are members of the `admins` team or the `Administrator` policy already have this permission. For all other users, you can create [IAM custom policies]({{< relref "iam_v2_guide.md#creating-custom-policies" >}}) to grant this permission. -![Chef Automate settings roles page](/images/automate/settings-roles.png) +![Chef Automate Settings Roles page showing a roles table with columns for Name and Type, listing Chef-managed roles (Editor, Ingest, Owner, Project Owner, Viewer) and custom roles (Example Role).](/images/automate/settings-roles.png) ## Chef-managed roles diff --git a/content/automate/scan_jobs.md b/content/automate/scan_jobs.md index 9a54efe96..bd3365201 100644 --- a/content/automate/scan_jobs.md +++ b/content/automate/scan_jobs.md @@ -124,7 +124,7 @@ curl -sSX GET "https://automate-url/api/v0/nodes/rerun/id/d92b0c26-0c9a-4a04-b69 ### How to Add an Environment Value for Project Assignment When creating a manually added node, use the 'Environment' tag to assign an environment to the node. `Environment` is the only supported field for project filtering on scan job results. -![Manual Node With Environment Tag](/images/automate/environment-tag-manual-node.png) +![Chef Automate manually added node form showing Environment Tag input with value "development" and Environment dropdown showing "chef-dev" selected for environment assignment.](/images/automate/environment-tag-manual-node.png) ### FAQ diff --git a/content/automate/servicenow_event_creation.md b/content/automate/servicenow_event_creation.md index ecc866f56..8fb2489d6 100644 --- a/content/automate/servicenow_event_creation.md +++ b/content/automate/servicenow_event_creation.md @@ -59,7 +59,7 @@ You can set up automatic event creation and alerts for: The scheduled jobs include a script that deletes client runs and Chef InSpec scans when clients remove associated events. Client event rules delete those events. - ![ServiceNow Event Creation modules](/images/automate/sn_event_menus.png) + ![ServiceNow Chef Events navigation showing modules for client run alerts, InSpec scan alerts, all events, runs, scans, logs, and scheduled jobs.](/images/automate/sn_event_menus.png) ## Properties @@ -72,7 +72,7 @@ To change the Event Creation App properties: 1. Enter your changes in the **Chef Events Properties** form. 1. Select **Save**. - ![ServiceNow Event Creation Configuration Page](/images/automate/sn_event_properties.png) + ![Chef Event Properties page with message key settings for Client Run and InSpec Scan and an option to enable logging.](/images/automate/sn_event_properties.png) ### Chef Infra Client events @@ -90,7 +90,7 @@ To set up automatic event reporting for failed Chef Infra Client runs from Chef 1. Select **Test Notification**. If the test passes, ServiceNow displays **Notification test connected**. If the test fails, ServiceNow displays a message with connection or credential details to help you fix the error. - ![Chef Automate Event Creation for Client Run Failures](/images/automate/sn_event_client_run_creation.png) + ![Create Notification dialog configured for ServiceNow client run event alerts with webhook URL and credentials.](/images/automate/sn_event_client_run_creation.png) 1. Select **Create Notification** to save this notification. A confirmation message, **Created notification "unique notification name specified"** appears. @@ -110,7 +110,7 @@ Follow these steps to report failed Chef InSpec scans from Chef Automate: 1. Select **Test Notification**. If the test passes, ServiceNow displays **Notification test connected**. If the test fails, ServiceNow displays a message with connection or credential details to help you fix the error. - ![Chef Automate Notification for Chef InSpec Scan Failures](/images/automate/sn_event_compliance_scan_creation.png) + ![Create Notification dialog configured for ServiceNow InSpec scan event alerts with failure type and webhook URL.](/images/automate/sn_event_compliance_scan_creation.png) 1. Select **Create Notification** to save this notification. A confirmation message, **Created notification "unique notification name specified"** appears. diff --git a/content/automate/servicenow_incident_creation.md b/content/automate/servicenow_incident_creation.md index 4840c685a..b0ec6da8d 100644 --- a/content/automate/servicenow_incident_creation.md +++ b/content/automate/servicenow_incident_creation.md @@ -16,7 +16,7 @@ The Chef Automate Incident Creation App for ServiceNow is a certified app availa The Incident App exposes the REST API endpoint for communication between Chef Automate and the ServiceNow instance. Chef Automate sends HTTPS JSON notifications to the Incident App in a ServiceNow instance to creates and update incident failures. -![ServiceNow and Chef Automate Flow](/images/automate/SNOW_Automate_diagram.png) +![Flow diagram showing Chef Automate sending HTTPS notifications to the Incident Creation application in a ServiceNow instance.](/images/automate/SNOW_Automate_diagram.png) ## Key Features of the Incident App @@ -65,7 +65,7 @@ To set up automatic incident reporting for failed Chef Infra Client runs from Ch * **ServiceNow Password**: The password you use to sign in to ServiceNow. 1. Select **Test Connectivity**. A successful test displays **Notification test connected successfully**. An unsuccessful test displays a message with information about any connection or credential problems to help you fix the error. - ![Chef Automate Notification for CCR Failures](/images/automate/SNOW_CCR_Setup.png) + ![Create Notification dialog configured for ServiceNow and Infra Client run failures with webhook URL and credentials.](/images/automate/SNOW_CCR_Setup.png) 1. Select **Create Notification** to save this notification. @@ -83,7 +83,7 @@ Follow these steps to report failed Chef InSpec scans from Chef Automate: * **ServiceNow Password**: The password you use to sign in to ServiceNow. 1. Select **Test Connectivity**. A successful test displays **Notification test connected successfully**. An unsuccessful test displays a message with information about any connection or credential problems to help you fix the error. - ![Chef Automate Notification for InSpec Scan Failures](/images/automate/SNOW_Scan_Setup.png) + ![Create Notification dialog configured for ServiceNow and InSpec compliance scan failures with webhook URL and credentials.](/images/automate/SNOW_Scan_Setup.png) 1. Select **Create Notification** to save this notification. @@ -98,7 +98,7 @@ To change the Incident App properties: 1. Enter your changes in the **Chef Incident Properties** form. 1. Select **Save**. - ![ServiceNow Configuration Page](/images/automate/SNOW_config_page.png) + ![Chef incident properties page in ServiceNow with association, assignment, impact, urgency, retention, and logging settings.](/images/automate/SNOW_config_page.png) ### Incident App Properties @@ -107,11 +107,11 @@ To change the Incident App properties: Create an incident for `cookbook` creates a failed cookbook by setting the value to `cookbook`. This associates all failing Chef Infra Client runs with the corresponding incident. `cookbook` is the default value because the number of nodes exceeds the number of cookbooks in any system. The short description of the incident provides information about the failure: - ![CCR Failed Cookbook Description](/images/automate/SNOW_Failed_Cookbook.png) + ![ServiceNow incident showing a failed Chef Infra Client run for a cookbook with short description and error details.](/images/automate/SNOW_Failed_Cookbook.png) The **Chef Infra Client runs** tab of the incident displays the associated client runs. Setting the value to `node` creates an incident for each failed node. All failing Chef Infra Client runs for a node associates with the corresponding incident. The short description of the incident provides information about the run failure for one node. - ![CCR Failed Node Description](/images/automate/SNOW_Failed_Node_CCR.png) + ![ServiceNow incident activity and related records showing client run failure details for a node-associated incident.](/images/automate/SNOW_Failed_Node_CCR.png) `x_chef_incident.scan_association` @@ -119,11 +119,11 @@ To change the Incident App properties: Create a Chef InSpec compliance scan incident by setting this value to `profile`. This associates all failed Chef InSpec scans with the corresponding incident. `profile` is the default value because the number of nodes exceeds the number of profiles. The short description of the incident provides information about the failure. - ![Scan Failed Profile Description](/images/automate/SNOW_Failed_Profile_Scan.png) + ![Chef InSpec scan record in ServiceNow showing a compliance failure entry linked to an incident.](/images/automate/SNOW_Failed_Profile_Scan.png) The **Chef InSpec scans** tab of the incident displays the associated Chef InSpec scans. Setting the value to `node` creates an incident for each failed node. All Chef InSpec scans failing for a node associates with the corresponding incident. The short description of the incident indicates the failed node. - ![Scan Failed Node Description](/images/automate/SNOW_Failed_Node_Scan.png) + ![ServiceNow incident showing InSpec scan-related activity and a table of associated failed scan records by node.](/images/automate/SNOW_Failed_Node_Scan.png) `x_chef_incident.assigned_to` diff --git a/content/automate/servicenow_reference.md b/content/automate/servicenow_reference.md index cf755cf72..378b8eacb 100644 --- a/content/automate/servicenow_reference.md +++ b/content/automate/servicenow_reference.md @@ -328,11 +328,11 @@ The `x_chef_incident.api` role is suitable for users responsible for integrating Setting the value to `cookbook` creates an incident for the failed cookbook. All failing Chef Infra Client runs on nodes associates with the corresponding incident. `cookbook` is the default value as the number of nodes exceeds the number of cookbooks. The short description of the incident indicates the failed cookbook: -![CCR Failed Cookbook Description](/images/automate/SNOW_Failed_Cookbook.png) +![ServiceNow incident showing a failed Chef Infra Client run for a cookbook with short description and error details.](/images/automate/SNOW_Failed_Cookbook.png) The **Chef Infra Client runs** tab of the incident displays the associated client runs. Setting the value to `node` creates an incident for each failed node. All failing Chef Infra Client runs for a node associates with the corresponding incident. The short description of the incident indicates the failed node. -![CCR Failed Node Description](/images/automate/SNOW_Failed_Node_CCR.png) +![ServiceNow incident activity and related records showing client run failure details for a node-associated incident.](/images/automate/SNOW_Failed_Node_CCR.png) `x_chef_incident.scan_association` @@ -340,11 +340,11 @@ The **Chef Infra Client runs** tab of the incident displays the associated clien Setting the value to `profile` creates an incident for the failed Chef InSpec compliance profile. All Chef InSpec scans on failing nodes associates with the corresponding incident. `profile` is the default value as the number of nodes exceeds the number of profiles. The short description of the incident indicates the failed profile. -![Scan Failed Profile Description](/images/automate/SNOW_Failed_Profile_Scan.png) +![Chef InSpec scan record in ServiceNow showing a compliance failure entry linked to an incident.](/images/automate/SNOW_Failed_Profile_Scan.png) The **Chef InSpec scans** tab of the incident displays the associated Chef InSpec scans. Setting the value to `node` creates an incident for each failed node. All Chef InSpec scans failing for a node associates with the corresponding incident. The short description of the incident indicates the failed node. -![Scan Failed Node Description](/images/automate/SNOW_Failed_Node_Scan.png) +![ServiceNow incident showing InSpec scan-related activity and a table of associated failed scan records by node.](/images/automate/SNOW_Failed_Node_Scan.png) `x_chef_incident.assigned_to` @@ -429,7 +429,7 @@ TODO: [Chef Events Client Runs page] data not available The **Chef Infra Client Run Alerts** tab of the alerts displays the associated client run events. Setting the value to `node` creates an event for each failed node. All failing Chef Infra client runs for a node associated with the corresponding event. The message key description of the event provides information about the run failure for a node. -![Chef Events Client Run Alerts page](/images/automate/sn_event_clientrun_alerts.png) +![ServiceNow alert detail page for a Chef Infra Client run event with source, severity, state, and failure description.](/images/automate/sn_event_clientrun_alerts.png) `x_chef_event.inspec_scan_message_key` @@ -437,14 +437,14 @@ The **Chef Infra Client Run Alerts** tab of the alerts displays the associated c Set the value to `profile` to create an event for the failed chef InSpec compliance profile with a message value. This associate all failing Chef InSpec compliance scans with the corresponding alerts. `profile` is the default value because the number of cookbooks is independent of the number of nodes in any system. The message key description of the event provides information about the failure. -![Chef Events InSpec Scans page](/images/automate/sn_event_inspecscans.png) +![ServiceNow Chef InSpec scans list showing failure URLs, timestamps, failed profiles, and node names.](/images/automate/sn_event_inspecscans.png) The **Chef InSpec Scan Alerts** tab of the event displays the associated Chef InSpec scans. Setting the value to `node` creates an event for each failed node. All failing Chef InSpec scans for a node associated with the corresponding event. The message key description of the event indicates the failed node. -![Chef Events InSpec Scan Alerts page](/images/automate/sn_event_inspecscans_alerts.png) +![ServiceNow alert detail page for a Chef InSpec scan event with source, severity, state, and failure description.](/images/automate/sn_event_inspecscans_alerts.png) `x_chef_events.logging.enabled` : Set to `Yes` to enable logging and `No` to disable it. Once enabled, authorized users can view the logs at **Chef Events** > **Logs** and **System logs** > **Application logs**. Default: `No`. -![Chef Events Properties page](/images/automate/sn_event_app_properties.png) --> +![Chef Event Properties page with message key settings for Client Run and InSpec Scan and an option to enable logging.](/images/automate/sn_event_app_properties.png) --> diff --git a/content/automate/teams.md b/content/automate/teams.md index 42b89d669..ac7134634 100644 --- a/content/automate/teams.md +++ b/content/automate/teams.md @@ -28,7 +28,7 @@ Chef Automate comes with an _Admins_ team by default. Local users can be added d Navigate to _Teams_ in the **Settings** tab. Select the **Create Team** button, which opens a dialog box to enter the team's _Name_ and optionally assign the team to one or more _Projects_. A team ID automatically generates upon creation. If you would like to change the team ID, use the **Edit ID** button. -![Create Local Team](/images/automate/admin-tab-teams-list.png) +![Chef Automate Settings Teams page showing Create Team button with a teams table listing admins, editors, Example Team, and viewers with their IDs and assigned projects.](/images/automate/admin-tab-teams-list.png) ### Adding Local Users to Teams diff --git a/content/automate/upgrade_san_certificates.md b/content/automate/upgrade_san_certificates.md index fbe4c8b53..95e094e9e 100644 --- a/content/automate/upgrade_san_certificates.md +++ b/content/automate/upgrade_san_certificates.md @@ -33,9 +33,9 @@ Update non-SAN Certificates involves: ``` 1. If your setup has non-SAN certificates, the above script returns the list of non-SAN certificates as a response, as shown below. - ![invalid_san_certificates](/images/automate/invalid_san_certificates.png) + ![Certificate validation script output showing invalid SAN certificates with certificate paths like /hab/svc/deployment-service/config/certs/custom_certs.pem listed as non-SAN certificates.](/images/automate/invalid_san_certificates.png) 1. If the script doesn't return any values as invalid certificates, as below, your setup has valid internal certificates. - ![valid_san_certificates](/images/automate/valid_san_certificates.png) + ![Certificate validation script output showing no results for invalid SAN certificates, confirming all certificates have proper SAN extensions.](/images/automate/valid_san_certificates.png) 1. If you have non-SAN certificates, run the command ```sh diff --git a/content/automate/users.md b/content/automate/users.md index 287b84279..fa92c2eba 100644 --- a/content/automate/users.md +++ b/content/automate/users.md @@ -27,7 +27,7 @@ Permission for the `iam:users` action is required to interact with users other t Navigate to _Users_ in the **Settings** tab. Select the **Create User** button, which opens a dialog box for entering the user's _display name_, and _password_. A username automatically generates upon creation. If you would like to change the username, use the **Edit Username** button. -![Add Local User](/images/automate/admin-tab-users-list.png) +![Chef Automate Settings Users page showing Create User button with a users table listing Editor User, Example User, Local Administrator, and Viewer User with their display names and usernames.](/images/automate/admin-tab-users-list.png) Please attach the policy to the new users before their first login, and refer to it [Attached policies]({{< relref "policies.md#adding-members-to-policies" >}}).