The Hardware and Software Compliance Checker is a powerful script designed to ensure all network devices are authorized and operating on approved OS versions. By providing a detailed view of the network inventory, this query identifies devices that either lack approval to be on the network or are running outdated or incorrect software. With its comprehensive approach, this NQE empowers network administrators to maintain compliance, enhance security, and streamline operational workflows.

Benefits of Using the Hardware and Software Compliance Checker:

• Enhanced Compliance: Ensures all devices on the network are authorized and running approved OS versions.
• Improved Efficiency: Automates the identification of non-compliant devices, saving time and reducing manual effort.
• Proactive Security: Helps prevent vulnerabilities by identifying and addressing outdated or unauthorized devices.

How it Works

This NQE operates by iterating through the network inventory and comparing each device against predefined criteria, such as approved hardware models and OS versions. It identifies non-compliant devices and categorizes them as either unapproved hardware or hardware requiring OS updates. The query outputs a detailed list that network administrators can use to prioritize tasks, such as replacing unapproved devices or scheduling OS upgrades. Additionally, it integrates with external data sources like GitHub, CSV, or JSON files, enabling a single source of truth that simplifies management and ensures accuracy.

Taking the Query to the Next Level

To maximize the value of this NQE, organizations can integrate it with automation tools to create a seamless workflow. For instance, the query's output can automatically generate service tickets in platforms like ServiceNow, detailing the required updates or replacements and assigning them to the appropriate teams. Advanced users could also develop automation to schedule OS upgrades during predefined change windows, further reducing manual effort. By combining this NQE with dashboards and reporting tools, stakeholders gain real-time visibility into network compliance, making it easier to track progress and identify trends over time.

NQE Script

/**
 * @intent Ensure devices are approved for the network and have the correct OS or IOS
 * @description Interates over network devices with dictionary of correct information
 */
d1 = { model: "*2960-cx*", ver: "*15.2E*"};
d2 = { model: "PA-820,", ver: "*4.15.0F*"};
d3 = { model: "*vax*", ver: "*19.1R3*"};
d4 = { model: "*ASAv*", ver: "*9.19*"};
d5 = { model: "*PA-VM*", ver: "*10.0.9*"};
d6 = { model: "*ESXi*", ver: "6.50*"};
d7 = {model: "BIG-IP Virtual Edition", ver: "11.6.1"};
aH = { approved_models: md1, d2, d3, d4, d5, d6, d7] };
isApproved(device) =
    foreach approved_model in aH.approved_models
    where matches(device.platform.model, approved_model.model)
    select device;
isOS(ios) =
    foreach approved_os in aH.approved_models
    where matches(ios.platform.osVersion, approved_os.ver)
    select ios;
foreach device in network.devices
let platform = device.platform
where isPresent(platform.model)
let result = isApproved(device)
let result2 = isOS(device)
select {
  Device: device.name,
  Model_Violation: length(result) < 1,
  vendor: platform.vendor,
  Model: platform.model,
  OS_Violation: length(result2) < 1,
  OS: platform.osVersion
  }