Skip to main content

This NQE will validate that only the SSID’s in allowedSSID’s can be used, if it does not exists in the list it will fail the query.

Taking advice from an earlier post I have used blockMatches this time, there is some tuning required to remove the duplicates as a result of the table have the entry for each 

/**
 * @intent Validate that the arista AP's have only the approved SSID's configured
 * @description This will check each arista AP for the approved SSIDs and violate when ther SSID does not match 
 * the allowedSSID list.
 * 
 * You will get multiple entries due to the VAPS list having an entry for each frequency.  This will be a future 
 * fix to show only once when the unauthoirised SSID exists
 */
pattern = 
```
VAP-ID : {VAPId:string}                ESSID          : {SSID:string}
```;
// Replace the SSID's with your own.
allowedSSID = I"ssid1","ssid2","ssid3"];
foreach endpoint in network.endpoints
where endpoint.profileName == "Arista Wireless AP's"
foreach command in endpoint.cliCommandResponses
where command.command == "show vaps"

let parsed = parseConfigBlocks(OS.UNKNOWN,command.response)
let matches = blockMatches(parsed,pattern)
foreach match in matches
where match.data.SSID not in allowedSSID
let Unauthorised = match.data.SSID

select {
    violation: length(Unauthorised) > 0,
    name: endpoint.name,
    location: endpoint.locationName,
    UnauthorisedSSID: Unauthorised
    }

 

Be the first to reply!

Reply


Badge winners

  • Community Champ Award
    CarlBhas earned the badge Community Champ Award
  • Community Champ Award
    Christopherhas earned the badge Community Champ Award
  • NQE Collaborator
    Rohit_809 Kumarhas earned the badge NQE Collaborator
  • Community Champ Award
    Vladi Bhas earned the badge Community Champ Award
  • Community Champ Award
    dakotagloryhas earned the badge Community Champ Award
Show all badges
Terms of UseCookie settings