Skip to main content
Question

OS Support NQE (Forward Library)

  • June 11, 2025
  • 3 replies
  • 66 views
G
Spotter
Forum|alt.badge.img+2

After some digging and working with other FN personnel, it appears that the above mentioned NQE is missing all 17.12, and all 03. IOS versions in the data model for the OS Support NQE report.  This was determined first by modifying an NQE to run a check against the OS Support and return violations for those IOS that are no longer supported, which would come back as failed.  Good IOS would report as pass.  However, the above mentioned IOSs all returned a value of “Indeterminate”.  Which then made us look at the OS Support NQE itself and the devices associated with the above/below IOS versions are not listed on the report, but they are in the regular inventory.

 

Known Affected IOS (from our known devices):

03.01.01

03.07.04E

03.11.03a

03.11.05

03.11.08

17.12.03

17.12.04

17.12.04a

17.12.04b

    3 replies

    Tyson Henrie
    Employee
    Forum|alt.badge.img+2
    • Tyson Henrie
    • Employee
    • 75 replies
    • June 11, 2025

    @gbaron That is intended by the language of the query.  Apparently we don’t have the info for those OSs.  Whether they don’t exist yet, or we don’t have it.  This is filtered out by the line

        where isPresent(osSupport)

    If there is not data, we filter it out.  

    I guess you are saying that you don’t want these filtered out.  We would just show “null” or “no value” for these entries….?

    Tyson Henrie
    Employee
    Forum|alt.badge.img+2
    • Tyson Henrie
    • Employee
    • 75 replies
    • June 11, 2025

    In the short term you can try this version of the NQE query where I added if statements.

     

    foreach device in network.devices
    let platform = device.platform
    let osSupport = platform.osSupport
    select {
      Device: device.name,
      Vendor: platform.vendor,
      Model: platform.model,
      OS: platform.os,
      "OS Version": platform.osVersion,
      "End of OS maintenance": if isPresent(osSupport) then osSupport.lastMaintenanceDate else null: Date,
      "End of OS vulnerability": if isPresent(osSupport) then osSupport.lastVulnerabilityDate else null: Date,
      "End of OS support": if isPresent(osSupport) then osSupport.lastSupportDate else null: Date,
      URL: osSupport?.announcementUrl,
      Location: device.locationName,
      Tags: device.tagNames,
      "Collection IP": device.snapshotInfo.collectionIp,
      "Management IP(s)": platform.managementIps,
      Type: platform.deviceType
    }

     

    G
    Spotter
    Forum|alt.badge.img+2
    • gbaronSpotter
    • Author
    • Spotter
    • 24 replies
    • June 12, 2025

    What I mean is that they are valid IOSs that should be listed.  Roger opened a ticket about this as well.  Appreciate the short term fix, but it doesnt help any as we are cross-referencing the output of the EOS data in that NQE to populate a STIG NQE, that requires parameters to run, in an effort to show devices passing or failing for an upcoming audit.  So in reality, it doesnt work because the lack of EOS dates/data doesnt allow for a true pass/fail, which leaves us where we are with the Indeterminate outcome.


    Badge winners

    • Quest Challenge - October '25
      Mrkumarhas earned the badge Quest Challenge - October '25
    • Quest Challenge - October '25
      thelink117has earned the badge Quest Challenge - October '25
    • Quest Challenge - September '25
      SteveBamfordhas earned the badge Quest Challenge - September '25
    • Quest Challenge - September '25
      strattnerhas earned the badge Quest Challenge - September '25
    • Community Contributor
      cariddirhas earned the badge Community Contributor
    Show all badges
    Terms of UseCookie settingsAccessibility statement