I hope everyone had a relaxing holiday and New Year!
Now that we are getting back into the swing of things, do you suspect there are rogue devices in your network, but you have no easy way to find them? I remembered what I had to do back in the day to find rogue devices, and needless to say, it was not easy to find them. Could Forward Networks help Mike find these rogue devices? I had the same question, and I enlisted the help of our resident NQE expert, Jack Shen, to see if we could identify and locate where these unwanted devices are easily.
Code example used in the demo
The NQE query that was used in the video to find if there were any Huawei devices in their network is below.
foreach device in network.devices
foreach host in device.hosts
where isPresent(host.macAddress)
let assigneeName = ouiAssignee(host.macAddress)
where isPresent(assigneeName)
let vendor = toUpperCase(assigneeName)
select {
violation: matches(vendor, "HUAWEI*"),
deviceName: device.name,
deviceInterfaces: host.interfaces,
addresses: host.addresses,
macAddress: toString(host.macAddress)
}The violation for this query can easily be modified for any rogue device vendor you want to search for.
Did you run this query in your network? Did you find anything that shouldn't be there? In the comments below, let us know how you altered the script to find what you were looking for!
