Hello Everyone.
I downloaded the Solarwinds NIST compliance reports for Cisco network routers and switches and have been going through them and modifying where I need to to comply with our environment. One of the rules is called NIST - Service - Interface Shutdown. It has an alert for the following RegEx string not found:
interface (.*)\b.*\b\s*(.*) .*\n(.*\n)*.*description (.*)\b.*\b\s*(.*).*\n(.*\n)*.*shutdown
This is my first time diving into regex and I have been trying to read documentation and use the online regex101.com tool but I can't seem to get a good regex string to capture ports that are not used and check if they are shutdown or not. I think the trouble is also trying to figure out the best way to search for this info in the routers and switches.
1. I'd like to know what does this pre-configured regex string doing? - interface (.*)\b.*\b\s*(.*) .*\n(.*\n)*.*description (.*)\b.*\b\s*(.*).*\n(.*\n)*.*shutdown
2. Do you have any better suggestions to accomplish this or can anyone share if they have ever got something like this working?
3. Are there any other tools you suggest to build regex strings?
