Like to ask if there is a way to design a logic that that it can flag out "additional" configurations that is not defined in a set of compliance rules/policies that we have set?
Because of the vast amounts and combinations of cli commands (i.e. Cisco) on global/interface levels, i presume we cannot define all the possible set of rules to intentionally sieve out the "excess" configurations that we do not want, but yet it was accidentally configured by an engineer.
Any recommendations? Thanks.