Ok, I thought it could, but I just definitely confirmed it for you.
By default it doesn't search on MAC addresses, but there is a down arrow in the search box that if you click on it gives you the option of what fields to search on.
I was able to confirm that it does this by going into the database and looking up where it stores the historical IP info and doing a count on the EndpointID to find multiple occurrences of the same MAC Address, picked one that had a lot, figured out what MAC it was and do a search on that. Have a few months history on it over different IP's and such. One note, in the DB the MAC address is stored as just letters/numbers, no dashes or anything. When searching I had to do it in 58-94-6B-32-66-F0, so it is a bit picky on search format.
That being said, don't be surprised if you get duplicate MAC addresses in your organization. It's not common, but it is definitely possible.
I got a kick out of watching a show last night, I believe "The Followers", where they wanted to find where a particular laptop was and they brought up that they have the BIA of the laptop. I think they referred to is as the "Built-In Address" rather than the more commonly known "Burned-In Address" that I'm sure most of us refer to it as. They were hoping to find this super-hacker would could do all kinds of magic real-time and they were acting like this BIA was easily trackable and unique to each system and that you could track it down like a cell phone. If the guy was as good a hacker as he was made out to be, changing the BIA is quite simple and I'm sure he would have done it. Not to mention that the BIA is a L2 concept and not readily searchable on a worldwide basis either. But, I'm sure there is all kinds of non-networking folks all paranoid about their BIA's being traceable now as a result of that show!! :-)
Thanks Craig, very good to know this product has the capability. I will give the trial version a try now, but it's incredibly helpful to have someone with historical data confirm this.
I didn't understand the database pieces you mention, I assume you connected directly to it to interrogate the tables. Just to confirm, you didn't have to do anything special other than search the BIA in a format with dashes, correct?
Search will work fine for just providing the BIA in a format with dashes.