Cast of Characters Users / Developers

Infosec

Netops

"I'll get back to you next quarter"

"My bad... typo in a config"

"uhh, what webheads? which cache servers?"

"that is already open.. R/WFM"

Support dynamic queries against that data

Gather data about permitted and denied traffic

Commercial Tools

They support all of the devices we don’t have

They cannot combine policies - that makes the result incorrect

They don’t scale and a single query takes over 40 minutes

Good luck scripting them. API - objects in XML?

Compliance rules are frequently hard coded to things like PCI

We want to use vim