Here is a pretty simple rule for checking all interfaces. Its a great feature but is only useful for auditing because you cannot remediate anything. This example just audits interfaces for the proper description prefix that we use in my network to classify the interface. The last statement in here is that the interface is looking for "shutdown" so if its not classified it should be turned off. I have other rules that ensure the interface is configured correctly based on the description prefix. I would love to have the ability to remediate a block violation.
