https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309791#M2840 <P>Hello,</P> <P><SPAN>Q: Does anyone have a workflow that doesn't include NLP / regex matching for CLI commands?</SPAN></P> <P>A: The data (not the API), just isn't presented in a manner that supports this. Unfortunately this is a manual task, unless there is a third party who is already doing this and sharing that data.</P> <P><SPAN>Q: Is there any development in the pipeline for the PSIRT OpenVuln API, to include this data?</SPAN></P> <P><SPAN>A: Cisco use to publish OVAL definitions to accompany the advisories. But that stopped a very long time ago.</SPAN></P> <P><SPAN>Most of Cisco tools; leverage the API to populate a stored backed database; and that database is then augmented with data from other sources; such as PID mappings to Network Operating System; vulnerable configurations (manually entered and normally is based on NLP/Regex); mitigations/workarounds etc.</SPAN></P> <P>Feel free to reach out to <A href="mailto:psirt@cisco.com" target="_blank">psirt@cisco.com</A>&nbsp;if you have ideas that you would like to have implemented. &nbsp;</P> <P>Thanks.</P> Tue, 15 Jul 2025 23:59:34 GMT PR Oxman 2025-07-15T23:59:34Z https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309484#M2837 <P>I am working on streamlining and automating vulnerability management.<BR />High-level scenario:<BR />- Third party software scans network appliances, matching IOS with CVEs and generating excel-based reports.<BR />- These reports are manually triaged to determine which CVEs are applicable based on whether the configuration is in use.<BR />- Priority is defined based on the presence of the CVE commands (and other factors).</P><P>I'm looking at using the PSIRT OpenVuln API to automate the process of matching CVE to device configuration.&nbsp;The problem I have is that there is no structured data in the following endpoint response:<BR /><A href="https://developer.cisco.com/docs/psirt/cvecve_id/" target="_blank" rel="noopener">https://developer.cisco.com/docs/psirt/cvecve_id/</A></P><P>Questions:<BR />Does anyone have a workflow that doesn't include NLP / regex matching for CLI commands?<BR />Is there any development in the pipeline for the PSIRT OpenVuln API, to include this data?</P> Tue, 15 Jul 2025 09:32:50 GMT https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309484#M2837 vmMikelvm 2025-07-15T09:32:50Z https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309489#M2838 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/358128">@PR Oxman</a>&nbsp;might know this one <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 15 Jul 2025 09:52:34 GMT https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309489#M2838 bigevilbeard 2025-07-15T09:52:34Z https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309490#M2839 <P>The content of the advisories unfortunately vary widely. They often don't include specific configurations to determine whether you're vulnerable to the vulnerability - some times there are workarounds listed, some times they include indications of compromise, some product families refer to the software checker to determine vulnerability while others don't.</P> <P>I have had most success with implementing automated checks per product family to be able to better prioritise, but it still requires manual triage for most issues.</P> Tue, 15 Jul 2025 10:06:33 GMT https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309490#M2839 Torbjørn 2025-07-15T10:06:33Z https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309791#M2840 <P>Hello,</P> <P><SPAN>Q: Does anyone have a workflow that doesn't include NLP / regex matching for CLI commands?</SPAN></P> <P>A: The data (not the API), just isn't presented in a manner that supports this. Unfortunately this is a manual task, unless there is a third party who is already doing this and sharing that data.</P> <P><SPAN>Q: Is there any development in the pipeline for the PSIRT OpenVuln API, to include this data?</SPAN></P> <P><SPAN>A: Cisco use to publish OVAL definitions to accompany the advisories. But that stopped a very long time ago.</SPAN></P> <P><SPAN>Most of Cisco tools; leverage the API to populate a stored backed database; and that database is then augmented with data from other sources; such as PID mappings to Network Operating System; vulnerable configurations (manually entered and normally is based on NLP/Regex); mitigations/workarounds etc.</SPAN></P> <P>Feel free to reach out to <A href="mailto:psirt@cisco.com" target="_blank">psirt@cisco.com</A>&nbsp;if you have ideas that you would like to have implemented. &nbsp;</P> <P>Thanks.</P> Tue, 15 Jul 2025 23:59:34 GMT https://community.cisco.com/t5/devnet-general-discussions/psirt-structured-response-cli-commands/m-p/5309791#M2840 PR Oxman 2025-07-15T23:59:34Z