Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
4
Replies

Does Cisco DNA/Catalyst have the ability to check configuration

Go to solution
desmond.cassidy
Level 1
Level 1

‎05-02-2024 08:41 AM

Regarding vulnerabilities raised in cisco alerts - along with the version effected it also mention specific configurations attributes will also need to be set. As an example if the following configuration "ip http server" is present on one of our 400 cisco devices it will be class vulnerable. Will Cisco DNA/Catalyst have the ability to check for this configuration on our cisco devices. My manager quoted https://help.ubuntu.com/community/RANCID as an example of what he is looking for.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Preston Chilcote
Cisco Employee
Cisco Employee

‎05-02-2024 09:03 AM

The most automated way to help you going forward is to sign up for CX Cloud and integrate it with Catalyst Center. That will enhance your Security Advisory tool in Cat Center to include device configurations when it matches a published vulnerability.

You can also manually specify the regex to match against a device configuration to an advisory with the "Add Match Pattern" link in the Custom Match Pattern column of the Advisories tab of the Security Advisories tool.

Lastly, It sounds like your specific question is in relation to CVE-2023-20198.  For that specific vulnerability, the Catalyst Center engineering team created a special workflow under Tools->Network Reasoner that can check for vulnerable devices even without the above steps performed.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Preston Chilcote
Cisco Employee
Cisco Employee

‎05-02-2024 09:03 AM

The most automated way to help you going forward is to sign up for CX Cloud and integrate it with Catalyst Center. That will enhance your Security Advisory tool in Cat Center to include device configurations when it matches a published vulnerability.

You can also manually specify the regex to match against a device configuration to an advisory with the "Add Match Pattern" link in the Custom Match Pattern column of the Advisories tab of the Security Advisories tool.

Lastly, It sounds like your specific question is in relation to CVE-2023-20198.  For that specific vulnerability, the Catalyst Center engineering team created a special workflow under Tools->Network Reasoner that can check for vulnerable devices even without the above steps performed.

0 Helpful

Go to solution
desmond.cassidy
Level 1
Level 1

‎05-02-2024 09:06 AM

Very good of you for your quick reply Preston. Which path is the most efficient ?

 

0 Helpful

Go to solution
Preston Chilcote
Cisco Employee
Cisco Employee
In response to desmond.cassidy

‎05-02-2024 09:21 AM

@desmond.cassidy It depends on what you want to achieve.  Try both of the last two.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-02-2024 09:06 AM

You can do compliance check or run command runner to check that config on the device.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents