Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
171
Views
5
Helpful
3
Replies

PSIRT - Structured Response - CLI Commands

Go to solution
vmMikelvm
Community Member

‎07-15-2025 02:32 AM

I am working on streamlining and automating vulnerability management.
High-level scenario:
- Third party software scans network appliances, matching IOS with CVEs and generating excel-based reports.
- These reports are manually triaged to determine which CVEs are applicable based on whether the configuration is in use.
- Priority is defined based on the presence of the CVE commands (and other factors).

I'm looking at using the PSIRT OpenVuln API to automate the process of matching CVE to device configuration. The problem I have is that there is no structured data in the following endpoint response:
https://developer.cisco.com/docs/psirt/cvecve_id/

Questions:
Does anyone have a workflow that doesn't include NLP / regex matching for CLI commands?
Is there any development in the pipeline for the PSIRT OpenVuln API, to include this data?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PR Oxman
Cisco Employee
Cisco Employee

‎07-15-2025 04:59 PM

Hello,

Q: Does anyone have a workflow that doesn't include NLP / regex matching for CLI commands?

A: The data (not the API), just isn't presented in a manner that supports this. Unfortunately this is a manual task, unless there is a third party who is already doing this and sharing that data.

Q: Is there any development in the pipeline for the PSIRT OpenVuln API, to include this data?

A: Cisco use to publish OVAL definitions to accompany the advisories. But that stopped a very long time ago.

Most of Cisco tools; leverage the API to populate a stored backed database; and that database is then augmented with data from other sources; such as PID mappings to Network Operating System; vulnerable configurations (manually entered and normally is based on NLP/Regex); mitigations/workarounds etc.

Feel free to reach out to psirt@cisco.com if you have ideas that you would like to have implemented.  

Thanks.

View solution in original post

3 Replies 3

Go to solution
bigevilbeard
VIP
VIP

‎07-15-2025 02:52 AM

@PR Oxman might know this one

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Go to solution
Torbjørn
VIP
VIP

‎07-15-2025 02:53 AM - edited ‎07-15-2025 03:06 AM

The content of the advisories unfortunately vary widely. They often don't include specific configurations to determine whether you're vulnerable to the vulnerability - some times there are workarounds listed, some times they include indications of compromise, some product families refer to the software checker to determine vulnerability while others don't.

I have had most success with implementing automated checks per product family to be able to better prioritise, but it still requires manual triage for most issues.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Go to solution
PR Oxman
Cisco Employee
Cisco Employee

‎07-15-2025 04:59 PM

Hello,

Q: Does anyone have a workflow that doesn't include NLP / regex matching for CLI commands?

A: The data (not the API), just isn't presented in a manner that supports this. Unfortunately this is a manual task, unless there is a third party who is already doing this and sharing that data.

Q: Is there any development in the pipeline for the PSIRT OpenVuln API, to include this data?

A: Cisco use to publish OVAL definitions to accompany the advisories. But that stopped a very long time ago.

Most of Cisco tools; leverage the API to populate a stored backed database; and that database is then augmented with data from other sources; such as PID mappings to Network Operating System; vulnerable configurations (manually entered and normally is based on NLP/Regex); mitigations/workarounds etc.

Feel free to reach out to psirt@cisco.com if you have ideas that you would like to have implemented.  

Thanks.

Customers Also Viewed These Support Documents