cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
749
Views
0
Helpful
1
Replies

Automating Security Assessments, and Concerns with PSIRT API

Hello! The company I work for has tasked me with checking the security advisories that Cisco publishes. This task seemed ripe for automation, especially since Cisco provides a restful API where you can access all of the advisories they publish. They advertise being able to return extremely useful and pertinent data such as vulnerable products, the CVSS score, and a written summary of the vulnerability. If you want to get more information such as the affected software releases, you must have a certain kind of account with Cisco, which luckily we have, to access the bug API.

 

The concept of this API is great. Ideally you could have an inventory that automatically compares the model and version number of live devices on your network against the advisories, and only notify you about the ones that actually apply to your devices. You could set policies on top of this, like only notify me if the CVSS score is a High or more, etc. 

The problem I am experiencing is that the data returned from the API is inaccurate, incomplete, and inconsistent. These things make this data untrustworthy, and forces me to manually read each and every advisory. The data returned often leaves out vulnerable products and version information. 

The natural next step is to forgo the API altogether and use web-scraping to pull the data. This is also not achievable because there is no consistent formatting between individual advisories, and they are often incomplete as well. Last month there were many advisories that came through without any vulnerable version listed, despite the vulnerability being about vulnerable software. 

Additionally, I have found other security-related APIs from Cisco, where you can pass in model numbers and it will return you the applicable advisories, but this is not available for all products that Cisco provides and we would potentially miss something important.

 

I have interfaced with my account team, but I have been told that the devnet team is experiencing growing pains, and the tooling is in its infancy (with the api being 7 years old...). 

 

So my question to the community is, have you found a way to automate the processing of these vulnerabilities? If so, how?

1 ACCEPTED SOLUTION

Accepted Solutions
bigevilbeard
Cisco Employee

Hello TimothyHarder00915

 

The API are managed by CX, not DevNet. APIs are managed by the SmartNet team here is a link to their community
https://community.cisco.com/t5/smart-net-total-care-portal-and/bd-p/4891-discussions-smart-net-total-care

 

Hope this helps and you are able to get the help/answer you need.

View solution in original post

1 REPLY 1
bigevilbeard
Cisco Employee

Hello TimothyHarder00915

 

The API are managed by CX, not DevNet. APIs are managed by the SmartNet team here is a link to their community
https://community.cisco.com/t5/smart-net-total-care-portal-and/bd-p/4891-discussions-smart-net-total-care

 

Hope this helps and you are able to get the help/answer you need.

View solution in original post