Hello,

I have some questions regarding the use of the OpenVuln API, I'm currently using both the version & product query function to extract security advisories, but have a number of gaps where my devices can't be queried. So I have the following quesitons:

1. Do you have a list of Cisco products that can be queried as a reference anywhere?

2. Can you query by product, and then by version of that product, e.g. I have a Device Name 'Cisco-UCS-B200-M2', which I've identified as product 'Cisco Unified Computing System', but this API call for product returns 100 vulnerabilities (I believe there are actually more and this result is capped due to pagination), is there a method of further querying using 'B200' or 'M2' ?

3. On the above point, some product queries return 100 vulnerabilities, I assume due to the fact that 100 is the maximum result per page? Is there a way of setting the pageIndex = 2 to return the rest of the vulnerabilities whilst querying by product?

4. Is there a limit on the age of software versions that can be queried? e.g. ASA-9.1(6) and ES-XI 5.1 - is there a way of querying these versions?

5. Do you have a convention for the naming of NX-OS devices? e.g. I think devices with 'Device Name' : 'MDS9148' and 'N9K-C9508' are NX-OS versions, but the 'version' entry I have for them is '6.2(9b)' and '7.0(3)l4(7)' which isn't in the format required to query, do you know whether again these are too old or if there's a different convention?

Sorry there are quite a few questions but any help is greatly appreciated!

Thanks,

Ashleigh :)