10-03-2019 03:46 PM
Hi all,
I ran the access thing into the ground with support earlier. Essentially you need a Partner contract and they're looking into it.
I recommend you reach out to psirt@cisco.com with questions but you'll have to push past their first responses to check the docs.
I'm very much looking forward to hearing back from them.
The entire conversation is below.
James: As I said in another email I just sent, I've contacted both of our PoC for the OpenVuln API. One of them is OOF until Wednesday next week. The other one is traveling with limited access to email. So I'll relay their answer to you once I have it myself. There is a page on cisco.com on how to become a Cisco partner. To be honest, we here at PSIRT are in the support side of the house, so I don't know myself what the steps would be. I would at this time recommend for you to wait to hear from us before going down that path. Thanks, Dario On 10/3/19, 6:22 PM, "James M" <james@email.com.com> wrote: Dario, Again appreciate the help. How will I hear back about this regarding the other contracts? In the mean time also, who do I talk to about getting a partner service contract? James M Software Engineer Security On 10/3/19, 3:20 PM, "James M" <james@email.com.com> wrote: Thanks for helping me and Scott out with this Dario. Just for some other points of clarification, the instructions in the 'Getting Started Page' are inadequate. See what I was going to send Scott below: Following the docs - it tells you to create a new application. I did. It then says create an application and register the API with it. I don’t see the PSIRT openvuln api though. I then clicked on FAQ and looked at the question – ‘What if I don’t see my API?’ It tells me to look in the myAPIs tab – but I also don’t see it there! Appreciate the help and I’m looking forward to getting this solved. Here’s the list of APIs I do see: Select APIs ADAP API AIRA Search API Alerts 2.0 bci-aci bci-alerts bci-collab bci-common bci-compliance bci-config bci-cp-api bci-ctac bci-custom-config bci-fp bci-inventory bci-software bci-syslog Business Verification API CCW Config - POE CCWR Quote API CCWR Quote API - POE CEEM API Cisco Carlsbad IT Dev Cisco Carlsbad IT QA Cisco Carlsbad IT Stage CiscoITMeraki API Cisco on Demand API - CSWORD Cisco On Demand CHIDS API Cisco On Demand CSWDMS POE API CoDE API Collections 2.0 Conformance 2.0 Contracts 2.0 Copy of SBP Service Orchestration API - POE csapi Inventory POE API CSW PAK Lookup Api Cust-PortalPlatform-POE Customer 2.0 Customer Success Central API - POE DAAS API Datafoundation Datafoundation-POE DCL DS API DCL DS API - Internal DCL DS API - Internal - POE DCL DS API - POE DCP Services DF Intransit API - POE Doc Central Webservices API DocCentral Webservices API - POE DocExchange Caching API DocExchange Webservices API DS Services Edna ChatBot API emsAPI Entitlement Base - Wrapper services Entitlement Base - Wrapper services - POE ePortal Scorecard Hello API HelloCommerce API HMP API IMR GATEWAY API Inventory 2.0 Iron Bank API LCA LCA POE NGI API orgstats API PAL Services POE Pdaf TPS case update platform-api platform-api - POE platform-apps-api platform-apps-api - POE PROTOBUILDDATA SBP Service Orchestration API - POE SBP Service Orchestration API - PROD SBP Service Orchestration APIs SBP SUML SBP SUML API - POE SearchIHN STO Dashboard STO Policy Exception Portal swc cloud api SWC Cloud Public API swc personalization api UOV Report API UpdateProvisionStatus API - POE PE WPR API WPR API - POE Zoom Chat API James M Software Engineer Security On 10/3/19, 3:18 PM, "Dario XXne (dXX)" <dXX@cisco.com> wrote: Scott, requesting access to the PSIRT openVuln API is not available while logging-in using a guest/no contract account anymore. I've followed up with our two regular contacts to understand the changes. Thanks, Dario On 10/3/19, 6:05 PM, "Scott xxr (scxx)" <scxx@cisco.com> wrote: James; You should only need a CCO account to gain access to the API console. You should be able to create a CCO account here: https://idreg.cloudapps.cisco.com/idreg/guestRegistration.do Thanks, Scott On Oct 3, 2019, at 17:58, James M <james@email.com.com> wrote: Scott, I've reviewed them all, attempted to make it, called 4 people and been redirected each time. I was hoping that the PSIRT team would be able to tell me the requirements for accessing the PSIRT OpenVuln API. Do you know the requirements to gain access and who I should talk to within Cisco get those? Thanks, James M Software Engineer Security On 10/3/19, 2:50 PM, "Scott xxr (scxx)" <scxx@cisco.com> wrote: James; Have you reviewed out DevNet resources? https://developer.cisco.com/docs/psirt/#!overview/overview I believe you can get an account there, and make use of the API. If there is a cost/contract involved, you would need to speak to a Cisco account team to work through that requirement. Your customer’s team should be able to assist. Thanks, Scott On Oct 3, 2019, at 17:39, James M <james@email.com.com> wrote: Hi PSIRT, My long road of trying to access the PSIRT OpenVuln API has led me to you guys. My main questions are below but there is more info in the thread if you should need it. 1. How do I get access to the PSIRT OpenVuln API? 2. Assuming it’s a Partner Service Contract, how do I get one of those and how much does it cost? Any advice or info is appreciated. James M Software Engineer Security On 10/3/19, 2:36 PM, "Cisco Technical Support" <tac@cisco.com> wrote: Hi James, Good day! Kindly reach out to the PSIRT team as this is out of our scope. Contact PSIRT: <psirt@cisco.com> https://developer.cisco.com/site/support/ https://developer.cisco.com/site/contactus/ Thank you for understanding Kind Regards, Elieza Global Customer Experience Centers --------------- Original Message --------------- From: James M [james@email.com.com] Sent: 10/4/2019 4:56 AM To: tac@cisco.com Subject: Re: Vulnerability Monitoring Hi Gerardo, Not sure we're on the same page - my primary goal is to access the PSIRT OpenVuln API<https://developer.cisco.com/psirt/>. I am open to other suggestions that you guys may have for the situation I detailed below. 1. How do I get access to the PSIRT OpenVuln API? 2. Assuming it’s a Partner Service Contract, how do I get one of those and how much does it cost? If you think this is something that requires an engineer, by all means, lets go that route. Any help appreciated . Thanks for the help, James M Software Engineer Security ?On 10/3/19, 1:20 PM, "Cisco Technical Support" <tac@cisco.com> wrote: Dear James, Thank you for contacting Cisco. Please be informed, that we are Customer Interaction Network team - we don't have technical background and are unable to answer your question. However, we could open a case based on key information and direct you to an engineer. Technical engineer will help you out then. Kindly provide me the Cisco user id, the URL for vulnerabilities and Serial number. Looking forward to your reply, Regards, Gerardo III Global Customer Experience Centers Is your Company set up for Smart Accounts, and Smart Licensing? Watch this 2 minute video at https://www.youtube.com/watch?v=52lAQaOFX5Q and discover why a Smart Account is important for your business. --------------- Original Message --------------- From: James M [james@email.com.com] Sent: 10/4/2019 3:24 AM To: tac@cisco.com Subject: Vulnerability Monitoring Hello, I’m working with a client who has a large number of Cisco switches, routers etc. that are all over the world with intermittent or no connectivity to the global internet. We are looking to set up a system that notifies us of vulnerabilities within these products regularly. I just spoke to someone on the phone who recommended I shoot you guys an email. My initial thought is that I would like to access the PSIRT OpenVuln API and set up the queries against an inventory of software/hardware that we maintain, but I am open to other ideas as well. Please let me know your recommendations on how this might best be done and feel free to give me a call. Appreciate the help, James M Software Engineer Security
10-04-2019 12:53 AM
"...become a Cisco partner" ??! Seems like an insane requirement to gain access to an API which was free for all to use for quite some time!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide