cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
223
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

Use OpenVulnQueryClient to query for advisory given CDET/defect ID

Hello All,

When navigating to Security Advisory page, I'm able to go to Vulnerabilities tab and perform a quick search.  When using a CDET ID, i see that a request is being sent with parameter "keyword=CSCun25241"

Request method:GET

 

In hopes of mimicking this behavior via python script, I've been reviewing PSIRT API documentation:

I dont see any function call that suggest I can query advisories using same quick-search functionality.  I'm writing to see if anyone else has had success being able to query PSIRT API like this...more specifically is it possible to query for Security Advisories given CDET ID or list of CDET Ids ?

2 REPLIES 2
Highlighted
Beginner

Re: Use OpenVulnQueryClient to query for advisory given CDET/defect ID

Hi Jorgrive,

 

I agree with you that there doesn't seem to be a "quick search" feature within the API Reference Material. After looking into the API Reference some more there does appear to be the "Querying by Advisory ID" URL which looks to be the closest thing.

 

One question I have is what sort of result are you wanting to achieve by a quick search feature? In the past when I haven't had the luxury of a well written API I've ended up having to pull data from different API calls and sort of stitch them together to achieve a data sample that I couldn't call only using 1 URL.

 

 

Highlighted
Cisco Employee

Re: Use OpenVulnQueryClient to query for advisory given CDET/defect ID

I'm currently writing an automation script to detect customer impacted by PSIRT defects (CDETS-side).  Once I identify the defect, which contains references to 1 or more CVEs, then I'd like to query the PSIRT-API to find the corresponding security advisory.  This would allow me to easily map a PSIRT-cdet to it's proper security advisory.

 

As it stands now, it appears that I'll have to instead parse out any CVEs listed within the CDET release-notes and then query the API by CVE. However, this method requires more work because

  • some CVEs in release-note list are not mapped to any security advisory
  • CVEs in release-note list might map to different security advisories

In the case a CVE from release-note list doesnt map to any security advisory, this isnt too big a deal in that, so far I've found that there is always at least 1 security advisory that is found, which is good thing,

In the event that multiple security advisories are found, I would then have to review all the defects associated with returned security advisory so I can make sure the advisory contains the defect ID to which I was trying to map a security advisory.

 

For example

As you can see, searching by CVEs from release-notes isn't as clean as doing an advanced-search or quick-search using defect-ID.  My goal was to be able to directly find the correct security advisory with one simple query.  Without it, I'll have to take this more circular approach.

 

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here