Cisco Community
English
Register
QUICK UPDATE - Part I of Security Restructure is finished and part II has started. Email and Web Notifications will still be off while content is relabeled - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel

Keeping Up to Date by Receiving Security Vulnerability Information from Cisco

3605
Views
15
Helpful
0
Comments
Omar Santos
Omar Santos Cisco Employee
‎01-19-2016 03:10 PM
edited on: ‎01-19-2016 ‎03:10 PM

Cisco’s Security Vulnerability Policy provides detailed information about the different ways that customers can receive security vulnerability disclosures from Cisco. These include:

  • Cisco’s Websitehttp://www.cisco.com/security and http://www.cisco.com/go/psirt
  • Email: Subscribe to cust-security-announce@cisco.com. To subscribe to this mailing list, send an email message to cust-security-announce-join@cisco.com. You must send messages from the account that will be subscribed to the list. We do not accept subscriptions for one account that are sent from a second account. Emails are only sent for critical and high severity vulnerabilities.
  • RSS Feeds: All Cisco security vulnerability information is also available via RSS feeds . These feeds are free and do not require an active Cisco.com registration. For information on how to subscribe to the RSS feeds, visit the Cisco Security RSS Feeds page.
  • Cisco Notification Service (CNS): Cisco Notification Service allows users to subscribe and receive important Cisco product and technology information. This service provides an improved unified subscription experience allowing users to choose the timing of notifications, as well as the notification delivery method (email message or RSS feed). Notifications are sent for critical and high severity vulnerabilities only.
  • Cisco PSIRT openVuln API: Technical users can take advantage of the Cisco PSIRT openVuln API to obtain vulnerability information and create custom notifications.

RSS Feeds In Detail


RSS stands for Rich Site Summary and is a technology to deliver regularly changing web content, for example it allow users to receive timely updates from websites, blogs, news and other content. I would like to provide additional examples on how customers can use open source tools to create notifications and take advantage of Cisco PSIRT RSS feeds.

The simplest way for customers to leverage Cisco RSS feeds on mobile devices is to use the Cisco Technical Support App (http://www.cisco.com/web/about/facts_info/apps/technicalsupport.html). After installing the app, Security Vulnerability Information and other Cisco RSS feeds are available under the Feeds menu off the home page. RSS is a popular format and is likely to be supported by applications you already have on your desktop system or laptop such as Microsoft Outlook. Other free solutions such as feedly  provide web based readers that can also be accessed from apps.

Below, I focus on how to configure a popular open source application on Apple MAC OS X called Feeds App. You can download the app via their website or access the source code in GitHub.

The app is pretty simple, it allows you to create desktop notifications when a new item is added to the RSS feed (in this case when a new security advisory is published or updated).

notifications.png

To add the Cisco Security Advisories RSS feed (http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml), navigate to Accounts and click on the plus sign to add a new RSS feed:

new feed 1.png

Select RSS/Atom under the Account type pulldown menu and enter the the Cisco Security Advisories RSS feed URL http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml

add feed.png

After you add the RSS feed URL the following screen is shown:

new feed 3.png

You can also customize the interval when the app refresh the feed (queries the RSS feed) under the Options tab.

refresh.png

The following is an example of the Cisco Security Advisory Notifications in the Feeds App. You can hover each advisory to obtain the summary of the vulnerability or click on the item to access the advisory.

rssfeed1.png

The following is an example of the notifications displayed at the moment new advisories are published. In this case, two advisories are displayed. If you click on the notification your default browser will display the advisory from cisco.com.

Screen Shot 2016-01-20 at 11.06.31 AM.png

You can also take advantage of web browser extensions such as RSS-Alert (which is an open source utility that can be obtain from GitHub) or Feeder Chrome Extension.

Cisco Technical Support Mobile App

You can use the Cisco Technical Support mobile app to open and manage your support cases and return materials authorization (RMAs), view your contract information and check product support coverage by serial number, research product information and troubleshoot issues. You can also subscribe to Cisco Security Advisories by leveraging the RSS feed, as demonstrated below.

You can download the Cisco Technical Support mobile app from Apple's App Store, from Google Play, or from Amazon's App Store. Once you install the app, navigate to Feeds, as shown below.

cisco techincal support mobile app 1.png

Select Cisco Security Advisories.

cisco techincal support mobile app 2.png

The Cisco Security Advisories are displayed and sorted by the last update date.

cisco techincal support mobile app 3.png

Click on any of the advisory titles to view the contents of the advisory.

cisco techincal support mobile app 4.png

Check out Cisco’s Security Vulnerability Policy for more detailed information about how to receive threat, vulnerability, and mitigation information, and the overall vulnerability management process. Cisco PSIRT will continue to adapt to enable our customers to assess and mitigate any risks in their networks quickly. Our mission is to do the right thing quickly, and to keep our customers protected.

Latest Contents
Keep getting Not Authorized using Cisco API
Created by jmashburn-LCT on 02-21-2020 10:36 AM
0
0
0
0
]\I am currently trying to test out the Cisco REST API to query the software.cisco.com to check for the latest firmware versions for devices. I am testing it out before we move forward and have hit a snag. I am about to authenticate and get a token and ca... view more
EOX API does not work always
Created by nehamangla5310 on 02-18-2020 05:28 AM
0
0
0
0
Hi I have been using Cisco APIs to get EOX detail of devices. It works 70% of the time. Rest of the time - it either returns error or null. Please help I am hitting following URL:https://api.cisco.com/supporttools/eox/rest/5/EOXBySerialNumber/1/... view more
Integration with Service Now, pulling lifecycle/contract dat...
Created by jtrigili on 02-17-2020 12:40 PM
0
0
0
0
We have a customer using Service Now.  They would like to pull the lifecycle data and contract data automatically.  Do we have an API that Service Now can tap into?   Thank you, Joe
CPAR POC || java class
Created by MohamedAouf71435 on 02-06-2020 01:39 AM
0
0
0
0
400 System Error with CSAPI
Created by CLI_Owl on 02-03-2020 05:33 AM
1
0
1
0
I have been trying to access the Customer Details CSAPI at this URL: https://apx.cisco.com/cs/api/v1/customer-info/customer-details I can get a bearer token and when I send a get to the above URL in postman, this is the error I get back:{ &... view more
CreatePlease to create content
Discussion
Blog
Document
Video
This widget could not be displayed.