Hello Graham ,

Apologies  for the confusion , I was referring to the old SNTC version(SNTC1x ) where this capability was present but with newer version we don't have it included at present .

Regards

Pamela

Given the critical nature of such alerts and the importance of CVSS scoring in respect of managing and reacting to an alert, what are the current plans to reinstate this key data within SNTC?

Hello Graham,

I have contacted appropriate team on this to know about the road maps , Once I have details I will share with you on this post or respective team will reply on this thread .

Thank you,

Pamela

Hi Graham,

we have a feature that is currently under implementation that would enable SNTC portal to showcase the Security Impact Rating (SIR) for a given PSRIT.

The SIR classifications are aligned with Common Vulnerability Scoring System (CVSS) scores. However, Cisco reserves the right to deviate from this on an exception basis  in the event that there are additional factors not properly captured in the CVSS score. We will keep you posted on the availability of this feature on SNTC portal

Regards,

Vikas

Hi Vikas,

First thanks for the statement; although whilst it answers the question it does give some concern regarding potential intent to mask industry standard scoring by only highlighting the less granular Cisco SIR rating; this is contrary to tat as stated in the current Cisco Security Vulnerability Policy, within SNTC.

Since the policy clearly states under the heading 'Assessing Security Risk' that "Cisco uses version 2.0 of the Common Vulnerability Scoring System (CVSS) as part of its standard process of evaluating reported potential vulnerabilities in Cisco products", and that SIR is an 'additional' and 'simple' categorization.

Such details (CVSS scores) are included within 'Cisco Security Advisories' and referenced within Cisco Bug descriptions, noting that bug description themselves reference only the CVSS score and not SIR rating.

Furthermore since CVSS is universally adopted by all (telecom) vendors it enables us, as network operators, consistent analysis of threats to a common framework and scale.  This is of significant benefit especially when we have devices from multiple vendors deployed within our networks.

I hope that Cisco will reconsider this planned approach to merely 'showcase the Security Impact Rating' and provide the standard CVSS score for all PSIRT alerts within the SNTC portal.

Rgds,

Graham

Hi Folks,

Do I need to open a TAC case / product feature request for: 'provide the standard CVSS score for all PSIRT alerts within the SNTC portal'?

Rgds,

Graham

Hi Graham,

From Smart Net Total Care you do not need to open a TAC SR to request an enhancement. You can add comments or make a request using the Feedback feature (Top Right corner on the Dashboards view) if you like. The Feedback button looks like a Note Pad.

Regards, Tim

Hi Tim,

I was aware of this 'feedback form' but it does not look like a formal mechanism in which to submit product feature requests, or query functional aspects of the product/service.

I have several TAC cases open for other aspects of SNTC (and CSPC), both covering problems and enhancements, many of then have been confirmed as bugs or valid enhancements and are pending delivery.

Rgds,

Graham

I'm facing the same issue with several of my customers - CVSS scores in the PSIRT alerts report is preferred and more granular.

This thread dates back to 2016, was there any progress or confirmation from Cisco?

Cheers.

Confirming CVSS scores are now showing on the Portal and exported reports.

Thanks All.