cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2511
Views
0
Helpful
9
Replies

How relevant and up-to-date is the PSIRT section of the portal?

Dave Lewis
Level 1
Level 1

I ask because when I view the Alerts->PSIRT page and sort by 'last updated' I see Jan 1 2017 as the latest PSIRTs in the database?

 

I've been asked to see if any of our devices are vulnerable to https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx and was hoping to use the smart services portal but I don't see any of these CSCve's mentioned.

 

How often is the list updated and a vulnerability assessment performed?

 

Also, it would be useful to have a column for  CSCve/advisory ID/CVE so its easy to search on a particular vulnerability.

 

Thanks,


Dave

1 Accepted Solution

Accepted Solutions

Chris Camplejohn
Cisco Employee
Cisco Employee

There are some open bugs with the PSIRT results.  However, the one you mention here would not be in the portal anyways, since only Critical & High SIR PSIRTs are automated for SNTC.

View solution in original post

9 Replies 9

Chris Camplejohn
Cisco Employee
Cisco Employee

There are some open bugs with the PSIRT results.  However, the one you mention here would not be in the portal anyways, since only Critical & High SIR PSIRTs are automated for SNTC.

Ah interesting, I wasn't aware of that. Thanks for the response.

 

Dave

Hi Chris,
Could you please expand on "only Critical & High SIR PSIRTs are automated for SNTC" as users may be confused as all severity PSIRTs are shown in the portal and in downloaded reports?
Thanks,
Graham

Not sure what else you need me to add. Medium & Low SIR PSIRTs are not automated.

It is the distinct meaning of 'automated' in the context of PSIRTs.
My knowledge/understanding is that when any Critical or High PSIRT is generated it is automatically fed into SNTC (well an algorithm created), although I don't recall seeing any stipulated time-frame for this (PSIRT issued to active algorithm in SNTC).
This new PSIRT algorithm instance will be run against the next and subsequent inventory uploads.
All Medium & Low alerts will require a manual algorithm to be defined/created.

Okay. I think I understand. Let me try to clarify and see if this helps.
For all Critical & High SIR PSIRTs for IOS, IOS-XE, IOS XR, NX-OS, ASA, and AireOS, the automation means that SNTC will have the "algorithm" and data for affected versions and feature matches and will be run against your install base inventory.
For Medium & Low SIR PSIRTs, nothing will show up in SNTC because there are no algorithms available.

So when I say "automated" I mean automatically available in SNTC run against your data. When I say "manual" I mean it will never show up in SNTC and the customer has to evaluate these on their own since there will be no results for them in SNTC.

Does that clarify? Apologies if I'm not being clear.

Why do I see entries for Medium and Low PSIRTs in my SNTC views?

You are too observant ;-) There are two explanations: 1) Some of them are REALLY old and 2) Some get automated because of high demand to have the automation. It is the exception, not the rule.

Thanks for the clarification Chris.
BTW from a network operators perspective - just because they are really old it doesn't mean that they aren't still relevant, alas. ;-)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: