cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Smart Net Total Care Community!

Our community includes Cisco experts to answer your questions about the Smart Net Total Care (SNTC) portal and CSP-Collector.
Click the navigation links below to access materials for using our service and supported collectors.

615
Views
5
Helpful
7
Replies
Beginner

PSIRT analysis differs between that on SNTC portal to any downloaded report

Hi,

 

I have a rather worrying situation where the analysis presented via the SNTC portal differs significantly to that contained with any report generated and downloaded.

 

Specifically this relates to PSIRT alerts.  What differs is the number of devices (chassis) and the vulnerability status.

 

For an example taking the following alert description "Vulnerabilities in Cisco IOS Secure Shell Server"

Within SNTC under Alerts - All PSIRTs, I see that for one of my inventories 4 devices are listed as being 'vulnerable', but when I look at a Product Alerts Report (spreadsheet) the same devices are listed as being 'potentially vulnerable".   Which is correct?

 

As another example alert description "Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability (CVE-2015-0646)" shows that via SNTC 484 are 'vulnerable', whereas within the downloaded spreadsheet, 160 devices are reported, 17 as being 'potentially vulnerable' and 143 as 'vulnerable'.   Again which information source is correct, if indeed any are?

 

Regards,

Graham

Everyone's tags (1)
7 REPLIES 7
Cisco Employee

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

Hello Graham,

Currently the SNTC Portal displays a potentially vulnerable and vulnerable device as vulnerable on the online PSIRT reports.  You can reference the offline alerts report to get more granular results and verify if a device is reflecting only as potentially vulnerable.  A potentially vulnerable device means that the SNTC Portal was not able to completely validate the alert based on the collected device details, and it may require a manual validation.

Thank you,
Jarrett

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

Hi Graham,

Please let us know if you have further questions. If there is nothing further, please mark this as solved.

Thanks!
Cheri

Beginner

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

Hi,

Thanks for the replies, but I'm not entirely happy with the explanation.

Given that the explicit status of each device, WRT any specific PSIRT alert being either vulnerable or potentially vulnerable, is known (since this is provided in the report), I fail to see why this distinction is not shown within the portal view?

Furthermore there is no explanation as to why the summary counts differ between the portal view and the downloaded report?

Rgds,

Graham

Highlighted
Cisco Employee

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

You're right Graham.  CSCvd67358 was filed to address this.  It will be fixed in a future release.  Stay tuned.

Everyone's tags (1)
Beginner

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

Hi Chris,

Thanks for the update and I'm pleased to see a case opened to resolve it.

Will this bug case also address the significant differences in the counts (of effected devices)?

In the interim which counts do we use, the counts shown via the portal or those reported within a download spreadsheet?

Rgds,

Graham

Cisco Employee

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

Can you send me a private message in the forum letting me know which customer name and inventory you are using? I'd like to take a quick look at the data to see the discrepancy.
Cisco Employee

Re: PSIRT analysis differs between that on SNTC portal to any downloaded report

Thanks for the info you sent me.  It helped me to visualize same as you were seeing.  There isn't a count mismatch.  There is a title/description mismatch that makes it appear that way to you.  This is CSCvd87947.  If you summarize in the excel by Alert ID instead, you'll see the counts match.

CreatePlease to create content
Right-rail
Navigation
Be sure to bookmark these support pages and use them in the future to find all the self-help information.
Helpful Links