Our community includes Cisco experts to answer your questions about the Smart Net Total Care (SNTC) portal and CSP-Collector.
Click the navigation links below to access materials for using our service and supported collectors.
When looking at the Alerts data I note that the PSIRTs listed as being applicable to my networks/devices does not appear to be up-to-date; the latest PSIRTs listed being from 23 March 2016, whereas there are others that are applicable but are not shown?
I now have doubts as to the accuracy and reliability of of SNTC to provide the assurance in this area, as it states is should do.
Can someone please confirm:
Only High & Critical SIR Advisories are available in SNTC for IOS, IOS-XE, NX-OS, IOS XR, and ASA. Some advisories are delayed in automation when not all the vulnerability information is available for automation. If there is a specific one you expect to be present that meets this criteria, please share it here.
Hi Chris, this is the alert http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
And yes, we do indeed have many instances of a product deployed that is impacted by this alert.
HI Chris, I note that this specific PSIRT is still not showing via SNTC.
As it is now two weeks since the threat advisory was issued and no visibility via SNTC, it is questionable what benefit the Alerts section provides; in fact given such a delay with a high CVSS scoring alert, it could be viewed that a false sense of security is being projected.
I am checking with the engineering team to see why this PSIRT isn't showing in the portal. Will report back as soon as I know more information.
Alas I never received any update/answer to this.
IMO it should be at the same time-frame that any life-cycle (EoS, EoL) events are reported through the portal.
Given that it is an automated system I would have expected that critical/high PSIRT's would be reported within about 4 hours, and all others reported within 24 hours of being released.
You would have thought they're available pretty quickly... But I've noticed CVE-2017-3881 is still not showing, which was published on 17th March @16:00 and got a CVSS score of 9.8 (critical)!
If there is someone from smartservices on list, can you confirm?
Not that it assists you much, but I can see that 9 of my customer/inventories are reporting this specific PSIRT.
There are a number of Cisco staff who occasionally respond/reply to posts on this forum.
The automation for that CVE was done on Friday. It did not have the traditional advance notice within Cisco, so the automation will always lag for those. I'm not sure of the timing of the sync & processing in SNTC, so hopefully someone else can confirm. But I can confirm that this one has automation available. It also may evolve over the coming days as the details on the advisory get clarified.
Apologies for the delay in response to the original post, it seems it was missed. For future reference and to receive quicker assistance, please start a separate post for issues with different companies and attach links to related posts as desired.
There are a couple things that need to happen for PSIRTs to be processed and identified by the SNTC Portal for a company's devices. Device info, such as coverage and alert information are pulled as a part of inventory upload processing. At the high level: inventory processing = device profiling + validation + coverage/contract info + alert info. Thus, to ensure as accurate info for alerts and PSIRTs on the portal, there must be a regular schedule for collecting and uploading done by the CSPC that processes completely and correctly.
There is also a sync up that must occur in the backend but typically PSIRTs can be identified by the Portal after completion of a successful upload within 24 hours of the release date of the alert. However, there is a possibility of association issues even after successful inventory processing. Such as currently, there is an issue with generating and viewing reports, which could interfere with what PSIRTs are visible currently. This is being looked at with high priority and I will let you know when this particular issue is fixed.
Any news on when the PSIRT visibility issues will be fixed? We're not seeing any CVE's for 2017 at all...
PM me if you need any more info from our collector
Hey Sandy Breeze,
Can you PM me the company and inventory names in question? Please use the method below to PM me proprietary info.