Forum Discussion

mnagel's avatar
Icon for Professor rankProfessor
5 years ago

Cisco PSIRT Advisories (beta)

I have been working on a module to pull Cisco PSIRT Advisories per device.  It is not complete yet, but thought it might be interesting to post since it does work, just not properly for production use (see below).  It is also an example of how lack of library support forces cut-and-paste programming even within a single DS :(

Please note that due to the way LM works, this cannot be deployed on more than a few devices as it stands!!!! Cisco has strict limits on the API and there is no reason to call more than daily for any platform/version pair, but you have no choice by default. I have some ideas on how to address, but if LM would provide a way to marshal and cache external API calls, I would not have to hack around the issue by running an nginx caching server (TBD) or possibly by writing JSON files to the local filesystem (shudder).

To use this, you must get an application defined at the Cisco API Console (documented in the technical notes) and you must define the API key/secret from the application in properties.

Cisco in theory wants you to use ios, iosxe and nxos as endpoint types with the version, but there is no actual way to reliably detect iosxe (that I can find, other than possibly a boot string @ SNMPv2-SMI::enterprises. or SNMPv2-SMI::enterprises.  So I used ios as default and nxos when matched.


2 Replies

  • Found a bug in the CVSS score datapoint extraction, fixed in Version 1.1.0.  Still working on options for caching API calls to minimize call load.


  • Trying to get feedback from support on how to use the undocumented memcached capability in LM -- if that is successful, then that will probably be how I proceed with API caching.  Unfortunately, this means that collectors will need to have memcached installed (or available on the network).  For me, this is easy with puppet for Linux collectors. In theory also for Windows, but in practice I will not be able to do that as LM is piggybacked on client servers.  Again, would sure be nice if LM provided an integrated key/value store (in the feature request graveyard for a couple of years, sadly).  Also would be nice if there was a "submit for approval" option here so code review scheduling could be better anticipated ;).