Business Critical Services(BCS) Operational Insights API

Product Alerts

The Product Alerts collection provides insights into what alerts may or may not affect your assets. It is sub-divided into four categories:

  • Field Notices: Notifications that are published for significant issues, other than security vulnerability-related issues, that directly involve Cisco products and typically require an upgrade, workaround, or other customer action.
  • Security Advisories: Notifications that are published for security vulnerability-related issues that typically require an upgrade, workaround, or other customer action.
  • Software Advisories: Notifications about known problems affecting certain software images.
  • End of X (EOX) Notifications: Notifications about important milestones of a product its hardware or software.

The main use case for this API is to be made immediately aware of what known risks exist in your network so you can the appropriate action. When the outputs are consumed by an ITSM system, these alerts can trigger an action for your operations teams to mitigate those actions. At the minimum, these will provide extra awareness and insights for a discussion with your Consulting Engineer (CE).

The EOX notifications are typically less urgent, but they allow for proper planning when it comes to future upgrades.

Each of the above-mentioned categories is further sub-divided into one or two endpoints. We will explain them in more detail in the following sections.

Field Notices

This collection is sub-divided into these endpoints:

  • /productAlerts/fieldNotices
  • /productAlerts/fieldNoticeBulletins
  • /productAlerts/fieldNoticeBulletins/:fieldNoticeId

The /productAlerts/fieldNoticeBulletins endpoint provides an overview of all the Field Notices. Here is an example:

json
Copy{
    "bulletinFirstPublishedTimestamp": "2006-03-02T00:00:00",
    "bulletinLastUpdatedTimestamp": "2007-02-22T09:52:07",
    "bulletinMappingCaveat": "Deviation numbers are not automatically checked.  Manual verification of the deviation number will be required.",
    "bulletinTitle": "FN# 62271 CRS-8: AC Power Supplies may encounter hang, communication to the Power Supply is lost. Workaround or RMA for fix.",
    "bulletinUrl": "http://www.cisco.com/en/US/ts/fn/620/fn62271.html",
    "fieldNoticeId": "62271",
    "fieldNoticeType": "Hardware",
    "problemDescription": "CRS-8 AC Power Supplies occasionally lose communication capabilities due to an I2C hang. This happens in normal operating conditions when Power monitoring is enabled. Power monitoring is NOT enabled by default."
}

In the previous example you can see Field Notice FN62271. The type of field notice is Hardware. It was first published in March 2006, and received an update in February 2007. An explanation is given about the issue in detail as well the URL where you can read the official published bulletin.

The /productAlerts/fieldNotices endpoint provides an overview of all the different assets that have been matched against the Field Notices of which we are aware. You can see a description about the problem, and a caveat indicating why a manual check may be required to verify applicability.

Finally, you can see each Field Notice has its own unique ID. This can be used to reference it in communications with Cisco, or with the /productAlerts/fieldNotices API endpoint below.

The /productAlerts/fieldNotices endpoint returns a list of JSON objects indicating which deviceId is vulnerable to which fieldNoticeIDs and with what confidence.

Here is an example:

json
Copy{
    "deviceId": 24948009,
    "fieldNoticeId": "64156",
    "matchConfidence": "Not Vulnerable",
    "matchConfidenceReason": "No Match on Product Family ,SW Version; Match on SW Type ",
    "physicalAssetId": 256129731
},
{
    "deviceId": 24948049,
    "fieldNoticeId": "64156",
    "matchConfidence": "Potentially Vulnerable",
    "matchConfidenceReason": "Missing: Product Family; Match on SW Type; Manual Verification Required",
    "physicalAssetId": 256129950
},
{
    "deviceId": 26592438,
    "fieldNoticeId": "62814",
    "matchConfidence": "Vulnerable",
    "matchConfidenceReason": "Match on PID, TAN, Serial Number",
    "physicalAssetId": 429970563
}

In the previous example, the device with ID 24948009 is verified to be Not Vulnerable to FN64156 since either the product family, software version, or software type differs from what is required to run into that Field Notice. The device with ID 24958049 is Potentially Vulnerable to FN64156, but it was not possible to automatically confirm because of some missing data. Finally, the device with ID 26592438 is confirmed to be Vulnerable to FN62814 because of a Match on PID, TAN, Serial Number.

It is worth noting that the output also contains the physicalAssetId attribute. As explained in the Inventory chapter, this is the ID of the asset itself. The DeviceId is the ID of the logical device to which this asset relates. This allows you to look at FieldNotice applicability on a logical device level, or as detailed as the individual assets inside the devices.

Security Advisories

This collection is sub-divided into these endpoints:

  • /productAlerts/securityAdvisories
  • /productAlerts/securityAdvisoryBulletins
  • /productAlerts/securityAdvisoryBulletins/:securityAdvisoryColdId

The /productAlerts/securityAdvisoryBulletins endpoint provides an overview of all the Security Advisories Cisco has published. Here is an example:

json
Copy{
    "bugIds": "CSCek37177",
    "bulletinFirstPublishedTimestamp": "2007-01-24T00:00:00",
    "bulletinLastUpdatedTimestamp": "2007-01-24T00:00:00",
    "bulletinMappingCaveat": "",
    "bulletinSummary": "Cisco has released software updates that address these vulnerabilities. [Workarounds that mitigate these vulnerabilities are available.] This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070124-crafted-tcp.",
    "bulletinTitle": "Crafted TCP Packet Can Cause Denial of Service",
    "bulletinUrl": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070124-crafted-tcp",
    "bulletinVersion": "1.1",
    "commonVulnerabilityScoringSystemBaseScore": "3.3",
    "commonVulnerabilityScoringSystemTemporalScore": "2.7",
    "cveIds": "CVE-2007-0479",
    "securityAdvisoryColdId": 59,
    "securityAdvisoryId": "cisco-sa-20070124-crafted-tcp",
    "securityImpactRating": "Low"
}

In the previous example, you can see that advisory cisco-sa-20070124-crafted-tcp is tracked in defect CSCek37177. The CVE ID is CVE-2007-0479 and has received an impact rating of Low. This can be confirmed from the open industry Common Vulnerability Scoring System (CVSS) scores. The CVSS Base score is 3.3 and the CVSS Temporal score is 2.7. As with other bulletins, there is a timestamp when it was first published and last updated.

A special attribute is the securityAdvisoryColdId. This is a unique internal number that refers to this advisory. It can be used with the securityAdvisories API endpoint below.

The securityAdvisories endpoint returns a list of JSON objects indicating which deviceId is vulnerable to which securityAdvisoryColdId and with what confidence.

Here is an example:

json
Copy{
    "deviceId": 24932812,
    "matchConfidence": "Not Vulnerable",
    "matchConfidenceReason": "No Match on SW Version; Match on SW Type",
    "securityAdvisoryColdId": 134
},
{
    "deviceId": 24932812,
    "matchConfidence": "Vulnerable",
    "matchConfidenceReason": "Match on SW Type, SW Version, Feature (\"CDP enabled\")",
    "securityAdvisoryColdId": 1656
},
{
    "deviceId": 24948009,
    "matchConfidence": "Potentially Vulnerable",
    "matchConfidenceReason": "Match on SW Type, SW Version, Feature (\"WebUI enabled and HTTP HTTPS sessions Deactivated\"); Manual Verification Required",
    "securityAdvisoryColdId": 2375
}

In the previous example, you can see that the device with ID 24932812 is verified to be Not Vulnerable to the Security Advisory with internal ID 134. Querying the securityAdvisoryBulletins API for securityAdvisoryColdId 134 shows advisory cisco-sa-20080610-snmpv3. You can also see that the device with ID 24932812 is confirmed to be vulnerable to the advisory with internal ID 1656. The device with ID 24948009 is Potentially Vulnerable since it could not be completely verified automatically.

Software Advisories

The Software Advisories can be queried via the /productAlerts/softwareAdvisoryAlerts endpoint. When the TAC or the Business Units determine significant issues pertaining to certain software images, they publish an alert for it. Software Advisories can be of two (2) types. They are either a Software Alert (SA) or a Deferral (DF).

A software alert warns you to be careful with the software image in use. It is however still available for download. A deferral alert means the release is no longer available for download and you are urged to upgrade to a better version.

Here is an example:

json
Copy{
    "deviceId": 26431166,
    "deviceName": "10.81.98.8",
    "imageName": "C3560-IPSERVICESK9-M",
    "softwareAlertType": "SA",
    "softwareAlertUrl": "http://www.cisco.com/web/software/DefTracker/280805679/SA/ac104247.html",
    "softwareType": "IOS",
    "softwareVersion": "12.2(50)SE"
},
{
    "deviceId": 26808757,
    "deviceName": "10.201.23.6",
    "imageName": "CAT3K_CAA-UNIVERSALK9-M",
    "softwareAlertType": "DF",
    "softwareAlertUrl": "http://www.cisco.com/web/software/DefTracker/282043052/DT/ac106121.html",
    "softwareType": "IOS-XE",
    "softwareVersion": "3.3.3SE"
},

The device with ID 26431166 is running IOS version 12.2(50)SE using image C3560-IPSERVICESK9-M. There is a Software Advisory (SA) published for it at URL http://www.cisco.com/web/software/DefTracker/280805679/SA/ac104247.html. The device with ID 26808757 is running IOS-XE version 3.3.3SE using image CAT3K_CAA-UNIVERSALK9-M. This software has been completely deferred (DF). As a result, you should look for a better release immediately. The details can be found at URL http://www.cisco.com/web/software/DefTracker/282043052/DT/ac106121.html.

End of X (EOX) Notifications

The End of Life notifications provide insights into important milestones of a product its hardware or software lifecycle. Each milestone indicates an important date in the product its lifecycle. Because there are several milestones, it is often also referred to as End of X (EOX).

This API collection is sub-divided into these endpoints:

  • /productAlerts/hardwareEndOfLife
  • /productAlerts/hardwareEndOfLifeBulletins
  • /productAlerts/hardwareEndOfLifeBulletins/:hardwareEndOfLifeId
  • /productAlerts/softwareEndOfLife
  • /productAlerts/softwareEndOfLifeBulletins
  • /productAlerts/softwareEndOfLifeBulletins/:softwareEndOfLifeId

These endpoints provide the typical milestones any Cisco product undergoes. The first two return the data for hardware. The second two return the data for software. Similar to the previous endpoints in this Product Alerts collection, the Bulletins endpoint provides details about all the milestones Cisco has published for its products, while the individual EndOfLife endpoints give an overview of which assets in your network have reached what particular milestone as documented in a Bulletin.

Here is an example of a hardwareEndOfLifeBulletin:

json
Copy{
    "bulletinNumber": "EOL12308",
    "bulletinTitle": "Nexus 5500 Series Switches ",
    "bulletinUrl": "https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/eos-eol-notice-c51-740720.html",
    "endOfLifeAnnouncementDate": "2018-05-05",
    "endOfNewServiceAttachmentDate": "2020-05-04",
    "endOfRoutineFailureAnalysisDate": "2020-05-04",
    "endOfSaleDate": "2019-05-05",
    "endOfServiceContractRenewalDate": "2023-08-03",
    "endOfSoftwareMaintenanceReleasesDate": "2020-05-04",
    "endOfVulnerabilitySecuritySupportDate": "2022-05-04",
    "hardwareEndOfLifeId": 415556,
    "lastDayOfSupportDate": "2024-05-31",
    "lastShipDate": "2019-08-04",
    "productId": "N5K-C5548UP"
}

The bulletin EOL12308 with title Nexus 5500 Series Switches, lists all the EoX dates for the N5K-C5548UP product. Detailed information can be found at https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/eos-eol-notice-c51-740720.html. The attribute hardwareEndOfLifeId is a unique internal number that refers to this bulletin. It can be used with the /productAlerts/endOfLife API endpoint to know which devices are associted or impacted by a particular bulletin.

The /productAlerts/hardwareEndOfLife endpoint returns a list of JSON objects indicating which deviceId has reached what EoX milestones.

Here is an example:

json
Copy{
    "currentEndOfLifeMilestone": "EoSWM,EoRFA",
    "currentEndOfLifeMilestoneDate": "2020-05-04",
    "deviceId": 26809025,
    "deviceName": "10.122.208.29",
    "hardwareEndOfLifeId": 415556,
    "nextEndOfLifeMilestone": "EoVSS",
    "nextEndOfLifeMilestoneDate": "2022-05-04",
    "physicalAssetId": 342519674,
    "physicalAssetType": "Chassis",
    "productId": "N5K-C5548UP"
},
{
    "currentEndOfLifeMilestone": "EoSWM,EoRFA",
    "currentEndOfLifeMilestoneDate": "2020-05-04",
    "deviceId": 26809028,
    "deviceName": "10.122.208.32",
    "hardwareEndOfLifeId": 415556,
    "nextEndOfLifeMilestone": "EoVSS",
    "nextEndOfLifeMilestoneDate": "2022-05-04",
    "physicalAssetId": 342519681,
    "physicalAssetType": "Chassis",
    "productId": "N5K-C5548UP"
}

Two devices - devices with ID 26809025 and 26809028 have reached milestone EoSWM (End of Software Maintenance) and EoRFA (End of Routine Failure Analysis). Their next EndOfLifeMilestone is EoVSS (End of Vulnerability/Security Support).

The Software EoX API endpoints work in the exact same way as the Hardware EoX endpoints and are therefore not explained in any further detail here.

Next