smart-bonding-partner-api

AutoRCA

Executive Summary

What is AutoRCA? Cisco Technical Assistance Center (TAC) is constantly running machine-learning algorithms against years of case data, quickly matching case data to a set of high-probability root causes for the device, operating system, and configuration presented in a specific case. Automated Root Cause Analysis (AutoRCA) allows partners to leverage this technology.

How does AutoRCA work? When a partner opens a Shadow Case to Cisco via Smart Bonding, any logs or files attached to the Shadow Case will be scanned by the automation engine to identify potential issues based on years of data collected from support cases. Results from the AutoRCA analysis will be provided within 20 minutes (large numbers of files may cause a delay in receiving results).

What files are supported? Any files containing native device output can be analyzed. These files are typically in plain text (.txt) or zip (.zip) formats. Pictures (like a .jpg) or PDF documents will not generate results. Partners may upload as many relevant files as they wish to a single case and AutoRCA will analyze each, provided each file has a unique name. Examples of supported output from a variety of Cisco devices is pictured below, but it is not an exhaustive list of all possible device outputs.

Examples of Devices and Supported Outputs

Is there a size limitation for attachments? While no file size limitation exists, the system may place a limit on how long to scan and analyze a file. This limitation will only impact attachments with incredibly large amounts of data.

Technical Details

Requirements:

Partners must already have an existing Smart Bonding connection to use AutoRCA and the ability to add attachments through Smart Bonding. Additionally, only Shadow Cases entitled using a PAS (Partner Advanced Services) contract are eligible for AutoRCA. Cases entitled with any other contract will not generate results.

AutoRCA Results

Partners have several choices on how to display the results of the file analysis. Any combination of the options may be configured for a partner. If multiple options are selected, the results will displayed in all configured options. By default, partners will be enabled to receive results through case notes. To change how the results are delivered, partners should open a support case with the Smart Bonding team.

For instance, if a partner chooses "Text Notes to SR" and "ServiceNow (HTML) Notes", then the partner will receive two separate notes from Cisco. Both results will contain the same information, but one will be formatted for plain text and the other will be formatted for HTML.

Likewise, a partner may wish to see the results in both the case notes as well as via email.

HTML Results Example

HTML Example

JSON Results Example

JSON Example
json
Copy{
    "filename": "ASA-Like_file2.txt",
    "date": "2024-06-21 03:42:18.445692",
    "cisco_sr_number": "697541739",
    "results": [
        {
            "severity": "error",
            "external_text": "This is the last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete. TAC will no longer support this version and upgrading to a more recent and actively supported code is required for assistance.",
            "external_title": "The current running version, 9.10(1), has passed the End Of Support: 2022-10-31",
            "snippet": null
        },
        {
            "severity": "error",
            "external_text": "SYMPTOMS:<Blockquote class=\"blockquote--light\"><pre>\nA vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.\n\nThe vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos\n</pre></Blockquote>CONDITIONS:<Blockquote class=\"blockquote--light\"><pre>\nPlease refer to the Security Advisory.\n</pre></Blockquote>MITIGATION:<Blockquote class=\"blockquote--light\">Workaround:<br><pre>\nPlease refer to the Security Advisory.\n</pre></Blockquote>ADDITIONAL INFORMATION:<Blockquote class=\"blockquote--light\"><pre>\nPlease refer to the Security Advisory.\n\nThe associated security advisory provides a recommended software release for addressing this vulnerability.\nThis recommended release may not be the first fixed release as listed in this defect.\n\nThis difference is due to the potential impact of the following defect:\n\nCSCvo56675 ASA traceback and reload when trying to switch from ACTIVE to STANDBY. Thread Name: fover_FSM_thread\n\nThe above defect could result in a crash of the device depending on configured services. Please consider this if\nchoosing to use a release other than the recommended release from the security advisory.\n\n</pre><br /><a href='https://tools.cisco.com/bugsearch/bug/CSCvn78174' target='_blank'>CSCvn78174</a></Blockquote>EVIDENCE:<Blockquote class=\"blockquote--light\">N/A</Blockquote>",
            "external_title": "This device is susceptible to CSCvn78174: Cisco ASA and Cisco FTD Software TCP Timer Handling Denial of Service Vulnerability",
            "snippet": [
                "11:       Hardware:   FPR-1010, 7176 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)"
            ]
        },
        {
            "severity": "warning",
            "external_text": "This is the last date that Cisco Engineering may release any final software maintenance releases or bug fixes for this version train. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.",
            "external_title": "The current running version, 9.10(1), has passed the End Of Software Maintenance: 2020-10-08",
            "snippet": null
        }
    ]
}

Options for Results

Option Explanation
HTML File Email The case requester will receive an email with an HTML-formatted attachment containing the results.
JSON File Email The case requester will receive an email with a JSON-formatted attachment containing the results.
Text Notes to SR Results will be displayed as a plain-text case note with minimal formatting and will be shared through Smart Bonding to the partner ticketing system.
HTML Notes to SR Results will be displayed as an HTML-formatted case note and will be shared through Smart Bonding to the partner ticketing system.

Support for AutoRCA

For support of AutoRCA, follow the support process listed in Open a Case.

Next