Table Of Contents

Usage of PSIRT End-of-Sale and End-of-Life Data to Generate Reports

PSIRT Data

Generating a PSIRT Summary Report

End-of-Sale or End-of-Life Data

Generating End-of-Sale or End-of-Life Report

EoS/EoL Hardware Report

EoS/EoL Software Report

PSIRT or End-of-Sale or End-of-Life Data Administration

Changing the Data Source for PSIRT/EOS/EOL Reports

Cisco.com Fetch Interval

Usage of PSIRT End-of-Sale and End-of-Life Data to Generate Reports

---

This chapter provides an introduction to:

•PSIRT data

•End-of-Sale data

•End-of-Life data

It explains how to use RME to manage and generate PSIRT, End-of-Sale and End-of-Life reports. It consists of the following:

•PSIRT Data

•Generating a PSIRT Summary Report

•End-of-Sale or End-of-Life Data

•Generating End-of-Sale or End-of-Life Report

•PSIRT or End-of-Sale or End-of-Life Data Administration

PSIRT Data

Cisco's Product Security Incident Response Team (PSIRT) is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability-related information, related to Cisco products and networks.

For every security vulnerability, a PSIRT document is created with a PSIRT Document ID. This document consists of definitions of the vulnerabilities, the IOS image version that is affect by the PSIRT, as well as the device that is impacted.

RME fetches and collects this PSIRT information from Cisco.com at regular intervals.See Cisco.com Fetch Interval for more information on setting or changing the frequency of retrieval of PSIRT information from Cisco.com.

Generating a PSIRT Summary Report

You can generate a PSIRT Summary Report based on the PSIRT information retrieved from Cisco.com at regular intervals. This report helps you to ascertain the security vulnerabilities that affect the devices in your network.

It provides a summary of the possible security alerts based on the selected devices. It also recommends upgrade to the IOS image version that has the solution for the security vulnerability.

To generate the report, see Generating Inventory Reports.

The generated PSIRT Report shows:

•Count of the total number of devices selected for report generation.

•Count of devices with vulnerability

•Last Cisco.com Fetch Date

•Two tables categorized based on:

–PSIRT ID

–Device

Table 23-1 lists and describes the fields in the By PSIRT table. Click on a specific field ID to sort the information based on a this field.

Table 23-2 lists and describes the fields in the By Device table. Click on any field ID to sort the information based on a selected field.

For more information on the fields in the PSIRT Summary report tables, see Fields in the PSIRT Summary Report Tables.

You can also click on:

•Any of the PSIRT Document ID link to get more information about the devices affected by that PSIRT ID. When you click the PSIRT Document ID, an external web page opens with more details of that particular PSIRT.

Or

•The Number of Affected Devices link to get more information about the devices that are affected by a corresponding PSIRT ID. When you click the Number of Affected Devices link, the By Devices table is displayed. The devices affected by the corresponding PSIRT are listed at the top of the table.

---

Note The PSIRT Summary report displays PSIRTs only for Cisco IOS device categories.

---

Fields in the PSIRT Summary Report Tables

Table 23-1 provides description for the fields in the By PSIRT table.

Table 23-1 By PSIRT Table

Field	Description
PSIRT Document ID	Document ID of the PSIRT announcement. Click on the PSIRT Document ID for more information on that PSIRT.
Announced Date	Date on which the PSIRT announcement was released in Cisco.com.
Description	Brief description of the security vulnerability.
Severity	Severity classification for the PSIRT. It could be: •High •Medium •Low
IOS Versions Impacted	IOS software version that is impacted by the PSIRT.
Image File Names	Name of the image file.
Number of devices affected	Count of the number of devices affected by the PSIRT.
Fixed in IOS Versions	IOS software version that has the fix to the security vulnerability. You can upgrade to this fixed IOS version to overcome the security vulnerability.

Table 23-2 provides description for the fields in the By Device table.

Table 23-2 By Device Table

Field	Description
Device Name	Name or IP address of the device.
Device Model	Model of the device.
PSIRT Document Id	Document ID of the PSIRT announcement. Click on the PSIRT Document ID for more information on that PSIRT.
IOS Version	IOS software version that is impacted by the PSIRT.
Location	Physical location of the device in the network.

---

Note Any PSIRT report job, which was scheduled using RME 4.1 or 4.1.1, after upgrade and restore into RME 4.3 will only follow the method of retrieving information from Cisco.com.

---

End-of-Sale or End-of-Life Data

The End-of-Sale information for a device or software image refers to the announcement made in Cisco.com regarding the ending of sales of a device or software. It also means that this device or software will no longer be manufactured.

RME fetches and collects these End-of-Sale and End-of-Life information from Cisco.com at regular intervals.

See Cisco.com Fetch Interval for more information on setting or changing the frequency of retrieval of End-of-Sale and End-of-Life information from Cisco.com.

Generating End-of-Sale or End-of-Life Report

You can generate a End-of-Sale/End-of-Life report for hardware and software images based on the End-of-Sale or End-of-Life information retrieved from Cisco.com at regular intervals. This report helps you to ascertain the End-of-Sale or End-of-Life information for devices and modules of the devices in your network.

You can also generate the End-of-Sale, End-of-Life and End-of-Engineering dates for the software image versions running in the devices in your network. It provides a summary of the End-of-Sale or End-of-Life alerts based on the selected devices.

You can generate the following End-of-Sale/End-of-Life Reports:

•EoS/EoL Hardware Report

•EoS/EoL Software Report

EoS/EoL Hardware Report

The generated EoS/EoL Hardware Report shows:

•Count of the total number of devices selected for report generation.

•Count of devices with End-of-Sale or End-of-Life announcements.

•Count of modules with End-of-Sale/End-of-Life announcements.

•Last Cisco.com Fetch Date

•Three tables categorized based on:

–End-of-Sale/End-of-Life announcements

–Modules with End-of-Sale/End-of-Life announcements

–Devices with End-of-Sale/End-of-Life announcements

Table 23-3 lists and describes the fields in the End-of-Sale/End-of-Life Announcements for Devices table.

Click on a specific field ID to sort the information based on this field.

Table 23-4 lists and describes the fields in the End-of-Sale/End-of-Life Announcements per Module table.

Click on a specific field ID to sort the information based on this field.

Table 23-5 lists and describes the fields in the Devices that have End-of-Sales / Support Announcements table

Click on a specific field ID to sort the information based on this field.

For more information on the fields in the End-of-Sale/End-of-Life report tables see Fields in the End of Sale/End of Life Report Tables.

If you:

•Click on the Number of Devices link from the End-of-Sales/End-of-Life Announcements for devices table, the devices that have End-of-Sales/End-of-Life support announcements table is displayed.

The records are arranged according to the Bulletin Number that correspond to the Number of Devices link clicked in the End-of-Sales/End-of-Life Announcements for devices table.

•Click on the Number of Modules link from the End-of-Sales/End-of-Life Announcements for modules table, the Devices that have End-of-Sales/End-of-Life support announcements table is displayed.

The records are arranged according to the Bulletin Number that corresponds to the Number of Modules link clicked in the End-of-Sales/End-of-Life Announcements per module table.

Fields in the End of Sale/End of Life Report Tables

Table 23-3 provides descriptions for the fields in the End-of-Sales / End-of-Life Announcements for Devices table.

Table 23-3 Fields in the End-of-Sales / End-of-Life Announcements for Devices

Field	Description
Bulletin Number	Bulletin number of End-of-Sale / End-of-Life Announcement for a device in Cisco.com. Click on the bulletin number link for more information of End-of-Sale / End-of-Life Announcement for that device in Cisco.com. There maybe multiple announcements for a device.
Device Model	Model of the device. For instance, the device model can be Cisco Catalyst 4507R Switch.
Number of devices	Count of the number of affected devices.
EOS Date	Last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.
EOL Date	Date of the document that announces the End-of-Sale and End-of-Life of a product is distributed to the general public.
SME Notes	Additional information about the End-of-Sale/End-of-Life announcements. The End-of-Sale/End-of-Life announcement may not be accurate for some devices. See this SME Notes field against the announcements for additional information. For example, a WS-C6506-E chassis is flagged as End-of-Sale against the bulletin for WS-C6506 chassis. This is because the sysobjectid for both these chassis are the same. SME Notes is a field where such additional information are provided.

Table 23-4 provides descriptions for the fields in the End-of-Sales / End-of-Life Announcements Per Module table.

Table 23-4 End-of-Sales / End-of-Life Announcements Per Module

Field	Description
Bulletin Number	Bulletin number of End-of-Sale / End-of-Life Announcement for a module in Cisco.com. Click on the bulletin number link for more information of End-of-Sale / End-of-Life Announcement for that module in Cisco.com. There maybe multiple announcements for a module.
Module Type	Module type information consisting of the End-of-Sale product part number.
Number of Modules	Count of the number of affected modules.
EOS Date	Last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.
EOL Date	The date of the document that announces the End-of-Sale and End-of-Life of a product is distributed to the general public.
SME Notes	Additional information about the End-of-Sale/End-of-Life announcements. The End-of-Sale/End-of-Life announcement may not be accurate for some devices. See this SME Notes field against the announcements for additional information. For example, a WS-C6506-E chassis is flagged as End-of-Sale against the bulletin for WS-C6506 chassis. This is because the sysobjectid for both these chassis are the same. SME Notes is a field where such additional information are provided.

Table 23-5 provides descriptions for the fields in the Devices that have End-of-Sales / Support Announcements table.

Table 23-5 Devices that have End-of-Sales / Support Announcements

Field	Description
Device Name	Name or IP address of the device. Click on the device name for more information about the device.
Device Model	Model of the device. For instance, the device model can be Cisco Catalyst 4507R Switch.
Module Type	Module type information consisting of the End-of-Sale product part number.
Location	Physical location of the devices on the network.
Bulletin Number	Bulletin number of End-of-Sale / End-of-Life Announcement for a device or module in Cisco.com. Click on the bulletin number link for more information of End-of-Sale / End-of-Life Announcement for that device or module in Cisco.com. There maybe multiple announcements for a device or module.
SME Notes	Additional information about the End-of-Sale/End-of-Life announcements. The End-of-Sale/End-of-Life announcement may not be accurate for some devices. See this SME Notes field against the announcements for additional information. For example, a WS-C6506-E chassis is flagged as End-of-Sale against the bulletin for WS-C6506 chassis. This is because the sysobjectid for both these chassis are the same. SME Notes is a field where such additional information are provided.

---

Note Any End-of-Sale or End-of-Life report job, which was scheduled using RME 4.1 or 4.1.1 or RME 4.2, after upgrade and restore into RME 4.3 will only follow the method of retrieving information from Cisco.com

---

EoS/EoL Software Report

The generated EoS/EoL Software Report shows:

•Count of the total number of devices selected for report generation.

•Count of devices with End-of-Sale/End-of-Life Software announcements.

•End-of-Sale/End-of-Life announcements for Software Images

Table 23-6 lists and describes the fields in the End-of-Sale/End-of-Life Announcements for Software Images table.

Click on a specific field ID to sort the information based on this field.

Table 23-6 Fields in the End-of-Sales / End-of-Life Announcements for Software Images

Field	Description
Device Name	Name or IP address of the device. Click on the device name for more information about the device.
Product Family	Product family to which the device belongs. For instance, the product family can be Cisco Catalyst 4000 Series Switches.
OS Type	Operating System running in the device. For example, IOS.
Image Version	Latest version of the image running in the device.
EOS Date	Date of the document that announces the end-of-sale of a product is distributed to the general public.
EOL Date	Date of the document that announces the end-of-life of a product is distributed to the general public.
EOE Date	Date of the document that announces the end-of-engineering of a product is distributed to the general public.
Details	Click More Info to view the End-of-Sale / End-of-Life Announcements for Software Images for the device in Cisco.com.

PSIRT or End-of-Sale or End-of-Life Data Administration

RME uses PSIRT, End-of-Sale and End-of-Life data from Cisco.com to generate various reports. You can use the various RME Administration options to:

•Change the Data Source for PSIRT or End-of-Sale or End-of-Life reports.

For more information, see Changing the Data Source for PSIRT/EOS/EOL Reports

•Change the Cisco.com Fetch Interval

For more information, see Cisco.com Fetch Interval

Changing the Data Source for PSIRT/EOS/EOL Reports

You can use the PSIRT/EOX Reports option to change the data source for generating a PSIRT or End-of-Sale or End-of-Life report.

To access this option, go to Resource Manager Essentials > Admin > Reports > PSIRT/EOX Reports

For more information on:

•PSIRT Report, see:

–PSIRT Data

–Generating a PSIRT Summary Report

•End-of-Sale/End-of-Life Report, see:

–End-of-Sale or End-of-Life Data

–Generating End-of-Sale or End-of-Life Report

When you schedule a PSIRT or End-of-Sale or End-of-Life report, the Report Generator retrieves the data either from Cisco.com or from a local text file with XML data, depending upon the option you have set.

To change the PSIRT or End-of-Sale/End-of-Life report settings:

---

Step 1 Go to Resource Manager Essentials > Admin > Reports

Step 2 Select the PSIRT/EOX Reports option.

The PSIRT/EOX Reports dialog box appears.

Step 3 Either:

•Select Cisco.com, if you want to generate a PSIRT or End-of-Sale or End-of-Life report using data from Cisco.com

For more information, see Generating PSIRT/End-of-Sale/End-of-Life Report using Data from Cisco.com

Or

•Select Local, if you want to generate a PSIRT or End-of-Sale or End-of-Life report using data from local file.

The local file location is shown if you have selected Local.

For more information, see Generating PSIRT/End-of-Sale/End-of-Life Report using Data from Local File Location

Step 4 Click Apply

The PSIRT or End-of-Sale or End-of-Life report can be generated based on the settings specified by you.

---

Generating PSIRT/End-of-Sale/End-of-Life Report using Data from Cisco.com

You can use the Cisco.com option, if you have access to Cisco.com from the LMS server. When you schedule a PSIRT or End-of-Sale or End-of-Life report, the Report Generator retrieves the data from Cisco.com. The report so generated consists of latest data.

---

Note While you schedule a PSIRT Summary report job or End-of-Sale or End-of-Life job using the Cisco.com method, the Cisco.com Username, Cisco.com Password are enabled. If you have configured the Proxy Server (Common Services > Server > Security > Cisco.com Connection Management > Proxy Server Setup) then Proxy Username and Proxy Password fields are also enabled.

---

Generating PSIRT/End-of-Sale/End-of-Life Report using Data from Local File Location

You can use the Local option, if you do not have an internet connection from the RME server. The local file is a text file with XML data in it.

Downloading the text file with XML data from Cisco.com

You can retrieve the PSIRT or End-of-Sale or End-of-Life information from an external server and store it in the local file location on the LMS server.

To download the text file with XML data from Cisco.com:

1. Use a server other than LMS server with internet connection as the external server.

2. From this external server, access the following link to download the XML data:

For EoS/EoL Hardware Report:

1. Go to http://www.cisco.com/cgi-bin/front.x/eox/RME_PSIRT_DETAILS.pl?action=zipdownload

2. Download the PSIRT_EOX_OFFLINE.zip file.

3. Extract the text file with XML data to the external server.

4. Copy the text file from the external server into the LMS Server under:

–On Solaris, /var/adm/CSCOpx/files/rme/jobs/inventory/reports/EOX_PSIRT/local_xml

–On Windows, NMSROOT\files\rme\jobs\inventory\reports\EOX_PSIRT\local_xml

The text file with XML data gets saved under local_xml folder.

Where NMSROOT is the default CiscoWorks installation directory.

For EoS/EoL Software Report:

1. Go to http://www.cisco.com/cgi-bin/front.x/eox/RME_PSIRT_DETAILS.pl?action=eoxsoftware

2. Download the EOX_SOFTWARE.zip file to the external server.

3. Copy the EOX_SOFTWARE.zip file from the external server into the LMS Server under:

–On Solaris, /var/adm/CSCOpx/files/rme/jobs/inventory/reports/EOX_PSIRT/local_xml

–On Windows, NMSROOT\files\rme\jobs\inventory\reports\EOX_PSIRT\local_xml

---

Note You must not extract the EOX_SOFTWARE.zip file in the LMS Server.

---

The EOX_SOFTWARE.zip file gets saved under local_xml folder.

Where NMSROOT is the default CiscoWorks installation directory.

When you schedule a PSIRT or End-of-Sale/End-of-Life report, the Report Generator retrieves the data from the XML file.

To ensure that the data shown in the PSIRT or End-of-Sale or End-of-Life report is the latest:

1. Retrieve the PSIRT or End-of-Sale or End-of-Life information from Cisco.com using an external server which has internet connection.

2. Store this retrieved XML information in the local file location.

3. Then generate a PSIRT Summary Report or End-of-Sale or End-of-Life report.

For more information, see:

–Downloading the text file with XML data from Cisco.com

–Generating a PSIRT Summary Report

–Generating End-of-Sale or End-of-Life Report

Cisco.com Fetch Interval

You can use Cisco.com Fetch Interval to determine the frequency at which the information can be retrieved from Cisco.com for generating:

•PSIRT Summary Report (see Generating a PSIRT Summary Report for more information)

•End-of-Sale/End-of-Life Report (see Generating End-of-Sale or End-of-Life Report for more information)

To set the Cisco.com Fetch interval:

---

Step 1 Select Resource Manager Essentials > Admin > Inventory > Cisco.com Fetch Interval

The Cisco.com Fetch Interval dialog box appears.

Step 2 Select a frequency at which you require the PSIRT information to be retrieved from Cisco.com. The duration can be:

•1 hour

•3 hours

•24 hours. This is the default value

•7 days

•30 days

Step 3 Select a frequency at which you require the End-of-Sale/End-of-Life information to be retrieved from Cisco.com.

The duration can be:

•1 hour

•3 hours

•24 hours

•7 days. This is the default value

•30 days

Step 4 Either:

•Click Apply to apply the changes.

Or

•Click Cancel to revert your selections to the last saved value.

---