The IntelliShieldService has two API calls associated to this service:
This API service call gets all IntelliShield Alerts for the specified customer, inventory and devices.
The input data (customer ID, inventory ID, and device ID) were obtained from the data returned in the first two Inventory API service calls (for more information see the "Manual Process Overview for API Service Calls" section).
It is recommended to use deviceIds as a parameter for request.
| Parameter | Required | Type | Description |
|---|---|---|---|
| customerID | Yes | string | This parameter is returned in the API service call getCustomersInventoryIds. customerId is the ID of the Entitlement Company. |
| inventoryId | Yes | string | This parameter was returned in the API service call getCustomersInventoryIds. inventoryId identifies the inventory whose data will be accessed for the chassis & card level details. |
| deviceIds | Optional | string | The deviceIds input can be zero or more. When not providing the deviceIds, the api will return a full collection of data for that given InventoryID, for that given CustomerId, of that given PartyGUID; all the devices collected for that inventory will be returned. |
| Parameter | Type | Length | Description |
|---|---|---|---|
| deviceId | string | 22 | Id of the device that the IntelliShield alert is related to. |
| isId | string | 22 | Id of the IntelliShield alert. |
responseTimestamp
| Parameter | Type | Length | Description |
|---|---|---|---|
| date | DATE | The time stamp indicates when this service call was performed. |
message[ ]
| Parameter | Type | Length | Description |
|---|---|---|---|
| See Message Format section for more details. | |||
| messageType | string | 255 | |
| messageDetail | string | 255 |
POST https://api.cisco.com/pss/v1.0/ISAlertService HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "getIS"
Authorization: Bearer yh4xkpx7cbgy6wqynre4wf4r
‹soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:isal="http://www.cisco.com/ISAlertService"›
‹soapenv:Header/›
‹soapenv:Body›
‹isal:ISRequestInput›
‹isal:customerId›109757‹/isal:customerId›
‹isal:inventoryId›15224‹/isal:inventoryId›
‹!--Zero or more repetitions:--›
‹isal:deviceIds›‹/isal:deviceIds›
‹/isal:ISRequestInput›
‹/soapenv:Body›
‹/soapenv:Envelope›
HTTP/1.1 200 OK
Date: Wed, 03 Apr 2013 14:48:06 GMT
Server: IBM_HTTP_Server
Cache-Control: private
Pragma: private
Cache-Control: max-age=0
Expires: Wed, 03 Apr 2013 14:48:06 GMT
Content-Type: text/xml; charset=UTF-8
Content-Language: en-US
X-Mashery-Responder: APIX-PROD-03
Set-Cookie: TOOLS-Loc=tools1.cisco.com; path=/; domain=.cisco.com
Set-Cookie: ObSSOCookie=lrnJklhiPbYNmiMciqiDnpUgjHiZb%2BPoq6dautzOdFnrjxkkerQIGeE%2FeYTypUNvTqnd%2F2sRqOqvGIUsBGeEgNkx8BCcRI1ttDtjIKEnqWevFLbwnts43Ppeywyh%2Bs%2F%2FteuBDp6LBM1by2RsMHHcAR%2FUkWlgJXWY5w0XbAtcGFLNLbVXLKnG0tmmEgPCBN5h8otWX7ypqq1D5iQ%2BUEahNsbLQZTiNfdGNxzuhERBuSjyJaZrPobKH3KHPsgzgf0LXNI0ryCHYK7tIrKC3%2B8t9nPTFwBxCwyP%2BYb9BMBcHGSZpMSc%2BS%2Bm9MjfuBlWM%2F0nsLyER9HzaWNm3CShMKpz09tX436vN50ohLx2Dovq94%2B4KWTFi%2F47depbe3puzqda; path=/; domain=.cisco.com;
Connection: close
Transfer-Encoding: chunked
‹soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"›
‹soapenv:Body›
‹is:ISResponseOutput xmlns:is="http://www.cisco.com/ISAlertService" xmlns:fn="http://www.cisco.com/FNAlertService" xmlns:hweox="http://www.cisco.com/HwEoxAlertService"
xmlns:inv="http://www.cisco.com/InventoryService" xmlns:sweox="http://www.cisco.com/SwEoxAlertService" xmlns:w3c="http://www.w3.org/2001/XMLSchema-instance" xmlns:psirt="http://www.cisco.com/PSIRTAlertService" xmlns:con="http://www.cisco.com/ContractService"›
‹is:DeviceISResponseDTO›
‹is:deviceId›3740239‹/is:deviceId›
‹is:deviceIS›
‹is:isId›24127‹/is:isId›
‹/is:deviceIS›
‹is:deviceIS›
‹is:isId›24129‹/is:isId›
‹/is:deviceIS›
‹is:deviceIS›
‹is:isId›24130‹/is:isId›
‹/is:deviceIS›
‹/is:DeviceISResponseDTO›
...
‹is:responseTimestamp›2013-04-03T07:48:06.549-07:00‹/is:responseTimestamp›
‹is:message›
‹is:messageType›SUCCESS‹/is:messageType›
‹is:messageDetail›Successfully got the alerts ids‹/is:messageDetail›
‹/is:message›
‹/is:ISResponseOutput›
‹/soapenv:Body›
‹/soapenv:Envelope›
This API call fetches information about selected IntelliShield alerts.
| Parameter | Required | Type | Description |
|---|---|---|---|
| isIds | Yes | string | This parameter is returned in the API service call getIS. |
| Parameter | Type | Length | Description |
|---|---|---|---|
| isId | string | 22 | IntelliShield alert id number. |
| psirtId | string | 22 | PSIRT id number. |
| headlineName | string | 4000 | Headline name of the IntelliShield alert. |
| credibilityCD | string | 22 | Credibility Score. |
| credibilityDescription | string | 128 | Credibility description for the IntelliShield alert. |
| severityCD | string | 22 | Severity Score. |
| severityDescription | string | 128 | Severity description for the IntelliShield alert. |
| urgencyCD | string | 22 | Urgency Score. |
| urgencyDescription | string | 128 | Urgency description for the IntelliShield alert. |
| firstPublishedDate | date | DATE | Date the IntelliShield alert was first published. |
| lastPublishedDate | date | DATE | Date the IntelliShield alert was last updated. |
| status | string | 38 | Current status of the IntelliShield alert. |
| versionNumber | string | 10 | Version number of the IntelliShield alert. |
| isURL | string | 4000 | URL of the IntelliShield alert. |
| versionSummaryText | string | CLOB (4 GB) |
Summary text for the IntelliShield alert. |
| threatCategoryDescription | string | 200 | Threat category description for the IntelliShield alert. |
| threatTechniqueDescription | string | 200 | Threat technique description for the IntelliShield alert. |
| cvssVectorName | string | 200 | Common Vulnerability Scoring System (CVSS) vector name. |
| cvssAuthenticationName | string | 200 | CVSS authentication name. |
| cvssExploitName | string | 200 | CVSS Exploitability name. |
| cvssBaseScoreAmount | string | 13 | CVSS base score (ranges 0 to 10). |
| cvssTemporalScoreAmount | string | 13 | CVSS temporal Score (ranges from 0 to 10). |
| cvssScoreVersionNumber | string | 10 | CVSS Version Number. |
responseTimestamp
| Parameter | Type | Length | Description |
|---|---|---|---|
| date | DATE | The time stamp indicates when this service call was performed. |
message[ ]
| Parameter | Type | Length | Description |
|---|---|---|---|
| See Message Format section for more details. | |||
| messageType | string | 255 | |
| messageDetail | string | 255 |
Note:
| CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a vector, a compressed textual representation that reflects the values used to derive the score. |
POST https://api.cisco.com/pss/v1.0/ISAlertService HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "getISDetails"
Authorization: Bearer yh4xkpx7cbgy6wqynre4wf4r
‹soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:isal="http://www.cisco.com/ISAlertService"›
‹soapenv:Header/›
‹soapenv:Body›
‹isal:ISDetailsRequestInput›
‹isal:isIds›
‹!--1 or more repetitions:--›
‹isal:isId›24127‹/isal:isId›
‹/isal:isIds›
‹/isal:ISDetailsRequestInput›
‹/soapenv:Body›
‹/soapenv:Envelope›
HTTP/1.1 200 OK
Date: Wed, 03 Apr 2013 14:51:10 GMT
Server: IBM_HTTP_Server
X-Mashery-Responder: APIX-PROD-04
Cache-Control: private
Pragma: private
Content-Type: text/xml; charset=UTF-8
Content-Language: en-US
Cache-Control: max-age=0
Expires: Wed, 03 Apr 2013 14:51:10 GMT
Set-Cookie: TOOLS-Loc=tools1.cisco.com; path=/; domain=.cisco.com
Set-Cookie: ObSSOCookie=nBrHKKpKNcyo6F0tlf5in1hv%2B%2BALDJnw9YTs43TH6ukFEGSm%2FGe3ItmwBvzNRMRZbB3gynR7FI0eN9oZte%2BDdZmafVDkVfKRMium1sSUBCJJeSJx6fruD3cxngNhA0IYi95HD%2Be07bO8vK%2BCjN4VpY%2BqE8FVGr71EFIv5YnOhv1aPcIBnLSIU%2FqxNcH4hwXHgfrMCm1NfzIAnfcCKeMAympXRZA9w%2FJlSQ5ufz%2F%2FmgW2lYzLGAqb0gmvFl%2BLUEw6%2F3MY8b5usrFYYfrlEBgNBwvOK2KL%2FS2kwqny85Znl3d2dnmrkJ%2F80bhIkRmJpthwFPY6LepA00bFQY3qKwxJxb9hcD2TnN7vYIBiIFfeO7BVlIJnWE0bKnFQtjI%2Bc9sp; path=/; domain=.cisco.com;
Connection: close
Transfer-Encoding: chunked
‹soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"›
‹soapenv:Body›
‹is:ISDetailsResponseOutput xmlns:is="http://www.cisco.com/ISAlertService"
xmlns:fn="http://www.cisco.com/FNAlertService"
xmlns:hweox="http://www.cisco.com/HwEoxAlertService"
xmlns:inv="http://www.cisco.com/InventoryService"
xmlns:sweox="http://www.cisco.com/SwEoxAlertService"
xmlns:w3c="http://www.w3.org/2001/XMLSchema-instance"
xmlns:psirt="http://www.cisco.com/PSIRTAlertService"
xmlns:con="http://www.cisco.com/ContractService"›
‹is:ISDetailsDTO›
‹is:isId›24127‹/is:isId›
‹is:psirtId›308‹/is:psirtId›
‹is:headlineName›Cisco IOS Software Session Initiation Protocol Packet Processing Denial of Service Vulnerability‹/is:headlineName›
‹is:credibilityCD›5‹/is:credibilityCD›
‹is:credibilityDescription›Confirmed‹/is:credibilityDescription›
‹is:severityCD›3‹/is:severityCD›
‹is:severityDescription›Mild Damage‹/is:severityDescription›
‹is:urgencyCD›2‹/is:urgencyCD›
‹is:urgencyDescription›Unlikely Use‹/is:urgencyDescription›
‹is:firstPublishedDate›2011-09-28T00:00:00.000‹/is:firstPublishedDate›
‹is:lastPublishedDate›2011-09-28T00:00:00.000‹/is:lastPublishedDate›
‹is:status›NEW‹/is:status›
‹is:versionNumber›1‹/is:versionNumber›
‹is:isURL›http://tools.cisco.com/security/center/viewAlert.x?alertId=24127‹/is:isURL›
‹is:versionSummaryText›text‹/is:versionSummaryText›
‹is:threatCategoryDescription›Unintended Weakness‹/is:threatCategoryDescription›
‹is:threatTechniqueDescription›Denial of Service‹/is:threatTechniqueDescription›
‹is:cvssBaseScoreAmount›0‹/is:cvssBaseScoreAmount›
‹is:cvssTemporalScoreAmount›0‹/is:cvssTemporalScoreAmount›
‹/is:ISDetailsDTO›
‹is:responseTimestamp›2013-04-03T07:51:10.608-07:00‹/is:responseTimestamp›
‹is:message›
‹is:messageType›SUCCESS‹/is:messageType›
‹is:messageDetail›Successfully got the alert details‹/is:messageDetail›
‹/is:message›
‹/is:ISDetailsResponseOutput›
‹/soapenv:Body›
‹/soapenv:Envelope›
©2016 Cisco Systems, Inc. · All Rights Reserved · This site is Cisco Confidential. For Cisco Field and Channel Partner use only. Not for public distribution.