For Agents
Pull Cisco security advisories in CVRF or OVAL format by CVE, severity, year, or product, so an agent can triage Cisco vulnerabilities and feed them into a SIEM or ticketing system.
Get started with Cisco PSIRT openVuln API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"find a Cisco security advisory by CVE"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Cisco PSIRT openVuln API API.
Retrieve a specific Cisco security advisory in CVRF format by advisory ID
Look up Cisco advisories by CVE ID to map a public CVE to Cisco's response
Filter advisories by severity (critical, high, medium, low) for prioritised triage
Pull advisories by year for batch ingestion into a vulnerability tracker
GET STARTED
Use for: Find the Cisco advisory for CVE-2024-20399, List all critical Cisco advisories published this year, Get the OVAL definition for a Cisco IOS XE vulnerability, Retrieve the latest 10 Cisco security advisories
Not supported: Does not handle device configuration, network telemetry, or non-Cisco vulnerability data — use for retrieving Cisco PSIRT security advisories only.
Jentic publishes the only available OpenAPI document for Cisco PSIRT openVuln API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Cisco PSIRT openVuln API, keeping it validated and agent-ready. The Cisco PSIRT openVuln API delivers Cisco Security Vulnerability information in machine-consumable formats (CVRF and OVAL), so security teams and AI agents can monitor advisories without scraping the Cisco website. It exposes 19 GET endpoints that retrieve advisories by CVE ID, advisory ID, severity, year, product, and IOS/IOS XE platform. Access is OAuth 2.0 client-credentials, with tokens issued by cloudsso.cisco.com after registering an application at apiconsole.cisco.com.
Retrieve advisories that affect a specific Cisco product or IOS/IOS XE release
Fetch the latest N CVRF or OVAL advisories for daily monitoring jobs
Patterns agents use Cisco PSIRT openVuln API API for, with concrete tasks.
★ Daily Cisco vulnerability ingest into a SIEM
A security operations team polls /security/advisories/cvrf/latest/{number} every morning to pull the latest Cisco advisories, parses the CVRF XML, and forwards critical and high-severity items into the SIEM as detection rules. The OAuth client-credentials flow makes this safe to run unattended on a scheduler.
Call GET /security/advisories/cvrf/latest/10, filter the response to advisories with severity 'Critical' or 'High', and forward each one to the SIEM ingestion endpoint.
CVE-to-Cisco-advisory lookup during incident response
When a public CVE is reported, an analyst or agent calls /security/advisories/cvrf/cve/{cve_id} to find Cisco's advisory for that CVE, including affected products, fixed releases, and workarounds. This shortens the time from CVE disclosure to a remediation plan from hours to seconds.
Call GET /security/advisories/cvrf/cve/CVE-2024-20399 and return the advisory ID, affected products, and fixed releases.
IOS and IOS XE platform-specific vulnerability scan
Network teams use /security/advisories/ios and /security/advisories/iosxe to retrieve advisories that specifically affect IOS or IOS XE, then cross-reference the affected releases against their inventory of running images. This drives prioritised firmware upgrades on routers and switches.
Call GET /security/advisories/iosxe, extract the list of affected IOS XE releases, and produce an upgrade priority list for the network team.
AI agent vulnerability triage via Jentic
An AI agent connected to Jentic searches for 'find Cisco advisory by CVE', loads the schema for /security/advisories/cvrf/cve/{cve_id}, and executes the call as part of a larger triage workflow that also queries NVD and the customer's asset inventory. Jentic resolves the OAuth token transparently — the agent never sees the client_secret.
Through Jentic, search 'find Cisco advisory by CVE', load the schema for the CVE lookup endpoint, and execute it with CVE-2024-20399 to retrieve the matching advisory.
19 endpoints — jentic publishes the only available openapi specification for cisco psirt openvuln api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/security/advisories/cvrf/advisory/{advisory_id}
Get a CVRF advisory by ID
/security/advisories/cvrf/cve/{cve_id}
Look up advisories by CVE ID
/security/advisories/cvrf/severity/{severity}
List advisories by severity
/security/advisories/cvrf/latest/{number}
Get the latest N advisories
/security/advisories/cvrf/year/{year}
List advisories published in a given year
/security/advisories/ios
List IOS advisories
/security/advisories/iosxe
List IOS XE advisories
/security/advisories/oval/cve/{cve_id}
Get OVAL definitions by CVE ID
/security/advisories/cvrf/advisory/{advisory_id}
Get a CVRF advisory by ID
/security/advisories/cvrf/cve/{cve_id}
Look up advisories by CVE ID
/security/advisories/cvrf/severity/{severity}
List advisories by severity
/security/advisories/cvrf/latest/{number}
Get the latest N advisories
/security/advisories/cvrf/year/{year}
List advisories published in a given year
Three things that make agents converge on Jentic-routed access.
Credential isolation
The Cisco PSIRT client_id and client_secret are stored encrypted in the Jentic vault (MAXsystem). Jentic performs the OAuth token exchange and injects the bearer token at execution time — neither secret enters the agent's context.
Intent-based discovery
Agents search by intent (e.g. 'find Cisco advisory by CVE') and Jentic returns the matching PSIRT operation with its input schema, so the agent calls the right endpoint without parsing the developer portal.
Time to first call
Direct Cisco PSIRT integration: 1-2 days for app registration, OAuth client-credentials handling, and CVRF parsing. Through Jentic: under an hour — search, load schema, execute.
Alternatives and complements available in the Jentic catalogue.
CIRCL CVE Search
Open CVE database for cross-referencing Cisco advisories with NVD data
Use CIRCL CVE Search alongside Cisco PSIRT to enrich a Cisco advisory with the broader CVSS and CWE data from NVD.
GitHub API
Used to file a remediation issue or PR after a Cisco advisory triage
Use GitHub when the next step after a Cisco advisory lookup is filing a tracking issue in the platform team's repo.
Splunk API
SIEM destination for Cisco advisory feeds and detection content
Use Splunk when forwarding parsed Cisco advisories into a SIEM for correlation against existing detections.
Specific to using Cisco PSIRT openVuln API API through Jentic.
Why is there no official OpenAPI spec for Cisco PSIRT openVuln API?
Cisco does not publish an OpenAPI specification for the PSIRT openVuln API. Jentic generates and maintains this spec so that AI agents and developers can call Cisco PSIRT openVuln API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the Cisco PSIRT openVuln API use?
It uses OAuth 2.0 client-credentials. You register an application at apiconsole.cisco.com to obtain a client_id and client_secret, exchange them for a bearer token at https://cloudsso.cisco.com/as/token.oauth2, and send the token as Authorization: Bearer <token>. Through Jentic, the client_id and client_secret stay in the MAXsystem vault.
Can I look up Cisco advisories by a public CVE ID?
Yes. GET /security/advisories/cvrf/cve/{cve_id} returns the CVRF advisory matching that CVE, including affected Cisco products, severity, and fixed releases. There is also an OVAL equivalent at /security/advisories/oval/cve/{cve_id} for scanner-friendly output.
What are the rate limits for the Cisco PSIRT openVuln API?
The OpenAPI spec does not declare explicit rate limits. Cisco's documented guidance is to respect 429 responses and back off; for production polling, schedule the /latest/{number} endpoint at most once every few minutes rather than continuous polling.
Can I retrieve advisories that only affect IOS or IOS XE?
Yes. The dedicated GET /security/advisories/ios and GET /security/advisories/iosxe endpoints return advisories affecting those network operating systems specifically, which is more efficient than filtering the full advisory feed.
How do I monitor new Cisco advisories from an AI agent through Jentic?
Run pip install jentic, have the agent search 'list latest Cisco security advisories', load the schema for GET /security/advisories/cvrf/latest/{number}, and execute it on a schedule. Jentic refreshes the OAuth token automatically — the agent only sees the JSON response.
/security/advisories/ios
List IOS advisories
/security/advisories/iosxe
List IOS XE advisories
/security/advisories/oval/cve/{cve_id}
Get OVAL definitions by CVE ID