Demo

How to Execute Compliance & Remediation of Vulnerable Features on Cisco IOS XE Devices

Recent zero-day vulnerabilities in Cisco’s IOS XE software have been actively exploited in attacks. Attackers are able to gain administrator privileges and take over vulnerable routers. This affects both physical and virtual devices running with the Web User Interface feature enabled which have either the HTTP or the HTTPS Server feature in use.

Itential customers can use the Itential Automation Platform to execute compliance and remediation for vulnerable Cisco IOS XE devices across all of your network infrastructure. This demo walks through the process in clear steps, enabling users to build and run compliance reports with auto-remediation and email integration.

In this ItentiaLearn demo, you’ll learn how to:

  • Create a device group of Cisco IOS XE devices from your federated network inventory.
  • Create a Golden Configuration policy to detect HTTP and HTTPS configurations on these devices and disallow them.
  • Build an automation workflow responsible for scanning devices for the device group, executing the Golden Configuration policy, generating an HTML report to be sent as an email, performing automated remediation activities, and perform a post-check.
  • Schedule your automation to run daily (or another chosen frequency) with Operations Manager.

Demo Notes

(So you can skip ahead, if you want.)

00:00 Intro & Overview of Demo
01:48 Creating a Device Group with Cisco IOS XE Devices
02:11 Creating a Golden Configuration Policy
03:42 Building an Automation Workflow to Execute Configuration Compliance Actions
13:16 Creating a Manual Trigger to Test the Automation Workflow
14:12 Testing & Reviewing the Automated Process
16:08 Creating a Daily Trigger to Run the Automation