Blog Post

Product Blog
2 MIN READ

How to Utilize the SL1 ‘RSS Feeds’ Feature to Simplify Industry Alert Collection

lkoepping's avatar
lkoepping
Icon for Moderator rankModerator
9 months ago

It's important to be aware of end of life (EOL) or end of support (EOS) notices affecting devices in your IT estate and worrying about missing critical vulnerability notices or common vulnerabilities and exposures (CVE) alerts isn’t very fun. The good news is, ScienceLogic SL1 has something that can help. Instead of chasing website postings, emails, or combing forums, leverage SL1 to bring the information to you using ‘RSS Feeds’ subscriptions. 

SL1 can monitor RSS news feed sites often available through most manufacturers including USCert, DHS CISA, and more. Using a feature called ‘RSS Feeds’ (configured under Events), SL1 will reach out to configured sources, pull available postings into the system, and present them individually as ‘notice’ events in the event console. 

Configuring the feature is easily done under Events -> RSS Feeds. Simply create a new event feed using a URL, align it to an organization, choose to represent it in the event console, and choose a collector to poll for the feed. It’s that easy! 

‘RSS Feeds’ uses and internal collection that runs every 10-minutes using the ‘Data Collection: RSS Event Feed’ admin process (found under System -> Admin Processes) and utilizes the event policy ‘Syndication: News Feed’ as the mechanism to collect and present in the event console. Changes to the admin process can alter frequency and changes to the event policy can affect event duration and criticality, which is defaulted to ‘Notice’ and auto expires after 15-minutes. 

A common use case is to create a dedicated organization for ease of tracking and visibility then change the event expiration to 30-minutes. I often follow these steps: 

  1. Add an organization called ‘Industry Alerts’ 
  2. Subscribe to various original equipment manufacturer (OEM) EOL or EOS feeds  
  3. Use a Cybersecurity and Infrastructure Security Agency (CISA) feed for security and vulnerability alerts using ‘https://www.cisa.gov/cybersecurity-advisories/all.xml’ as the feed source 

Most sources of good information are easily found by searching the OEM site or looking for sources in a search engine to find ones relevant to your organization. An example might be ‘Cisco RSS Feed.’ 

Operational policies using SL1 ‘Events’ to search devices and software versions, etc., can then make quick work of identifying what’s affected in your environment. Then begins a change management process to update or configure your event feed based on the information referenced from your feed source.  

Isolating all feeds or events to a dedicated organization in SL1 makes it easy to create a dashboard or simply reference the information in a single place. Gone are the days of chasing sites, email, or forums to find critical information that could affect your IT estate. 

To learn more about how to simplify industry alert collection using SL1, check out our documentation on RSS Feeds and Events.  

Updated 9 months ago
Version 3.0
  • It would be fantastic to know how many customers are using the RSS feed feature within ScienceLogic for the use case Lee outlined above,, and I would be even more interested to know if you have other use cases you utilize this feature for as well. Thanks Community.