Get-CiscoTechSupport

Automated collection of Cisco tech-support diagnostics with STIG compliance checking and email reporting for DoD network environments.

Overview

Get-CiscoTechSupport automates the collection of diagnostic outputs from Cisco network devices via SSH, with optional STIG (Security Technical Implementation Guide) compliance checking and HTML email notifications. Designed for secure, air-gapped DoD environments.

Key Features

• Automated Tech-Support Collection - Schedule regular diagnostic collection from Cisco routers and switches
• Dual Collection Modes - Device List mode (specific devices) or Discovery mode (auto-discover via CDP/SNMP/ARP)
• Email Notifications - Professional HTML reports with audit metadata and detailed attachments
• STIG Compliance Integration - Automatic checklist generation using Evaluate-STIG
• Air-Gapped Ready - All dependencies embedded, no internet connectivity required
• Secure Credential Storage - Windows DPAPI encryption for credentials and SMTP passwords
• Service Account Execution - Runs as dedicated service account with proper isolation
• Comprehensive Audit Trail - Detailed logging with DoD compliance metadata, including STIG execution logs

Quick Start

1. Download Release

Visit the Releases page and download:

• Install-GetCiscoTechSupport_vX.X.X.ps1 (installer)
• Get-CiscoTechSupport.zip (application archive)

Now, place both files into the same folder (e.g., C:\Temp\Install-GetCiscoTechSupport)

2. Install

# Open PowerShell as Administrator
cd "C:\Temp\Install-GetCiscoTechSupport"
.\Install-GetCiscoTechSupport_vX.X.X.ps1 -ArchivePath .\Get-CiscoTechSupport.zip

If you want to install to a different location, pass the -InstallPath parameter (like this):

# Open PowerShell as Administrator
cd "C:\Temp\Install-GetCiscoTechSupport"
.\Install-GetCiscoTechSupport_vX.X.X.ps1 -ArchivePath .\Get-CiscoTechSupport.zip -InstallPath "C:\Admin\Scripts\Get-CiscoTechSupport"

3. Configure via Interactive Prompts

The installer guides you through:

• Installation path (default: C:\Scripts\Get-CiscoTechSupport)
• Service account (account that runs the scheduled task)
• Device credentials (Cisco username/password for device access)
• Collection mode (Device List or Discovery)
• Schedule (Daily, Weekly, or Monthly)
• Email notifications (optional)
• Evaluate-STIG integration (optional)

4. Setup Credentials (necessary, only if, you decline to have the installation script set it up)

After installation, configure device credentials as the service account:

cd "C:\Scripts\Get-CiscoTechSupport"
.\Python3\python.exe get-ciscotechsupport.py --save-credentials

5. Verify

Check the scheduled task was created:

# View collection tasks
Get-ScheduledTask -TaskName "Cisco TechSupport Collector*" | Format-Table TaskName, State

# View STIG task (if installed)
Get-ScheduledTask -TaskName "Cisco STIG Checklist Generator" -ErrorAction SilentlyContinue | Format-Table TaskName, State

System Requirements

Core Requirements

• OS: Windows 10/11 or Windows Server 2016+
• PowerShell: 5.1+ (for installation)
• Network: SSH access to Cisco devices (port 22)
• Privileges: Administrator (for installation only)
• Service Account: Dedicated account for scheduled execution

Optional Features

• STIG Compliance: PowerShell 7.x + Evaluate-STIG script
• Email Notifications: SMTP server access (SSL/TLS/STARTTLS supported)

Collection Modes

Device List Mode

Collects from specific devices defined in devices.txt:

10.0.0.1
10.0.0.2
router.domain.com

Discovery Mode

Auto-discovers Cisco devices using:

• CDP Discovery (recommended) - Queries gateway for network topology
• Hybrid - CDP + SNMP for thorough discovery
• SNMP Scan - Scans specific subnet
• ARP Discovery - Parses local ARP table

Email Notifications

Professional HTML email reports include:

• Executive Summary - Success/failure counts with color-coded stats
• Audit Metadata - DoD compliance fields (user, timestamp, hostname, domain, etc.)
• Device Details - Status and results for each device
• Detailed Attachment - Full HTML report with complete audit trail

Email Configuration

Configured during installation or via installer parameters:

Server & Connection:

• SMTPServer - SMTP server hostname or IP (required)
• SMTPPort - SMTP port number (default: 587)
• SMTPUseSSL - Use SSL implicit encryption (port 465)
• SMTPUseStartTLS - Use STARTTLS explicit encryption (port 587)

Addresses:

• EmailFrom - Sender email address (required)
• EmailTo - Recipient addresses, comma-separated (required)
• EmailSubject - Custom subject (optional, auto-dated if not specified)

Authentication:

• SMTPCredential - PSCredential for SMTP authentication (optional)
• Credentials stored encrypted via DPAPI in .smtp_credentials

Output Structure

C:\Scripts\Get-CiscoTechSupport\
├── get-ciscotechsupport.py              # Main collection script
├── Install-GetCiscoTechSupport.ps1      # Installer script
├── Invoke-EvaluateSTIG.ps1              # STIG wrapper (created during install)
├── devices.txt                          # Device list (DeviceList mode)
├── .cisco_credentials                   # Encrypted credentials (DPAPI)
├── .smtp_credentials                    # Encrypted SMTP creds (DPAPI, optional)
│
├── templates\                           # Email templates
│   └── email_template.html              # HTML email template
│
├── Results\                             # Tech-support output files
│   ├── DEVICE01_10.0.1.1_20251218_030001_tech-support.txt
│   ├── DEVICE02_10.0.1.2_20251218_030245_tech-support.txt
│   │   (Format: HOSTNAME_IP_YYYYMMDD_HHMMSS_tech-support.txt)
│   └── STIG_Checklists\                # STIG outputs (optional)
│       ├── DEVICE01.cklb
│       ├── DEVICE02.cklb
│       └── Combined_Summary.xlsx
│
└── Logs\                                # Collection and operational logs
    ├── collection.log                                     # Collection execution log
    ├── hosts_offline.log                                  # Failed device connections
    ├── console-output.log                                 # Python console output
    └── Invoke-EvaluateSTIG-20251225-040000.log           # STIG logs (monthly)

C:\Logs\                                 # Installation logs (separate location)
└── Get-CiscoTechSupport-Install-20251218-060000.log  # Installation log

Advanced Installation

Silent Installation

$svcAcctCred = Get-Credential -Message "Enter service account credentials"
.\Install-GetCiscoTechSupport.ps1 `
    -ArchivePath ".\Get-CiscoTechSupport.zip" `
    -InstallPath "C:\Scripts\Get-CiscoTechSupport" `
    -ServiceAccountCredential $svcAcctCred `
    -ScheduleType Weekly `
    -ScheduleTime "03:00"

With STIG Integration

$svcAcctCred = Get-Credential -Message "Enter service account credentials"
.\Install-GetCiscoTechSupport.ps1 `
    -ArchivePath ".\Get-CiscoTechSupport.zip" `
    -EnableEvaluateSTIG `
    -EvaluateSTIGPath "C:\STIGS\Evaluate-STIG\Evaluate-STIG.ps1" `
    -EvaluateSTIGScheduleDay 1 `
    -EvaluateSTIGScheduleTime "04:00"

With STIG Integration and Email Notification

$svcAcctCred = Get-Credential -Message "Enter service account credentials"
$smtpCred = Get-Credential -Message "Enter SMTP credentials"
.\Install-GetCiscoTechSupport.ps1 `
    -ArchivePath ".\Get-CiscoTechSupport.zip" `
    -ServiceAccountCredential $svcAcctCred `
    -EnableEvaluateSTIG `
    -EvaluateSTIGPath "C:\STIGS\Evaluate-STIG\Evaluate-STIG.ps1" `
    -EvaluateSTIGScheduleDay 1 `
    -EvaluateSTIGScheduleTime "04:00" `
    -EnableEmail `
    -SMTPServer "smtp.example.com" `
    -SMTPPort 587 `
    -SMTPUseStartTLS `
    -EmailFrom "cisco-collector@example.com" `
    -EmailTo "netadmin@example.com,noc@example.com" `
    -EmailSubject "Cisco Collection Report" `
    -SMTPCredential $smtpCred

Multiple Collection Modes

Run both Device List and Discovery modes simultaneously by installing twice with different modes. The installer handles conflict detection automatically.

Uninstallation

.\Install-GetCiscoTechSupport.ps1 -Uninstall

Removes:

• Installation directory and scripts (except user data)
• All scheduled tasks (DeviceList, Discovery, STIG)
• Embedded Python distribution
• Wrapper scripts (Invoke-EvaluateSTIG.ps1)

Preserves (must delete manually if needed):

• Credentials (.cisco_credentials, .smtp_credentials)
• Device list (devices.txt)
• Collection outputs (Results\ directory)
• Logs (Logs\ directory)

Security & Compliance

Credential Security

• Windows DPAPI encryption - Machine and user-specific encryption
• Service account isolation - Credentials only accessible by service account
• File ACL protection - Hidden files with restricted permissions
• No cleartext storage - All passwords encrypted at rest

Network Security

• SSH encryption - All device communication over SSH
• SMTP TLS/SSL - Encrypted email transport
• SNMP v3 support - Encrypted SNMP discovery
• No credential logging - Passwords never logged or transmitted in clear

DoD Compliance

• STIG V-253289 - Secondary Logon service properly managed
• Audit trail - Complete metadata in all outputs and emails
• RMF requirements - Logging, encryption, least privilege
• Air-gapped deployment - No internet connectivity required

For detailed security documentation, see ARCHITECTURE.md

Documentation

• ARCHITECTURE.md - Technical architecture, security, and design details
• CHANGELOG.md - Version history and release notes
• Wiki - Detailed guides and troubleshooting (coming soon)

Planned Wiki Pages

• Installation Guide (detailed walkthrough)
• Configuration Reference (all parameters)
• Discovery Mode Setup
• Email Configuration Guide
• STIG Integration Guide
• Troubleshooting Guide
• Security Best Practices
• Development & Contributing

Contributing

Contributions are welcome! Please see our community standards documentation:

• CONTRIBUTING.md - Development guidelines, coding standards, and testing requirements
• SECURITY.md - Security vulnerability reporting and DoD deployment guidance
• CODE_OF_CONDUCT.md - Community standards and expected behavior

Before submitting a pull request:

• Read the contribution guidelines thoroughly
• Complete all security testing requirements
• Verify air-gap compatibility is maintained
• Update documentation (README, ARCHITECTURE, CHANGELOG)
• Test with service account (not current user context)
• Ensure NO credentials in code, logs, or commits

For questions and support:

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Releases: Latest Releases
• Email: KismetG17@gmail.com

Troubleshooting

Quick Diagnostics

Installation Log: C:\Logs\Get-CiscoTechSupport-Install_YYYYMMDD-HHMMSS.log Collection Log: C:\Scripts\Get-CiscoTechSupport\Logs\collection_YYYY-MM-DD.log

Common Issues

Issue	Solution
"Administrator privileges required"	Run PowerShell as Administrator
"Archive path not found"	Verify .zip file location
"No devices found" (discovery)	Check CDP/SNMP configuration
"SSH timeout"	Verify firewall rules and device SSH access
"PowerShell 7 not found" (STIG)	Install PowerShell 7.x
"Exit code 0x1" (STIG task)	Check STIG wrapper script path and parameters in task
"Email send failed"	Check SMTP server, port, credentials, network connectivity
"AttributeError during email"	Update to latest version or reinstall

For detailed troubleshooting, see the Wiki (coming soon)

Version History

Current Version: 0.0.7 (Released 2025-12-25)

Key Features by Version:

• v0.0.7: STIG execution logging wrapper
• v0.0.6: Email notification system
• v0.0.5: Evaluate-STIG integration
• v0.0.4: Service account automation
• v0.0.3: Installation and task creation
• v0.0.2: Python runtime and discovery modes
• v0.0.1: Initial release

See CHANGELOG.md for detailed version history and fixes.

License

MIT License Copyright (c) 2025 Kismet Agbasi

Acknowledgments

• Evaluate-STIG - STIG compliance tool integration
• Netmiko - Python SSH library for Cisco devices
• PySNMP - SNMP library for network discovery
• Jinja2 - HTML template engine for email reports

---

IMPORTANT: This tool is designed for authorized network administration only. Ensure proper authorization before scanning or collecting data from network devices.