JetPatch is integrated with several vulnerability scanners that are constantly being updated. 

You can import vulnerability information in several ways: 

• Importing the report into the JetPatch portal. Works for:
  • Custom CSV format
  • Nessus
  • Any vulnerability system
• Using direct API. Works for:
  • Nexpose

Vulnerability Menu

To control vulnerability scanners in the JetPatch portal : 

1. Go to 'Patches' > 'Patch Catalog'
2. Click the 'Vulnerability' button on the far right corner 

Clear Data

The operation 'Clear Data' will delete all unmanaged patches and endpoints and the link between managed patches and endpoints.

For deleting the report data you can click on "Clear Data" after choosing the requested vulnerability provider.

Import File

The operation 'Import File' will open an interactive upload window, to upload the report generated from the Vulnerability Scanner.

Note - This operation is not applicable for integrations that are using 'Direct API'

Integration Types

Direct API

Note - "Import Data" 

Nexpose

• To learn more about Nexpose integration please visit Import Vulnerabilities via Nexpose

Importing a Report

The default support scanners types are "custom CSV format" and "Nessus" report. The reports should include:

CSV file 

• Import File: You can import a CSV file with patch vulnerability information.
  • The file content should include:
    • IP Address
    • DNS Name
    • Vulnerability ID (Advisory ID)
    • CVE List (Optional) - space-separated list of CVEs
  • Column order - should be in the same order as above
  • Headers - should not be included in the report
• If you would like to add Headers/information to your reports please contact our customer success representative 
• Clear Data - All information that was updated from previously imported reports will be erased   

Example content of CSV file can be:

• endpoint1 - is Linux RHEL7 endpoint 
• endpoint2 - is Windows endpoint

Notes - No headers are needed

The example CSV is also attached at the end of the article.

Nessus

• Import File: You can import a Nessus report.
  • The report must include the following columns:
    • Plugin Name
    • Family
    • IP Address
    • DNS Name
    • Solution
    • CVE (can be empty)
  • Column order - column order is not important
  • Headers - Should exist in the report, with the same titles as above, case-sensitive.
• Clear Data

Example CSV file in Nessus format is attached

General Configuration

Matching criteria between JetPatch and the Vulnerability Scanner (From JetPatch 4.1.0.104)

# Which criteria should records be merged on between JetPatch and Vulnerability Scanner
# Default is all three.  Order does not matter.  Minimum 1, maximum 3
vulnerability.parsers.match.computer.by=hostname,dnsname,ip

Adding Non-Managed Endpoints into JetPatch (From JetPatch 4.1.0.105)

By default, JetPatch will add the non-managed endpoints discovered from the Vulnerability Scanner.

If you would like to turn that off, set the following variable to false.

# Create new non-managed endpoints if discovred in Vulnerability Scanner information
vulnerability.parsers.computer.create.unknown=true

What is "Not In Repository" for a patch?

Some patches might not exist in JetPatch when importing them from a vulnerability system.

In this case, JetPatch can not manage the patches and they are marked "Not In Repository" in the "Approval Status".

How to fix: Updating the WSUS / Linux repositories should fix the problem. JetPatch will get the new updates and remove the "Not In Repository" property.

Additional Notes

1. After a report is imported or the direct API integration is established, the endpoints that are related to the vulnerability scanner will appear in the Endpoint Management table. In some cases, endpoints that arrive from a vulnerability scanner are not managed by JetPatch (they are not discovered by any of the discovery sources). The unmanaged endpoints are not remediated and no action can be performed.  
2. For managed patches and endpoints, JetPatch will add the report data into:
   • "Endpoints > Management" - into "Vulnerability Scan" column
   • "Patches > Patch Catalog" - into "Vulnerability Provider" column
3. Importing a new report into JetPatch will not override the existing reports.