JetPatch is integrated with several vulnerability scanners that are constantly being updated.
You can import vulnerability information in several ways:
- Importing the report into the JetPatch portal. Works for:
- Custom CSV format
- Nessus
- Any vulnerability system
- Using direct API. Works for:
- Nexpose
Vulnerability Menu
To control vulnerability scanners in the JetPatch portal :
- Go to 'Patches' > 'Patch Catalog'
- Click the 'Vulnerability' button on the far right corner
Clear Data
The operation 'Clear Data' will delete all unmanaged patches and endpoints and the link between managed patches and endpoints.
For deleting the report data you can click on "Clear Data" after choosing the requested vulnerability provider.
Import File
The operation 'Import File' will open an interactive upload window, to upload the report generated from the Vulnerability Scanner.
Note - This operation is not applicable for integrations that are using 'Direct API'
Integration Types
Direct API
Note - "Import Data"
Nexpose
- To learn more about Nexpose integration please visit Import Vulnerabilities via Nexpose
Importing a Report
The default support scanners types are "custom CSV format" and "Nessus" report. The reports should include:
CSV file
- Import File: You can import a CSV file with patch vulnerability information.
- The file content should include:
- IP Address
- DNS Name
- Vulnerability ID (Advisory ID)
- CVE List (Optional) - space-separated list of CVEs
- Column order - should be in the same order as above
- Headers - should not be included in the report
- The file content should include:
- If you would like to add Headers/information to your reports please contact our customer success representative
- Clear Data - All information that was updated from previously imported reports will be erased
Example content of CSV file can be:
30.30.0.1 | endpoint1.domain.com | RHSA-2020:4076 |
30.30.0.1 | endpoint1.domain.com | RHSA-2020:4060 |
30.30.0.1 | endpoint1.domain.com | RHSA-2020:4007 |
30.30.0.2 | endpoint2.domain.com | KB4577010 |
30.30.0.2 | endpoint2.domain.com | KB4577066 |
- endpoint1 - is Linux RHEL7 endpoint
- endpoint2 - is Windows endpoint
Notes - No headers are needed
The example CSV is also attached at the end of the article.
Nessus
- Import File: You can import a Nessus report.
- The report must include the following columns:
- Plugin Name
- Family
- IP Address
- DNS Name
- Solution
- CVE (can be empty)
- Column order - column order is not important
- Headers - Should exist in the report, with the same titles as above, case-sensitive.
- The report must include the following columns:
- Clear Data
Example CSV file in Nessus format is attached
General Configuration
Matching criteria between JetPatch and the Vulnerability Scanner (From JetPatch 4.1.0.104)
# Which criteria should records be merged on between JetPatch and Vulnerability Scanner
# Default is all three. Order does not matter. Minimum 1, maximum 3
vulnerability.parsers.match.computer.by=hostname,dnsname,ip
Adding Non-Managed Endpoints into JetPatch (From JetPatch 4.1.0.105)
By default, JetPatch will add the non-managed endpoints discovered from the Vulnerability Scanner.
If you would like to turn that off, set the following variable to false.
# Create new non-managed endpoints if discovred in Vulnerability Scanner information
vulnerability.parsers.computer.create.unknown=true
What is "Not In Repository" for a patch?
Some patches might not exist in JetPatch when importing them from a vulnerability system.
In this case, JetPatch can not manage the patches and they are marked "Not In Repository" in the "Approval Status".
How to fix: Updating the WSUS / Linux repositories should fix the problem. JetPatch will get the new updates and remove the "Not In Repository" property.
Additional Notes
- After a report is imported or the direct API integration is established, the endpoints that are related to the vulnerability scanner will appear in the Endpoint Management table. In some cases, endpoints that arrive from a vulnerability scanner are not managed by JetPatch (they are not discovered by any of the discovery sources). The unmanaged endpoints are not remediated and no action can be performed.
- For managed patches and endpoints, JetPatch will add the report data into:
- "Endpoints > Management" - into "Vulnerability Scan" column
- "Patches > Patch Catalog" - into "Vulnerability Provider" column
- Importing a new report into JetPatch will not override the existing reports.
Comments
0 comments
Please sign in to leave a comment.