JetPatch is integrated with several vulnerability scanners that are constantly being updated. 

There are two ways of importing vulnerabilities into JetPatch: 

• Vulnerability Connector - Connects to the Vulnerability Scanner using direct API communication. Works for:
  • Nexpose & InsightVM
  • Tenable.sc
• Report Upload - Uploading the report into the JetPatch portal. Works for:
  • Custom CSV format
  • Nessus
  • Tenable.io
  • Any vulnerability system

Vulnerability Menu

To control vulnerability scanners in the JetPatch portal : 

1. Go to 'Patches' > 'Patch Catalog'
2. Click the 'Vulnerability' button on the far right corner 

Clear Data

The operation 'Clear Data' will delete all unmanaged patches and endpoints and the link between managed patches and endpoints.

For deleting the report data you can click on "Clear Data" after choosing the requested vulnerability provider.

Import File

Relevant for "Report Upload" integrations only.

The operation 'Import File' will open an interactive upload window, to upload the report generated from the Vulnerability Scanner.

 

Integration Types

API Connector

Nexpose & InsightVM

• To learn more about Nexpose integration please visit Vulnerability Connector to Nexpose & InsightVM

Tenable.sc

• To learn more about Tenable.sc integration please visit Vulnerability Connector to Tenable.sc

Report Upload

A dedicated parser for your own report can be created. Instructions can be found in Create Custom Parser for Vulnerabilities Report

Any report must include:

• Endpoint Identifications - IP and/or EP name (can be hostname or DNSname).
• Advisory information - Advisory ID

The existing parsers (out-of-the-box) supports the following reports:

Tenable.io

• To learn more about Nexpose integration please visit Report Upload - Tenable.io

Nessus

• To learn more about Nexpose integration please visit Report Upload - Nessus

CSV file

• Import File: You can import a CSV file with patch vulnerability information.
  • The file content should include:
    • IP Address
    • DNS Name
      • If DNS Name is empty in your report, configure the vulnerability integration on IP only.
    • Vulnerability ID (Advisory ID)
      • Windows - KB number, With or without the KB prefix - both are supported.
      • Linux - Full advisory name. 
    • CVE List (Optional) - space-separated list of CVEs
  • Column order - should be in the same order as above
  • Headers - should not be included in the report
• If you would like to add Headers/information to your reports please contact our customer success representative 
• Clear Data - All information that was updated from previously imported reports will be erased   

Example content of CSV file can be:

30.30.0.1	endpoint1.domain.com	RHSA-2020:4076
30.30.0.1	endpoint1.domain.com	RHSA-2020:4060
30.30.0.1	endpoint1.domain.com	RHSA-2020:4007
30.30.0.2	endpoint2.domain.com	KB4577010
30.30.0.2	endpoint2.domain.com	KB4577066

• endpoint1 - is Linux RHEL7 endpoint 
• endpoint2 - is Windows endpoint

Notes - No headers are needed

The example CSV is also attached at the end of the article.

General Configuration

Matching criteria between JetPatch and the Vulnerability Scanner 

# Which criteria should records be merged on between JetPatch and Vulnerability Scanner
# Default is all three.  Order does not matter.  Minimum 1, maximum 3
vulnerability.parsers.match.computer.by=hostname,dnsname,ip

Note - if your report does not include FQDN, the configuration should be changed to match via IP only. 

 

Adding Non-Managed Endpoints into JetPatch

By default, JetPatch will add the non-managed endpoints discovered from the Vulnerability Scanner.

If you would like to turn that off, set the following variable to false.

# Create new non-managed endpoints if discovred in Vulnerability Scanner information
vulnerability.parsers.computer.create.unknown=true

What is "Not In Repository" for a patch?

Some patches might not exist in JetPatch when importing them from a vulnerability system.

In this case, JetPatch can not manage the patches and they are marked "Not In Repository" in the "Approval Status".

How to fix: Updating the WSUS / Linux repositories should fix the problem. JetPatch will get the new updates and remove the "Not In Repository" property.

How to use JetPatch's RESTful API to import a Vulnerability Report Automatically

If you would you use the file called '~/Documents/jpMine.csv' with the following content:
30.30.54.243,Igor-Cnts6-01,CEBA-2020:XXXY

The call to upload a file should use absolute path with '~' translated. For example: ''~/Documents/jpMine.csv'' -> ''/home/igor/Documents/jpMine.csv''

 

The full cmd:
curl -X POST --digest -u admin:3B5B887F-4E63-45DA-B485-10D3E6E28999 -F 'provider=CSV' -F 'type=CSV' -F 'file=@/home/igor/Documents/jpMine.csv' "http://localhost:8080/vmanage-server/rest/experimental/patch-governance/remediation-plans/action/import"

 

After '-u admin:' you should put API key
'provider=CSV' may be 'provider=Nessus' if needed
'type=CSV' is the only type supported
URL should be changed accordingly

Additional Notes

1. After a report is imported or the direct API integration is established, the endpoints that are related to the vulnerability scanner will appear in the Endpoint Management table. In some cases, endpoints that arrive from a vulnerability scanner are not managed by JetPatch (they are not discovered by any of the discovery sources). The unmanaged endpoints are not remediated and no action can be performed.  
2. For managed patches and endpoints, JetPatch will add the report data into:
   • "Endpoints > Management" - into "Vulnerability Scan" column
   • "Patches > Patch Catalog" - into "Vulnerability Provider" column
3. Importing a new report into JetPatch will not override the existing reports.