As part of the direct API integration with vulnerability scanners, you can download a report for every endpoint that is discovered in JetPatch. The 'Download Report' triggers a report creation & download in the vulnerability scanner which discoveres the vulnerabilities and patches needed for that endpoint.
The Report is downloaded in a CSV format and may include the following data: Asset IP Address, Asset Name, Asset OS, Asset Risk Score, Site Name, Vulnerability Title, Vulnerability Risk Score, Vulnerable Since, Vulnerability CVE IDs, Vulnerability CVSS Score.
Before we start: Make sure your JetPatch platform is integrated with Nexpose or Tenable.sc.
How to Download Nexpose Report
Nexpose Report configuration
JetPatch will download a custom report based on the chosen asset (check "Download report from JetPatch" below).
- In order to create a new report template, go to "Reports" -> Manage report templates
- Click on "NEW" button and fill in the following properties -
- Name = the report name ("JetPatch-CSV" is recommended).
Important- this name should be the same name in JetPatch Nexpose configuration for "pg.nexpose.report-name" property (see below) - Template type = "Export (CSV format)"
- data filed - choose any data filed you want. Our suggestion is:
- Asset IP Address
- Asset Names
- Asset OS Name
- Asset Risk Score
- Site Name
- Vulnerability Title
- Vulnerability Risk Score
- Vulnerability Since
- Vulnerability Proof
- Vulnerability CVE IDs
- Vulnerability CVSS Score
- Name = the report name ("JetPatch-CSV" is recommended).
- Save template
JetPatch will trigger report creation every time a user requests a new report.
Important - If the report was added to Nexpose AFTER you have configured the vulnerability scanner integration in intigua.properties, make sure you restart the tomcat on the application server (service tomcat restart)
JetPatch Report Configuration
After enabling the Nexpose integration, need to add new property to the intigua.properties file with the name of the report template as configured in Nexpsoe:
pg.nexpose.report-name=<NAME OF THE REPORT TEMPLATE IN NEXPOSE>
How to Download Tenable.sc Report
JetPatch will download a custom report based on the chosen asset (check "Download report from JetPatch" below).
Each line in the report will have general endpoint information (IP, OS, Score, Total vulnerabilities,...) and single vulnerability details.
Report Information
All of the following information will be exist in the report:
Tenable.sc property | Default CSV Column Name | Description |
ip | IP | The endpoint IP as detected by Tenable.sc |
netbiosName | DNS Name | DNS Name as detected by Tenable.sc |
osCPE | Operating System |
Translated OS to as detected by Tenabl.sc For example, Tenable.sc detects the endpoint as "cpe:2.3:o:centos:centos:6" But in the report it will appear as "CentOS 6" |
score | Endpoint Score | Endpoint Score |
total | Endpoint Total Vulnerabilities | # of Total Vulnerabilities |
severityLow | Endpoint Low Vulnerabilities | # of Low Vulnerabilities |
severityMedium | Endpoint Medium Vulnerabilities | # of Medium Vulnerabilities |
severityInfo | Endpoint Info Vulnerabilities | # of Info Vulnerabilities |
severityHigh | Endpoint High Vulnerabilities | # of High Vulnerabilities |
severityCritical | Endpoint Critical Vulnerabilities | # of Critical Vulnerabilities |
pluginID | Vulnerability ID | Vulnerability ID |
pluginName | Vulnerability Name | Vulnerability Name |
severity.name | Vulnerability Severity Name | Vulnerability Severity Name |
severity.description | Vulnerability Severity Description | Vulnerability Severity Description |
exploitAvailable | Exploit Available | Exploit Available |
synopsis | Synopsis | Synopsis |
description | Vulnerability Description | Vulnerability Description |
solution | Vulnerability Solution | Vulnerability Solution |
riskFactor | Vulnerability Risk | Vulnerability Risk |
vprScore | Vulnerability VPR Score | Vulnerability VPR Score |
baseScore | Vulnerability Base Score | Vulnerability Base Score |
temporalScore | Vulnerability Temporal Score | Vulnerability Temporal Score |
cvssV3BaseScore | Vulnerability CVSS v3.0 Base Score | Vulnerability CVSS v3.0 Base Score |
cvssV3TemporalScore | Vulnerability v3.0 Temporal Score | Vulnerability v3.0 Temporal Score |
cve | CVE | List of CVEs related to the vulnerability |
xref | Cross References | Vulnerability Cross References (for MSFT) |
pluginInfo | Vulnerability Info | Vulnerability Info |
JetPatch Report Configuration
The report configuration located in a separated file - /usr/share/tomcat/default/conf/Tenable.sc.report.conf
By default, the file configured to get all of the information above.
It is a simple text file in the following format:
<Tenable.sc property> = <CSV Column Name>
<Tenable.sc property> = <CSV Column Name>
There are two cases to edit the configuration file:
- Remove information from the report - by deleting the relevant line in the configuration file.
For example - If removing the "score = Endpoint Score" line the report won't have the "Endpoint Score" column. - Change report column name - by changing the "CSV Column Name" of the property.
For example: changing the line from "osCPE = Operating System" to "osCPE = OS" will result in a column with the name "OS" instead of "Operating System"
Download report from JetPatch
- Log in to the JetPatch platform
- Go to Endpoints > Management
- Optional - Filter by More Filters > Vulnerability > <VULNERABILITY SCANNER NAME>
- Go to a specific server you would like to download the report and click the hourglass icon
- Click 'Download' in the pop-up message that will appear at the bottom of your screen.
For example (for Nexpoe configuration):
Comments
0 comments
Please sign in to leave a comment.