JetPatch vulnerability parser can support any report from a Vulnerability Scanner by uploading the report into JetPatch. In this article, you will find how to import a vulnerability csv report from Tenable.io

Requirements

Report Type: The report must be in a CSV type

Report Rows:  Must include the following columns:

• Name - The name of the plugin that detected the vulnerability.
• Solution - Remediation information for the vulnerability.
• Plugin Family
• FQDN - The fully-qualified domain name of the host that the vulnerability was detected on
  • If FQDN is empty in your report, configure the vulnerability integration on IP only.
• IP Address
• CVE (optional) -  space-separated list of CVEs

See attached example at bottom of the article.

Report Structure:

1. The report should include the headers row
2. The report information should be divided into columns (not a single column with all the information inside the cell)
3. The CSV should not have extra columns that are not listed above (they should be deleted)

JetPatch Configuration

After you verified that the report is valid for the JetPatch Tenable.io Vulnerability Scanner, the Vulnerability Parser can be customized.

The JetPatch Vulnerability Parser is located in the "conf" folder, usually in /usr/share/tomcat/default/conf/intigua_vulnerability_parser.conf.json

Go to the JetPatch application > Patches Catalog > Vulnerabilities. You should be able to see that there is a "Tenable.io - CSV" report option. Use it to upload your vulnerability scan report.