homeblogannouncing record of remediation and audit log in puppet remediate 1 3

Announcing record of remediation & audit logs in Puppet Remediate 1.3

Today we are pleased to announce the release of Puppet Remediate 1.3.0. This release includes new features requested by our customers, including even more capabilities to help you track and trace network activity, and give you more control of the data in your dashboard.

Read on for background and a look at the new capabilities.

Record of remediation

When multiple people in a team are responsible for remediating vulnerabilities, you want to divide and conquer. Now you can.

Oftentimes, there is a waiting period between vulnerability assessments while IT Ops waits for InfoSec to verify a fix. During that period, it can be difficult to determine:

  • Which vulnerabilities you or your teammates have already tried to Remediate,
  • What tasks have been run against a certain vulnerability in an attempt to remediate it,
  • Who ran the task, and why,
  • If the vulnerability was successfully remediated or not.

Puppet Remediate now includes a record of remediation, or persistent records of the events initiated to combat vulnerabilities.

You can now see data on the latest events and remediation tasks that have been carried out, who initiated them, and whether or not they were successful, for any given vulnerability.

Screenshot of record of remediation showing that 'admin' remediated a CVE on 2 nodes 2 minutes ago

Audit log

Everyone has auditors of some kind, whether it’s your manager, your teammates, or an external auditor or regulator. Audit logs in Puppet Remediate make it easy to report on changes to your environment.

With a single command, you can generate a super-granular log of all key events in Puppet Remediate, then publish the log to an exportable file for easy sharing with internal and external auditors. These detailed logs can also be useful in retrospectives.

The audit log provides data on user, source, credential, and task management events. This is available via the command line and can be stored or examined as an audit trail.

Activity feed

By default, Puppet Remediate pulls in data from your vulnerability scanner every 30 minutes. Depending on the size of your environment, frequency of vulnerability assessments, and other internal processes, such frequent updates may not be necessary.

latest events puppet remediate

Puppet Remediate 1.3.0 includes improved granularity on the data polling configuration, allowing you to control the frequency of data updates. The Update Interval option can be adjusted in the security source configuration.

update interval puppet remediate

Determine how often Puppet Remediate checks for new data from your scanner.

Severity threshold configuration

One of our key goals with Puppet Remediate is to help IT teams quickly remediate the most critical vulnerabilities in their environment. In this context, having too much data is almost as bad as not having enough; it becomes hard to know where to focus.

Puppet Remediate 1.3.0 gives you more control over the data you see in your dashboard by allowing you to select the threshold of vulnerabilities you wish to import from your vulnerability scanner, based on severity. This configuration can be adjusted over time to meet your needs.


Screenshot of how you can adjust the severity threshold for Tenable


Screenshot of how you can adjust the severity threshold for Rapid7


Screenshot of how you can adjust the severity threshold for Qualys

The Severity Threshold option has been added to the security source configuration. When configured, Puppet Remediate will not import any vulnerabilities with a severity less than the configured value. This defaults to importing all vulnerabilities, regardless of severity.

And more...

As always, this release is chock-full of improvements, including updates to Tenable integrations, bug fixes... more than I can fit in a blog post :)

If you haven't used Puppet Remediate yet, learn more and request a demo here.