homeblogintroducing puppet enterprise tasks and workflows in puppet remediate

Introducing Puppet Enterprise tasks and workflows in Puppet Remediate

Today we are pleased to announce the release of Puppet Remediate 1.4. This release brings together the dynamic vulnerability data and prioritization capabilities in Puppet Remediate with Puppet Enterprise’s industry-leading automation to help organizations improve their security posture and reduce the risk of security incidents.

Puppet Enterprise customers can now make use of a common automation workflow, using Puppet Remediate to assess vulnerabilities impacting their Puppet-managed assets, prioritize vulnerabilities based on infrastructure impact, deploy remediations via the Puppet agent, and generate reports to validate patches and ensure that assets are up-to-date.


Tasks via Puppet Enterprise

Customers who use both Puppet Enterprise and Puppet Remediate have provided two consistent pieces of feedback:

  • They want the ability to execute tasks using the Puppet agent, rather than being limited to SSH or WinRM. In many customer environments, the agent has pre-approval to make changes on Puppet-managed nodes, eliminating the need for individual change requests.
  • They want to leverage the task workflows and processes that already exist in their Puppet Enterprise environment.

Puppet Remediate now delivers on both of those requests with the introduction of Tasks via Puppet Enterprise.

Users of both products can connect their Puppet Enterprise environment with Puppet Remediate to surface details on their Puppet-managed nodes and the vulnerabilities that impact them.


Any task that exists in your Puppet Enterprise environment can be run against PE-managed nodes from within the Remediate console. These tasks are executed via the Puppet orchestrator, removing the need to use SSH or WinRM. While Remediate 1.4 provides the ability to execute single tasks, later releases will include enhanced orchestration capabilities, allowing users to execute multiple tasks in sequence as part of a task plan.

Customers who use source control to manage their tasks and then sync them to environments within PE can leverage these tasks in Puppet Remediate as well, enabling the utilization of existing PE workflows. When running a task that has different versions for separate environments (such as Test and Production), simply select the environment where the task should be executed.


Manage risk

When it comes to vulnerability remediation, one of the biggest challenges is the sheer number of vulnerabilities that IT Ops teams must filter through and fix. Puppet Remediate has always helped address this problem with dashboard filters that enable users to narrow in on a specific subset of vulnerabilities, but certain scenarios require more granular control.

Say that you are aware of a vulnerability but are not able to address it immediately — maybe you need to update a package to resolve a CVE that an application relies on, but doing so would break the application, as it doesn’t yet support the newer package version. Until the application is updated for compatibility, you can’t take any action, but the vulnerability will still show up in your dashboard — day after day, week after week.

The manage risk feature in Remediate 1.4 provides the ability to “accept” the vulnerability and add a note to explain why it is being deferred. These CVEs remain accessible in a separate view, providing visibility to teammates and managers, but they won’t appear in your regular dashboard view, making it easier to focus on new and actionable vulnerabilities.


If you haven’t checked out Puppet Remediate, request a demo to see it in action and learn how it can help improve your organization’s security posture.

Already using Puppet Remediate? Check out the docs for instructions on upgrading to 1.4.

Learn more