Vulnerability scanners

Sections

Puppet Remediate integrates with Tenable, Qualys and Rapid7.

Note: Ask your security team for the permissions to import vulnerability scan data.

Qualys

Add the details for your Qualys Vulnerability Manager account.

Parameter Description
Name A unique and descriptive name to identify this vulnerability scanner.
API server URL The HTTPS URL and port number to the platform where your Qualys account is located.
Note: Qualys CE is not API compatible and therefore is not supported by Remediate. For more information, see the Qualys CE user guide.
Username Your Qualys username to authenticate with.
Password Your Qualys password to authenticate with.
Update interval The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes.
Severity threshold The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default.
Date range Use the options in this drop-down menu to limit the time period for which results are returned.

Rapid7

Add the details for your Rapid7 Nexpose (on-prem) or InsightVM (cloud) account.

Parameter Description
Name A unique and descriptive name to identify this vulnerability scanner.
InsightVM URL The HTTPS URL and port number to your InsightVM or Nexpose instance.
Username Your Rapid7 username to authenticate with.
Password Your Rapid7 password to authenticate with.
Enable SSL certification verification To verify the signature on the SSL certificate returned by Rapid7 using your CA cert, select this option. Remember that you must add your own CA certificate. For more information, see SSL certificate verification for scanners.
Update interval The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes.
Severity threshold The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default.

Tenable.io

Add the details for your Tenable.io (cloud) account.

Parameter Description
Name A unique and descriptive name to identify this vulnerability scanner.
Access key Your Tenable.io access key to authenticate with the Tenable.io API. For more information about generating an access key, see the Tenable.io documentation.
Secret key Your Tenable.io secret key to authenticate with the Tenable.io API. For more information about generating a secret key, see the Tenable.io documentation.
Update interval The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes.
Severity threshold The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default.
Note: You must use the Administrator role in Tenable.io to export data using the Tenable.io API.

Tenable.sc

Add the details for your Tenable.sc account.

Parameter Description
Name A unique and descriptive name to identify this vulnerability scanner.
URL The URL of your Tenable.sc instance.
Username Your Tenable.sc account username. For more information, see the Tenable.sc documentation.
Password Your Tenable.sc account password. For more information, see the Tenable.sc documentation.
Enable SSL certificate verification Select this checkbox if you want to verify the SSL certificate returned by Tenable.sc. Remember that you must add your own CA certificate. For more information, see SSL certificate verification for scanners.
Refresh interval The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes.
Severity threshold The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default.
Tip: The Tenable.sc Auditor role is the role with the least permissions that you can use to connect from Remediate.

SSL certificate verification for scanners

You can verify self-signed SSL certificates for Rapid7 and Tenable.sc.

If you decide to enable verification for self-sign SSL certificates when configuring Rapid7 or Tenable.sc to work with Remediate, use the following procedure to verify your self-signed certificate:

  1. Create a directory for the certificates:
    docker exec -it `docker ps -f name=remediate_vr --format "{{.ID}}"` /bin/mkdir /app/vrDb/certs/
  2. Copy your certificate onto the container:
    docker cp <CA Filepath> `docker ps -f name=remediate_vr --format "{{.ID}}"`:/app/vrDb/certs/
  3. Update Remediate to use the new certificates folder:
    docker service update --env-add CERTS_DIR=/app/vrDb/certs remediate_vr
How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.