Link Search Menu Expand Document
OpenRMF Professional Help

Patch Management through Nessus, Rapid7 Nexpose or General Patch Scanner

You can do Patch Management through Nessus, Rapid7 or by using our general patch vulnerability format as well and import those results into OpenRMF® Professional. Those applications link to information such as the Windows Server Update Services, Red Hat Network Satellite Server, or Symantec Altiris for example and then scan your machines to see your operating system and software patch compliance. If you have patches missing, it will notify you in a report showing the server or host, the patch, the issue, and the fix to perform.

Additionally you can use the Full Audit without Web Spider scan in Rapid7 Nexpose to track vulnerabilities, software, and services running on machines to import into OpenRMF® Professional. Use the Nexpose 2.0 XML report to export the results to load into the Host Scan Data area of OpenRMF® Professional.

Note: The ACAS and Nessus Professional Patch scanning and Nexpose Full Audit scanning is not SCAP scanning. This Nessus Professional or ACAS (Patch) tool scans for patches applied or missing, where the SCAP scan works with a baseline of security settings to know if your system is compliant with the security benchmarks used. This is a common question that comes up to the OpenRMF® Professional team.

For any other scanners for patch vulnerabilities, we have a universal format you can use explained in the Loading Patch Scan area.

Patch Management Process

An example of using Nessus in a patch management process would involve “Patch Tuesday” and “Patch Thursday”. This is quite common in the DoD, Federal Government and large company realms of IT administrators. Each Tuesday and Thursday known good security patches are applied to servers and devices on the network. You then do an Nessus scan to get the results, make sure patches were applied, and note any servers that did not get the patch from a security update, policy update or manual update performed.

The results in Nessus will show you where you have critical, high, medium, and low risk patch issues and the overall risk and health status of those patches across your servers and devices.

Importing Scan Results

If you setup the Nessus integration, you can use the Import feature to pull in patch vulnerability scans directly to add or update patch data in your system package.

The maximum file size is a 200 MB .nessus file or equivalent data when uploading or importing. If your file is larger, please create logical sections or breakdown of your network so your file size is smaller. This is due to all the processing that takes place on these files to ensure they do not timeout.

Exporting Scan Results

Not everyone will have access to the Nessus or Rapid7 Nexpose server, even at a read-only level. To view the results from Nessus, you can export a .nessus file from the scan and import into OpenRMF® Professional through the System Package page. For Rapid7 Nexpose you want to export a Nexpose XML 2.0 report format file for your devices.

This will show your patch data updated on the Dashboard / homepage as well as within the System Package and Reports pages. You can export to MS Excel or run reports and search/view the results of the scans across your whole network of servers and devices or per device.

The maximum file size for uploads is a 200 MB file.

Information Updated from Scan Results

These scans are a wealth of knowledge as they update several key areas of your System Package within OpenRMF® Professional:

  • Patch Vulnerabilities
  • Patch Score (# of open patch vulnerabilities by severity)
  • Hardware Assets
  • Software Assets
  • Ports, Protocols, and Services Management listing

More Information

See the https://docs.tenable.com/nessus/Content/PatchManagement.htm site for more information on Nessus and ACAS.

See the https://www.rapid7.com/products/nexpose/ Rapid7 Nexpose documentation site for more information on Rapid7.

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM