Loading Patch Scan Files
To load a patch scan file you can open the System Package and then click on the … button and choose Upload –> Patch Vulnerability File. You also can view the current Patch Data and then click the Upload button from that screen. You will see a screen similar to what is below. In the bottom area click in the “Drop your Patch Scan File Here” and select your *.nessus, *.xml, or *.json file and click Send File. Alternative you can drop your file on it and then click Send File.
The file is sent to the server and processed and then a response shows when done. Also the System Package Patch Score should update if any plugin/patch items were added or removed.
The maximum file size for uploads is a 200 MB file.
Currently we support Tenable Nessus / ACAS credentialed and uncredentialed (via System Package Preferences) patch vulnerability scans (.nessus), Rapid7 Nexpose Full Audit w/o Web Spider results (.xml), or a universal JSON format (.json) shown below for our patch vulnerability data import/upload.
{
"reportName": "",
"reportDate": "",
"scanSoftware": "",
"scanVersion": "",
"devices": [
{
"hostname": "",
"ipAddress": "",
"systemType": "",
"credentialed": true,
"data": [
{
"vulnerabilityId": "",
"vulnerabilityName": "",
"family": "",
"port": "",
"serviceName": "",
"protocol" : "",
"severity": 4,
"cvssScore" : 9.8,
"description": "",
"publicationDate": "",
"vulnerabilityType": "",
"riskFactor": "",
"synopsis": "",
"output": "",
"solution": ""
},
{
"vulnerabilityId": "",
"vulnerabilityName": "",
"family": "",
"port": "",
"serviceName": "",
"protocol" : "",
"severity": 4,
"cvssScore" : 9.8,
"description": "",
"publicationDate": "",
"vulnerabilityType": "",
"riskFactor": "",
"synopsis": "",
"output": "",
"solution": ""
}
]
}
]
}
How POAM Items are Added and Updated
If you have any patch items marked as critical, high, medium, or low your POAM will add them when you generate a new POAM. It grabs all the relevant data and fills in the POAM entry for that patch. It also links the patch data that caused that entry to be created. So when viewing the POAM, you can click “View Patch Data” and it will open the patch data and filter on that particular entry. That gives you bi-directional traceability for the POAM and the Patch Vulnerability data.
If you have the POAM already generated, any new item from a patch not already in the system package patch data is added to the POAM with the correct severity. Any item previously in the system package patch data but NOT in the most recent will be marked as closed but will be maintained in the system package POAM data. When you choose to export the POAM to MS Excel and select the 90, 180, or 365 day option the POAM item closed will appear if updated within that time period.
Deleting a Device from a Patch Scan
If you have the correct System Owner permission, you can delete a device that was incorrectly scanned or added by clicking the ... menu on the far right of the device and selecting the Delete option. This will delete and remove the patch vulnerability entries for that device across the score, data, and history for the patch scan in the system package.
When deleting a device score from this screen, you can enter a delete comment that will be added to any POAM item marked as “Completed” based on its link to any open vulnerabilities from this device.
