Link Search Menu Expand Document
OpenRMF Professional Help

Loading Patch Scan Files

To load a patch scan file you can open the Team Subpackage and then click on the Upload Patch Vulnerability item from the Host Scan Data button. You will see a screen similar to what is below. In the bottom area click in the “Drop your Patch Scan File Here” and select your .nessus, .xml, or properly formatted .json file or drop your file on it and then click Send File.

Depending on your system package preferences you may be required to only used credentialed patch scans. If you can use uncredentialed scans, the blue information box will inform you and let you know what data it can use from uncredentialed scans.

The file is sent to the server and processed and then a response shows when done. Also the System Package Patch Score should update if any plugin/patch items were added or removed.

Note: if you are a Patch Editor for this team subpackage, you can only load a patch scan for devices already added to the team subpackage. If any hostname or device name is in the scan that does not match the team subpackage, that data will not be loaded.

Note: if you are a Patch Administrator for this team subpackage, you can add new devices as well through a scan. Any host/device that is not in the team subpackage and also not in the larger system package will be added to the team subpackage and updated correctly.

OpenRMF Professional Upload Patch Scan

How POAM Items are Added and Updated

If you have any patch items marked as critical, high, medium, or low your POAM will add them when you generate a new POAM. It grabs all the relevant data and fills in the POAM entry for that patch. It also links the patch data that caused that entry to be created. So when viewing the POAM, you can click “View Patch Data” and it will open the patch data and filter on that particular entry. That gives you bi-directional traceability for the POAM and the Patch Vulnerability data.

If you have the POAM already generated, any new item from a patch not already in the system package patch data is added to the POAM with the correct severity. Any item previously in the system package patch data but NOT in the most recent based on the hostname will be marked as Completed but will be maintained in the system package POAM data.

When you choose to export the POAM to MS Excel and select the 90, 180, or 365 day option the POAM item closed will appear if updated within that time period.

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM