Vulnerability scanners
Puppet Remediate integrates with Tenable, Qualys and Rapid7.
Note: Ask your security team for the permissions to import vulnerability
scan data.
Qualys
Add the details for your Qualys Vulnerability Manager account.
| Parameter | Description |
|---|---|
| Name | A unique and descriptive name to identify this vulnerability scanner. |
| API server URL | The HTTPS URL and port number to the platform where your Qualys account is located.
Note: Qualys CE is not API
compatible and therefore is not supported by Remediate. For more information,
see the Qualys CE user
guide.
|
| Username | Your Qualys username to authenticate with. |
| Password | Your Qualys password to authenticate with. |
| Update interval | The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes. |
| Severity threshold | The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default. |
| Date range | Use the options in this drop-down menu to limit the time period for which results are returned. |
| Import tags | Use this option to import tags from Qualys. By default this option is OFF. |
Rapid7
Add the details for your Rapid7 Nexpose (on-prem) or InsightVM (cloud) account.
| Parameter | Description |
|---|---|
| Name | A unique and descriptive name to identify this vulnerability scanner. |
| InsightVM URL | The HTTPS URL and port number to your InsightVM or Nexpose instance. |
| Username | Your Rapid7 username to authenticate with. |
| Password | Your Rapid7 password to authenticate with. |
| Enable SSL certification verification | To verify the signature on the SSL certificate returned by Rapid7 using your CA cert, select this option. Remember that you must add your own CA certificate. For more information, see SSL certificate verification for scanners. |
| Update interval | The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes. |
| Severity threshold | The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default. |
Tenable.io
Add the details for your Tenable.io (cloud) account.
| Parameter | Description |
|---|---|
| Name | A unique and descriptive name to identify this vulnerability scanner. |
| Access key | Your Tenable.io access key to authenticate with the Tenable.io API. For more information about generating an access key, see the Tenable.io documentation. |
| Secret key | Your Tenable.io secret key to authenticate with the Tenable.io API. For more information about generating a secret key, see the Tenable.io documentation. |
| Update interval | The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes. |
| Severity threshold | The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default. |
| Import tags | Use this option to import tags from Tenable.io. By default this option is OFF. |
Note: You must use the Administrator role in Tenable.io to export data using the Tenable.io API.
Tenable.sc
Add the details for your Tenable.sc account.
| Parameter | Description |
|---|---|
| Name | A unique and descriptive name to identify this vulnerability scanner. |
| URL | The URL of your Tenable.sc instance. |
| Username | Your Tenable.sc account username. For more information, see the Tenable.sc documentation. |
| Password | Your Tenable.sc account password. For more information, see the Tenable.sc documentation. |
| Enable SSL certificate verification | Select this checkbox if you want to verify the SSL certificate returned by Tenable.sc. Remember that you must add your own CA certificate. For more information, see SSL certificate verification for scanners. |
| Refresh interval | The time interval before Remediate polls the vulnerability scanner for new data. This parameter is optional. If not specified, the update interval defaults to 30 minutes. |
| Severity threshold | The severity level on or above which vulnerability data is passed to Remediate. This parameter is optional. If not specified, severity level 1 is used by default. |
Tip: The Tenable.sc
Auditor role is the role with the least permissions that you can use to
connect from Remediate.
SSL certificate verification for scanners
You can verify SSL certificates signed by an internal certificate authority for Rapid7 and Tenable.sc.
If you decide to enable verification for certificates signed by an internal certificate authority when configuring Rapid7 or Tenable.sc to work with Remediate, use the following procedure to add a self-signed certificate: