Integrate vulnerability data from a security scanner

To integrate information about vulnerabilities detected by your third-party scanning software, a vulnerability data transformer must be installed, configured and registered on a designated transformer node.

The transformer parses scan reports from your scanner and sends vulnerability information to Puppet Enterprise. This enables you to view the vulnerabilities in the PE console, see which Puppet-managed nodes are affected, and run vulnerability remediation patch jobs.

A vulnerability data transformer is available for download from the Puppet Forge. This implementation is designed to integrate vulnerability data generated by the Tenable Nessus™ security scanner. To connect to other types of scanning tools, you can design your own transformer scripts to attach to the transformer node.

Steps to integrate vulnerability data:

• Install the transformer
• Configure the transformer
• Register and connect the transformer
• Ingest vulnerability data