Do you think IIT Guwahati certified course can help you in your career?
Introduction
Puppet Remediate gives us insight into the vulnerabilities present throughout our software and the tools to prioritise and take appropriate action. Thus, Puppet Remediate helps us to avoid the risk of data breaches and external attacks.
In this article, we will discuss Sources in Puppet Remediate in detail. So, without any further ado, let's get started!
Add Sources
We can add multiple infrastructure sources to find all the nodes, packages, and containers running across our entire infrastructure. We can include our vulnerability scanner to find and correct the vulnerability in the infrastructure.
Select Manage sources from the sidebar.
Select source after clicking Add sources:
Vulnerability scanner:
Rapid7
Tenable.io
Tenable.sc
Qualys
Infrastructure source:
Amazon Web Services
IP addresses
OpenStack
VMware vSphere
Google Cloud Platform
Microsoft Azure
Puppet Enterprise source
Add the relevant configuration parameter values for the source. (Before starting a discovery when adding a vulnerability scanner, click Test Credentials to make sure Remediate has the proper access credentials for the scanner.)
Now click on Discover. The information displayed in Remediate takes a certain amount of time, depending on how much data is present in our source.
Puppet Enterprise sources
Installing a single Puppet Enterprise source will allow us to run vulnerability remediation tasks and collect data against it.
Vulnerability scanners
Puppet Remediate integrates with Qualys, Tenable, and Rapid7.
Infrastructure sources
The infrastructure sources have node instances that we can find.
Puppet Enterprise Sources
📕Installing a single Puppet Enterprise source allows us to run vulnerability remediation tasks and collect data against it.
📕To authenticate our Puppet account and find nodes running Puppet Enterprise, we need to add our Puppet Enterprise (PE) credentials.
📕Puppet Enterprise nodes are visible on the Remediate UI's Resources dashboard after adding it.
Now, let us look at the table given below to get an overview of parameters:
Parameters
Description
Name
Unique name that accurately describes this source.
Puppet authentication token
The authentication token for puppet is produced by the Puppet Enterprise command puppet-access.
Puppet Enterprise URL
Tasks on our Puppet Enterprise nodes are carried out by Remediate using the Puppet Enterprise Orchestrator API.
puppet.domain.com, or https://puppet.domain.com are examples of URLs of our Puppet Enterprise server.
Vulnerability Scanners
Vulnerability Scanner is used to check networks, systems, and applications for security flaws in an organization.
Qualys
We need to add the details for our Manager's account of Qualys Vulnerability. Now let us understand different Parameters in the table given below:
Parameter
Description
API server URL
The platform HTTPS URL and port number, where your Qualys account is present.
Date Range
We can restrict the time range for which results are returned.
Import Tags
We can import tags from Qualys using this option.
Name
A unique name that accurately describes the vulnerability scanner.
Password
It refers to the Qualys password.
Update Interval
The duration between vulnerability scanner polls by Remediate for the new data. The update interval defaults to 30 minutes.
Username
Refers to the Qualys username.
Severity threshold
The degree of severity above which vulnerability data is forwarded to Remediate. Severity level 1 by default.
Rapid7
We can add the information for our Rapid7 Nexpose(on-prem) or InsightVM (cloud) account. Now let us understand the different Parameters in the table given below:
Parameter
Description
Enable SSL certification verification
Select this to use CA cert to validate the SSL certificate that Rapid7 returned using its signature. We need to add our own CA certificate.
Name
A unique name that accurately describes the vulnerability scanner.
InsightVM URL
The port number and HTTPS URL to our Nexpose or InsightVM instance.
Username
It refers to the Rapid7 username.
Password
It refers to the Rapid7 password.
Update Interval
The duration between vulnerability scanner polls by Remediate for the new data. The update interval defaults to 30 minutes.
Severity threshold
The degree of severity above which vulnerability data is forwarded to Remediate. Severity level 1 by default.
Tenable.io
Add the details for the Tenable.io (cloud) account. Now let us understand the different Parameters in the table given below:
Parameter
Description
Access key
To log in to the Tenable.io API, we have to use our Tenable.io access key.
Name
A unique name that accurately describes the vulnerability scanner.
Import tags
It is used to import tags from Tenable.io. This option is normally turned off.
Update Interval
The duration between vulnerability scanner polls by Remediate for the new data.
The update interval defaults to 30 minutes.
Severity threshold
The degree of severity above which vulnerability data is forwarded to Remediate. Severity level 1 by default.
Secret key
It is used to authenticate with the Tenable.io API.
Tenable.sc
We can add the information for our Tenable.sc account. Now let us understand the different Parameters in the table given below:
Parameter
Description
Enable SSL certification verification
We can confirm the SSL certificate by Tenable.sc just by ticking the checkbox.
Name
Unique name that accurately describes the vulnerability scanner.
InsightVM URL
The port number and HTTPS URL to our Nexpose or InsightVM instance.
Username
It refers to the Tenable.sc username.
Password
It refers to the Tenable.sc password.
Update Interval
The duration between vulnerability scanner polls by Remediate for the new data. The update interval defaults to 30 minutes.
Severity threshold
The degree of severity above which vulnerability data is forwarded to Remediate. Severity level 1 by default.
Infrastructure Sources
We can discover node instances on the following infrastructure sources:
Amazon Web Services
Add the AWS authentication credentials to discover the EC2 instances running on your AWS account. Now let us understand the different Parameters in the table given below:
Parameter
Description
Access Key
Unique name that accurately describes the infrastructure source.
Name
Unique ID for our access key that we created in the AWS Management Console.
Secret Key
It corresponds to our access key ID.
Google Cloud Platform
We can find the node instances running on each of our accounts. We need to add the GCP authentication credentials. The service account key file (.json) saved after creating the GCP credentials in the GCP console contains the client email, the private key ID, the private key, and the project ID values. Now let us understand the different Parameters in the table given below:
Parameter
Description
Client Email
The email address for our GCP service account.
Name
Unique name that accurately describes the infrastructure source.
Project ID
Our service account's associated GCP project
Private key
The generated private key from the GCP console.
Private key ID
Unique private key for the associated private ID
Microsoft Azure
To find the node instances on our Microsoft Azure accounts, we need to add the authentication information. Registering our application on the Azure portal requires logging in. Give it the name PuppetRemediate and decide whether to use an API or Web app. Additionally, we need to grant the application with Reader permission. Now let us understand the different Parameters in the table given below:
Parameter
Description
Application ID
It refers to the Azure application ID
Client ID
The client key, which is also referred to as the authentication key is created for our application in the AAD
Name
A unique name that accurately describes the infrastructure source.
Tenant ID
It refers to the AAD tenant ID.
Subscription ID
The ID of our Azure services subscription.
Frequently Asked Questions
What is Puppet Agent?
To manage the configuration of the nodes, you install the application that is a puppet. There are different ways to use puppets depending on your infrastructure and needs. You can use puppet agent as a cron job, on-demand, or service.
How many types of puppets are there?
The puppets are broken into six prominent families. The six major families are marionettes, rod marionettes, hand puppets, rod puppets, shadow figures, and bunraku-style puppets.
Explain the upgradation concept in puppet remediate.
The upgradation concept in puppet remediate can be done in many ways. It can be done offline as well as in online mode. You can also use a custom registry to upgrade the puppet.
What language is used in puppet?
Programming languages used in puppet are C++, Ruby, and Clojure.
Is puppet an automation tool?
It is a tool that helps you manage and automate the configuration of your server. You define the desired state of your infrastructure that you want to manage.
Conclusion
In this blog, we have discussed the sources in puppet remediate in detail. To learn more about puppet, please refer to the blogs mentioned below:
34+ registered 
