This document provides comprehensive information about the PatchWise platform, including its features, installation, configuration, and usage.
PatchWise is an AI-powered vulnerability management platform designed to assist security teams in efficiently identifying, analyzing, prioritizing, and remediating security vulnerabilities. By leveraging generative AI, PatchWise streamlines various stages of the vulnerability management lifecycle, enabling a proactive and risk-based approach to cybersecurity.
PatchWise offers a range of features to enhance vulnerability management:
- Vulnerability Data Ingestion and Normalization: Ingests vulnerability data from various sources and uses AI to normalize and standardize the data.
- Vulnerability Asset Mapping: Maps identified vulnerabilities to organizational assets using AI correlation.
- AI-Driven Patch Advisor: Provides AI-powered patch recommendations based on vulnerability analysis, asset criticality, and potential impact.
- Vulnerability Overview Dashboard: Displays key vulnerability metrics and patch status.
- Interactive Vulnerability Chat: A chat interface for natural language queries about vulnerabilities and patches.
- Customizable Security Reports: Generates reports on vulnerability status, patch compliance, and security posture.
- Nmap Service Scan Parsing: Parses Nmap Service Scan XML output using AI.
- Intelligent Patch Prioritization: Prioritizes patches based on scan data and outdated service versions using AI.
- Actionable Documentation: Produces clear documentation for stakeholders.
Before installing PatchWise, ensure you have the following installed:
- Node.js (and npm or yarn)
- Git
-
Clone the repository:
git clone [<repository_url>](https://github.com/Designerpro13/project-paspatch/ cd PatchWise
-
Install dependencies:
npm install # or yarn install
PatchWise utilizes external APIs for certain functionalities, particularly those powered by generative AI. To use the platform, you will need to configure your API keys.
-
Create a
.env.localfile in the root of the project directory. This file will store your environment variables, including API keys. -
Add your API keys to the
.env.localfile in the following format:GOOGLE_API_KEY=your_google_api_key_here # OPENAI_API_KEY=your_openai_api_key_here
- Replace
your_api_key_valuewith your actual API key.
- Replace
-
Ensure that the
.env*.localentry is present in your.gitignorefile to prevent your API keys from being committed to your repository.
To run the PatchWise platform locally, use the following command:
npm run dev
# or
yarn devThis will start the development server, and you can access the application in your web browser, typically at http://localhost:3000.
PatchWise, particularly in its current stage of development and reliance on AI, has certain limitations:
- AI Accuracy: The accuracy of vulnerability analysis, mapping, and patch recommendations is dependent on the quality and capabilities of the underlying AI models. While efforts are made to ensure accuracy, AI can sometimes produce incorrect or irrelevant information.
- Data Source Dependency: The effectiveness of the platform is contingent on the availability and quality of vulnerability data from ingested sources.
- API Key Requirement: Access to AI-powered features requires valid API keys for the respective services.
- Continuous Development: The platform is under continuous development, and some features may be incomplete or subject to change.
Users should exercise discretion and verify critical information provided by the AI.