PatchIntel 🛡️

AI-Driven Patch Tuesday Risk Dashboard

A modular framework that ingests Microsoft Patch Tuesday data, maps vulnerabilities to organizational assets, and calculates contextual risk with future GenAI reasoning capabilities.

---

🎯 Project Vision

PatchIntel is not a traditional vulnerability scanner. It is a risk interpretation & decision-support engine that transforms technical patch data into actionable insights for security leaders.

Core Capabilities

• 🔍 Patch Intelligence - Fetch & parse Microsoft Patch Tuesday updates
• 🏢 Asset Mapping - Correlate vulnerabilities with organizational assets
• 📊 Risk Scoring - Quantify exposure with deterministic risk models
• 🤖 AI Reasoning (Future) - Generate insights and remediation guidance

---

🚀 Quick Start

Prerequisites

• Python 3.8 or higher
• pip (Python package manager)
• Internet connection

Installation

1. Clone the repository:

git clone https://github.com/mclperera/patchintel.git
cd patchintel

2. Install dependencies:

pip install -r requirements.txt

3. Fetch your first Patch Tuesday:

cd patch-intel
python patchintel.py fetch --month 2024-11

4. View module capabilities:

python patchintel.py --help
python patchintel.py info

---

📦 Project Structure

patchintel/
├── docs/                    # Documentation
│   └── PRD.md              # Product Requirements Document
│
├── patch-intel/            # ✅ Phase 1: Patch Tuesday data ingestion
│   ├── src/               # Source code
│   │   ├── __init__.py   # Package initialization
│   │   ├── fetcher.py    # Microsoft API client
│   │   ├── parser.py     # Data normalizer
│   │   └── cli.py        # Command-line interface
│   ├── samples/          # Sample datasets
│   └── patchintel.py     # Main CLI entry point
│
├── asset-ingestion/        # ✅ Phase 2: Asset ingestion & normalization
│   ├── src/               # Source code
│   │   ├── __init__.py   # Package initialization
│   │   ├── ingestion.py  # Multi-source asset loader
│   │   ├── normalizer.py # Data normalizer
│   │   └── cli.py        # Command-line interface
│   ├── samples/          # Sample ServiceNow export
│   ├── output/           # Normalized assets
│   ├── patchintel-assets.py  # Main CLI entry point
│   ├── PHASE2_SUMMARY.md     # Phase 2 completion summary
│   └── PHASE3_INTEGRATION.md # Integration guide for Phase 3
│
├── risk-engine/            # 🚧 Phase 3: Risk calculation (coming soon)
├── dashboard/              # 🚧 Phase 4: Web UI (coming soon)
├── ai-layer/               # 🚧 Phase 5: GenAI reasoning (coming soon)
│
├── requirements.txt        # Python dependencies
├── .gitignore             # Git ignore rules
└── README.md              # This file

---

🏗️ Development Phases

✅ Phase 1: Patch Tuesday Data Ingestion

Status: Complete

Retrieve and normalize Microsoft Patch Tuesday vulnerability data.

Features:

• ✅ Fetch data via Microsoft Security Update Guide API
• ✅ Parse CVRF documents and extract CVE details
• ✅ Export to JSON and CSV formats
• ✅ Generate vulnerability statistics

Usage:

cd patch-intel
python patchintel.py fetch 2025-Oct
python patchintel.py process 2025-Oct

---

✅ Phase 2: Asset Ingestion & Normalization

Status: Complete

Ingest and standardize asset inventory data from multiple sources.

Features:

• ✅ ServiceNow CMDB export support
• ✅ Generic CSV/JSON import with field mapping
• ✅ Automatic OS name normalization
• ✅ Data quality scoring (0-100)
• ✅ Field completeness validation
• ✅ Standard schema for Phase 3 integration

Usage:

cd asset-ingestion

# Load and preview assets
python patchintel-assets.py ingest samples/servicenow_cmdb_export.csv --preview

# Normalize to standard schema
python patchintel-assets.py normalize samples/servicenow_cmdb_export.csv output/assets.csv --stats

# Validate data quality
python patchintel-assets.py validate samples/servicenow_cmdb_export.csv --min-quality 70

Output Schema:

• 20 standardized fields (hostname, os, os_version, business_criticality, patch_group, etc.)
• 91/100 average data quality on test data
• Ready for Phase 3 CVE correlation

📖 Phase 2 Summary | Phase 3 Integration Guide

---

🚧 Phase 3: Rule-Based Risk Engine (Next)

Correlate vulnerabilities to assets and calculate risk scores.

Planned Features:

• CVE-to-asset matching (OS/version correlation)
• Risk scoring algorithm (CVSS × Criticality × Exploitability)
• Prioritized remediation lists by patch group
• Deployment scheduling based on maintenance windows
• Summary reports and statistics

Integration:

• Input: Phase 1 CVEs (233 from Oct 2025) + Phase 2 Assets (25 normalized)
• Output: Asset-CVE pairs with contextual risk scores (0-100)

---

🚧 Phase 4: Dashboard (Coming Soon)

Local web UI for visualization and exploration.

Planned Features:

• Risk heatmaps
• Asset vulnerability views
• CVE breakdown by severity
• Export capabilities

---

🚧 Phase 5: GenAI Reasoning Layer (Coming Soon)

Intelligent analysis and recommendations.

Planned Features:

• Natural language impact summaries
• Tailored remediation guidance
• Asset data enrichment
• Executive briefings

---

🔧 Current Module: patch-intel

Fetch Patch Tuesday Data

cd patch-intel
python patchintel.py fetch --month 2024-11

Parse and Analyze

# Show statistics only
python patchintel.py parse samples/patch_tuesday_2024_11.json --stats-only

# Parse and save normalized data
python patchintel.py parse samples/patch_tuesday_2024_11.json --output-dir normalized/

Quick Process (Fetch + Parse)

python patchintel.py process --month 2024-11

Output Example

{
  "cve_id": "CVE-2024-43451",
  "title": "Windows NTLM Remote Code Execution Vulnerability",
  "severity": "Critical",
  "cvss_base_score": 9.8,
  "exploit_status": "ACTIVE",
  "affected_products": ["Windows 11", "Windows Server 2022"],
  "kb_articles": ["KB5012345"]
}

---

📊 Sample Output

==============================================================
PATCH TUESDAY DATA SUMMARY
==============================================================

Total Vulnerabilities: 89

By Severity:
  Critical       :  15
  Important      :  58
  Moderate       :  14
  Low            :   2

⚠️  Vulnerabilities with Active Exploits: 3
🔴 Critical Vulnerabilities: 15
📊 Average CVSS Score: 7.2
==============================================================

---

🛠️ Technology Stack

• Language: Python 3.8+
• Data Processing: pandas
• API Calls: requests
• CLI: click
• Future: FastAPI, Streamlit (for dashboard)

---

📖 Documentation

• Product Requirements Document - Full project vision and roadmap
• Phase 2 Summary - Asset ingestion completion report
• Phase 3 Integration - Risk engine integration guide

---

🤝 Contributing

We welcome contributions! This project follows a phased approach:

1. Each phase is a self-contained module
2. Modules can be used independently or together
3. Follow existing code style and documentation standards

To contribute:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests and documentation
5. Submit a pull request

---

🗺️ Roadmap

Phase	Status	Description
Phase 1	✅ Complete	Patch Tuesday data ingestion (233 CVEs from Oct 2025)
Phase 2	✅ Complete	Asset ingestion & normalization (25 assets, 91/100 quality)
Phase 3	🚧 Next	Rule-based risk engine (CVE-Asset correlation)
Phase 4	🚧 Planned	Basic dashboard
Phase 5	🚧 Planned	GenAI reasoning layer
Phase 6	💭 Future	Adaptive CMDB overlay

---

📝 Release History

v0.2.0 (Current)

• ✅ Asset ingestion from ServiceNow CMDB exports
• ✅ Multi-source asset loading (CSV, JSON)
• ✅ Automatic OS normalization
• ✅ Data quality scoring (0-100)
• ✅ Standard 20-field schema
• ✅ Phase 3 integration ready

v0.1.0

• ✅ Microsoft Patch Tuesday data fetching
• ✅ CVRF document parsing and normalization
• ✅ JSON and CSV export capabilities
• ✅ Vulnerability statistics generation
• ✅ CLI interface

---

📄 License

[Add your license here]

---

🙋 Support

For questions, issues, or feature requests:

• Open an issue on GitHub
• Check module-specific READMEs
• Review the PRD for project context

---

🎓 Learn More

• Microsoft Security Update Guide
• CVRF Specification
• CVSS v3.1 Specification

---

Built with ❤️ for security teams everywhere

Making Patch Tuesday less painful, one module at a time.