Outpost24 Outscan/HIAB Connector

Outpost 24 HIAB™ (hacker-in-a-box) is an automated, internal vulnerability management system that includes a network vulnerability scanner and a web application scanner.

Outpost24 Outscan is an automated vulnerability scanner that enables organizations to diagnose, monitor, and triage external vulnerabilities on your internet-exposed devices as well as verify your PCI Compliance for transactional businesses.


To import your data from Outpost24’s Outscan or HIAB tools to Cisco Vulnerability Management and Kenna.AppSec, you will need to leverage the Outpost24 Outscan/HIAB Connector under the vulnerability management tools. There are three different Cisco Vulnerability Management-OutPost24 Connectors

  • the API Connector for HIAB and Outscan

  • the API Connector for SWAT

  • the XML Connector

To learn about the differences between API and XML connectors, please see the help page here. For this Help Document, we will focus on the first Connector: the API Connector for HIAB and Outscan.

Important: The XML connector (third in the list) is similar to this API connector minus the automation. All OutPost Connectors are mandatory full run connectors and do not currently support incremental pulls.

 

What Types of Outpost24 Data does this Cisco Vulnerability Management Connector Support?

  • Outscan

  • HIAB

User Prerequisites/Connector Setup:

  • Since OutScan is a SaaS based tool, the Kenna Virtual Tunnel is not required.

  • Because HIAB is an Appliance based tool, the Kenna Virtual Tunnel is required for those who have this on-premise deployment.

  • Must have API access to Outpost24s API(s)

 

Configuring your Connector in Cisco Vulnerability Management

To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page if you wish to use the API Connector select the item outlined in purple and for the XML Connector select the item outlined in light-blue.

Outpost24.png

 

Once you select the Outpost24 Outscan/HIAB API Connector, the following screen will appear:

Outpost24_Config.png

 

  • Enter a name for the connector, or leave it as “Outpost24 Outscan/HIAB” if you wish.

  • Enter the Host ID and API key for the service account you wish to leverage

    • If your host is static, you must enter an IP address and the port.

    • If your host is dynamic, please enter the DNS and port information

  • Schedule the Connector. Select the frequency at which you’d like your Connector to run. (we recommend mirroring the cadence of your Outpost24 Scans).

  • Click Save and Verify.

  • If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later. (We recommend 2-3x the scan cadence of your Outpost24 Scans).

 

What Outpost24 Items does Cisco Vulnerability Management Import?

Outpost24 Field

Cisco Vulnerability Management Field

Notes

application

Application Identifier

 

url

url

If present

name

Name

 

detail > findingid

Unique External Identifier (Vulnerability)

 

description

Description

 

solution

Solution/Fix

If present

cvss

scanner_score

 

open?
OR
stillpresent

Vulnerability Status

Only maps open and closed vulnerabilities. Does not map False Positives or Risk Accepted Vulnerabilities.

information

Details

 

cve_raw_data

CVE

 

cwe_ids

CWE

 

wasc_ids

WASC

 

port + portnumber

Ports

 

lastseen

Last Seen

 

found_on

Found On

 

-N/A-

Closed

 

-N/A-

Created

Date on which the vulnerability or asset was first created in Cisco Vulnerability Management. Never mapped to a scanner field.

OS Vendor / Platform

OS

 

hostname

hostname

 

ip

ip_address

 

targetlocation
scanner
asset_tags

Tags

 

 

The Connector does not pull in the following:

  • Custom fields


Optional Settings

The following settings can be enabled on the backend for Outpost24 Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

  • Exclude Informationals

    • When this option is enabled, Cisco Vulnerability Management  will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

  • Skip Tags

    • This setting will allow you to NOT create any Tags within Cisco Vulnerability Management based on the scanner metadata.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Tag Reset

    • This setting will assist in keeping your scanner metadata in sync with Cisco Vulnerability Management. Each time the connector is run, ALL tags within Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.

    • If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

 

Common Reasons for Connector Run Failures

  • Bad Credentials
    • If you enter the incorrect connector credentials during the connector setup, we will not have access to the environment to make the API calls.
  • If no reports are found we will abort the Connector run, rather than fail it outright
  • If an API call fails (no data available, or other reasons)
  • Unexpected data returned

    • If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.

  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run

Additional Assistance:

Please contact Support should you require any additional assistance with the Outpost24 Outscan/HIAB Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.