Outpost 24 HIAB™ (hacker-in-a-box) is an automated, internal vulnerability management system that includes a network vulnerability scanner and a web application scanner.
Outpost24 Outscan is an automated vulnerability scanner that enables organizations to diagnose, monitor, and triage external vulnerabilities on your internet-exposed devices as well as verify your PCI Compliance for transactional businesses.
To import your data from Outpost24’s Outscan or HIAB tools to Cisco Vulnerability Management and Application Security Module, you will need to use the Outpost24 Outscan/HIAB Connector in the Vulnerability Management section of the Cisco Vulnerability Management UI. There are three different Cisco Vulnerability Management-OutPost24 Connectors
-
the API Connector for HIAB and Outscan
-
the API Connector for SWAT
-
the XML Connector
To learn about the differences between API and XML connectors, refer to the help page here. This article focuses on the first Connector: the API Connector for HIAB and Outscan.
Important: The XML connector (third in the list) is similar to this API connector without the automation. All OutPost24 Connectors are mandatory full run connectors and do not currently support incremental pulls.
What Types of Outpost24 Data does this Cisco Vulnerability Management Connector Support?
-
Outscan
-
HIAB
Prerequisites
-
OutScan is an SaaS based tool, and therefore the Virtual Tunnel is not required.
-
The Virtual Tunnel is required for those who have this on-premises deployment because HIAB is an Appliance based tool,
-
You must have API access to Outpost24s APIs.
- You must be a Cisco Vulnerability Management administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. in the Vulnerability Management section, click OutPost24 Outscan/HIAB if you want to use the API Connector. Click Outpost 24 XML if you want to use the XML Connector.
On the Outpost24 Outscan/HIAB page, enter the following information:
-
Name: Enter a name for the connector, or leave it as Outpost24 Outscan/HIAB.
-
Enter the Host and API Key for the service account that you want to use.
-
If your host is static, enter an IP address and the port number.
-
If your host is dynamic, enter the DNS and port number
-
-
Schedule: Select the frequency that you’d like your Connector to run. (Cisco recommends mirroring the cadence of your Outpost24 scans).
- Asset inactivity limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans.
5. Click Save and Verify.
What Outpost24 Items does Cisco Vulnerability Management Import?
Outpost24 Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
application |
Application Identifier |
|
url |
url |
If present |
name |
Name |
|
detail > findingid |
Unique External Identifier (Vulnerability) |
|
description |
Description |
|
solution |
Solution/Fix |
If present |
cvss |
scanner_score |
|
open |
Vulnerability Status |
Only maps open and closed vulnerabilities. Does not map False Positives or Risk Accepted Vulnerabilities. |
information |
Details |
|
cve_raw_data |
CVE |
|
cwe_ids |
CWE |
|
wasc_ids |
WASC |
|
port + portnumber |
Ports |
|
lastseen |
Last Seen |
|
found_on |
Found On |
|
-N/A- |
Closed |
|
-N/A- |
Created |
Date on which the vulnerability or asset was first created in Cisco Vulnerability Management. Never mapped to a scanner field. |
OS Vendor / Platform |
OS |
|
hostname |
hostname |
|
ip |
ip_address |
|
targetlocation |
Tags |
|
The Connector does not import the following:
-
Custom fields
Optional Settings
The following settings can be enabled on the backend for Outpost24 Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Exclude Informationals
When you enable this option, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
Skip Tags
This setting enables you to not create any Tags in Cisco Vulnerability Management based on the scanner metadata.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Tag Reset
This setting assists you with keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.
If you have created any manual tags or any tags were created from metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for Connector Run Failures
- Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
- If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
- If an API call fails (no data available, or other reasons).
- If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
- If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.
Additional Assistance:
Contact Support if you require any additional assistance with the Outpost24 Outscan/HIAB Connector.
Comments
Please sign in to leave a comment.