Outpost24 Outscan/HIAB Connector

Outpost 24 HIAB™ (hacker-in-a-box) is an automated, internal vulnerability management system that includes a network vulnerability scanner and a web application scanner.

Outpost24 Outscan is an automated vulnerability scanner that enables organizations to diagnose, monitor, and triage external vulnerabilities on your internet-exposed devices as well as verify your PCI Compliance for transactional businesses.


To import your data from Outpost24’s Outscan or HIAB tools to Cisco Vulnerability Management and Application Security Module, you will need to use the Outpost24 Outscan/HIAB Connector in the Vulnerability Management section of the Cisco Vulnerability Management UI. There are three different Cisco Vulnerability Management-OutPost24 Connectors

  • the API Connector for HIAB and Outscan

  • the API Connector for SWAT

  • the XML Connector

To learn about the differences between API and XML connectors, refer to the help page here. This article focuses on the first Connector: the API Connector for HIAB and Outscan.

Important: The XML connector (third in the list) is similar to this API connector without the automation. All OutPost24 Connectors are mandatory full run connectors and do not currently support incremental pulls.

What Types of Outpost24 Data does this Cisco Vulnerability Management Connector Support?

  • Outscan

  • HIAB

Prerequisites

  • OutScan is an SaaS based tool, and therefore the Virtual Tunnel is not required.

  • The Virtual Tunnel is required for those who have this on-premises deployment because HIAB is an Appliance based tool, 

  • You must have API access to Outpost24s APIs.

  • You must be a Cisco Vulnerability Management administrator.

Configuring your Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. in the Vulnerability Management section, click OutPost24 Outscan/HIAB if you want to use the API Connector. Click Outpost 24 XML if you want to use the XML Connector.

Outpost24.png

 

On the Outpost24 Outscan/HIAB page, enter the following information:

Outpost24_Config.png

 

  • Name: Enter a name for the connector, or leave it as Outpost24 Outscan/HIAB.

  • Enter the Host and API Key for the service account that you want to use.

    • If your host is static, enter an IP address and the port number.

    • If your host is dynamic, enter the DNS and port number

  • Schedule: Select the frequency that you’d like your Connector to run. (Cisco recommends mirroring the cadence of your Outpost24 scans).

  • Asset inactivity limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans.

5. Click Save and Verify.

 

What Outpost24 Items does Cisco Vulnerability Management Import?

Outpost24 Field

Cisco Vulnerability Management Field

Notes

application

Application Identifier

 

url

url

If present

name

Name

 

detail > findingid

Unique External Identifier (Vulnerability)

 

description

Description

 

solution

Solution/Fix

If present

cvss

scanner_score

 

open
OR
stillpresent

Vulnerability Status

Only maps open and closed vulnerabilities. Does not map False Positives or Risk Accepted Vulnerabilities.

information

Details

 

cve_raw_data

CVE

 

cwe_ids

CWE

 

wasc_ids

WASC

 

port + portnumber

Ports

 

lastseen

Last Seen

 

found_on

Found On

 

-N/A-

Closed

 

-N/A-

Created

Date on which the vulnerability or asset was first created in Cisco Vulnerability Management. Never mapped to a scanner field.

OS Vendor / Platform

OS

 

hostname

hostname

 

ip

ip_address

 

targetlocation
scanner
asset_tags

Tags

 

 

The Connector does not import the following:

  • Custom fields

Optional Settings

The following settings can be enabled on the backend for Outpost24 Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.

Exclude Informationals

When you enable this option, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

Skip Tags

This setting enables you to not create any Tags in Cisco Vulnerability Management based on the scanner metadata.

Ignore Scanner Last Seen Time

Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Tag Reset

This setting assists you with keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.

If you have created any manual tags or any tags were created from metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.

Custom Ordered Locators

Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.

Common Reasons for Connector Run Failures

  • Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
  • If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
  • If an API call fails (no data available, or other reasons).
  • If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.

Additional Assistance:

Contact Support if you require any additional assistance with the Outpost24 Outscan/HIAB Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.