Skip to main content
All CollectionsConnectors
Outpost24 Connector (new revision)
Outpost24 Connector (new revision)
Updated over 5 months ago

Am I reading the correct user guide?

Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.

Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.


Overview

About Outpost24 Outscan

Outpost24 Outscan is an automated vulnerability scanner that enables organizations to diagnose, monitor, and triage external vulnerabilities on your internet-exposed devices as well as verify your PCI Compliance for transactional businesses.

Why integrate Outpost24 Outscan into the Vulcan platform?

The Outpost24 Outscan by Vulcan integrates with the Outpost24 platform to pull and ingest host and website assets and their vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Outpost24 Outscan Details

Supported products

Risk-based vulnerability management

Web application security testing

Categories

Endpoint Security

Vulnerability Assessment

Application Security - DAST

Ingested asset types

Hosts

Websites

Cloud Resources

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

  • Outpost24 Outscan server URL: https://outscan.outpost24.com/

  • Integration credentials (username and password) with the following permissions:

    • For ingesting Websites & cloud resources: Portal custom role (Viewing for Assets, Asset Groups and Findings)

    • For ingesting Hosts: Netsec custom role (Read Only for all targets)

Generating integration credentials and granting permissions

  1. Log in to your account at https://outscan.outpost24.com/portal and access your account settings by clicking your name.

  2. In the "IAM" section, add a new role named "Vulcan" with "View" permissions for Asset groups, Assets, and Findings.

  3. In the USERS tab, create a new user with a unique username and a valid email for password delivery.

  4. Back in the USERS tab, mark the checkbox next to the newly created users and click the Assign roles icon.

  5. Assign the "Vulcan" role.

  6. Back in the USERS tab, mark the checkbox next to the newly created user again and click the Assign resource groups icon.

  7. Assign the relevant resource groups.

  8. Hover over the left section of the page and click on Netsec.

  9. Click the target icon > Settings > Manage Users.

  10. In the Manage User Accounts screen, click on the User Roles tab and then + New.

  11. Create a new user role named "Vulcan" with "Read Only" access.

  12. Back in the Manage User Accounts screen, click on the User Accounts tab, right click the user you created earlier (Vulcan), and click Edit.

  13. In the Maintaining User Account screen Account Settings tab, mark the Active checkbox and the one next to the recently created Vulcan role, under Granted User Roles.

  14. Click on the Granted Targets tab and unmark the checkbox Not all Targets Granted.

  15. Click on the Attributes tab and input a value to the Uri* (any string will do). Click Save.

  16. Use the username and password created for the Vulcan connector setup.

Configuring the Outpost24 Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Outpost24 icon.

  4. Set up the Connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Outpost24 instance, then click Create (or Save Changes).

  6. The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.

  7. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  8. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  9. To confirm the sync is complete, navigate to the Connectors page. Once the Outpost icon shows Connected, the sync is complete.


Outpost24 in the Vulcan Platform

Viewing Outpost24 vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Connector is Outpost24.

Viewing Outpost24 assets in the Vulcan Platform

Viewing assets by Connector for users with the new platform view (Asset Hub):

  1. Go to the Assets page.

  2. Click on "Filter " and specify the condition as "Assets > Connector is Outpost24".

Viewing assets by Connector for users with the older platform view:

  1. Go to the Assets page.

  2. Choose the relevant asset type tab.

  3. Click on "Filter" and specify the condition as "Assets > Connector is Outpost24"

You can add more filters to narrow down your search further.
See the complete list of available asset filters.

Click on any asset for more asset details.

Taking Action on vulnerabilities and assets detected by Outpost24

To take remediation action on vulnerabilities and assets detected by Outpost24:

  1. Go to the Vulnerabilities pr Assets Page.

  2. Use the Filter to filter vulnerabilities by the Outpost24 connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.

  3. Select the relevant Vulnerabilities/assets out of the results list.

  4. Click on Take Action to proceed with remediation or further actions.

Automating remediation actions on vulnerabilities detected by Outpost24

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.


From Outpost24 to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Outpost24 through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Host fields mapping

Outpost24 field

Vulcan field

id

Asset Uniqueness criteria

hostname or name

Hostname

source

businessCriticality

exposed

assetIdentifiers

Asset details

Hosts

Asset type

os

Asset OS

firstSeen or created

Asset Created date

lastSeen or updated

Asset Last seen date

tags

Asset Vendor’s tags

groups

Asset Additional tags

asset id + id + Unique Vulnerability id

Vulnerability instance uniqueness criteria

firstSeen or created

Vulnerability instance first seen

lastSeen

Vulnerability instance Last seen

packageName or presentableName

Vulnerability instance packages

port

Vulnerability instance port

protocol

Vulnerability instance protocol

vulnId

Unique Vulnerability uniqueness criteria

name

Unique Vulnerability title

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score

Unique Vulnerability score

description

Unique Vulnerability description

vulnId or id

softwareComponent

cyrating

hasExploits

exploitProbability

farsight

classifications

Unique Vulnerability details

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score

Unique Vulnerability CVSS

cve

Unique Vulnerability CVE/S

cwe

Unique Vulnerability CWE

nvdCvssV3Vector

Unique Vulnerability CVSS attack vector

solutionUuid

Solution uniqueness criteria

Fix from Outpost24

Solution title

solution and solutionTitle and solutionType and solutionProduct

Solution description

Website fields mapping

Outpost24 field

Vulcan field

id

Asset Uniqueness criteria

name

Asset Name

Websites

Asset type

-

Asset Address

source

asset_identifiers

Asset detail

tags

Asset Vendor’s tags

groups

Asset Additional tags

firstSeen or created

Asset Created date

lastSeen or updated

Asset Last seen date

asset id + match id + Unique Vulnerability id

Vulnerability instance uniqueness criteria

source

port

protocol

match

Assets-Vulnerability details

firstSeen or created

Vulnerability instance first seen

url

Vulnerability instance url

lastSeen

Vulnerability instance Last seen

CVSS3 score

Vulnerability instance score

finding name

Unique Vulnerability uniqueness criteria

name

Unique Vulnerability title

description

Unique Vulnerability description

id

softwareComponent

cyrating

hasExploits

exploitProbability

farsight

classifications

Unique Vulnerability details

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score

Unique Vulnerability CVSS

cve

Unique Vulnerability CVE/S

cwe

Unique Vulnerability CWE

nvdCvssV3Vector

Unique Vulnerability CVSS attack vector

finding name

Solution uniqueness criteria

Fix from Outpost24

Solution Title

solution + solutionTitle + solutionType + solutionProduct

Solution Description

Cloud Resource fields mapping

Outpost24 field

Vulcan field

id

Asset Uniqueness criteria

name

Hostname

source

assetIdentifiers

Asset details

Hosts

Asset type

assetIdentifierTypes

Asset cloud type

assetIdentifierTypes

Asset resource type

firstSeen or created

Asset Created date

lastSeen or updated

Asset Last seen date

tags

Asset Vendor’s tags

groups

Asset Additional tags

asset id + match id + Unique Vulnerability id

Vulnerability instance uniqueness criteria

firstSeen or created

Vulnerability instance first seen

lastSeen

Vulnerability instance Last seen

finding id

Unique Vulnerability uniqueness criteria

name

Unique Vulnerability title

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score

Unique Vulnerability score

description

Unique Vulnerability description

id

softwareComponent

cyrating

hasExploits

exploitProbability

farsight

classifications

Unique Vulnerability details

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score

Unique Vulnerability CVSS

cwe

Unique Vulnerability CWE

nvdCvssV3Vector

Unique Vulnerability CVSS attack vector

finding name

Solution uniqueness criteria

Fix from Outpost24

Solution title

solution and solutionTitle and solutionType and solutionProduct

Solution description

Vulnerability status mapping

Outpost Status

Vulcan Status

PRESENT

isAccepted:false (for NEtSec)

Vulnerable

FIXED

Fixed

FALSE_POSITIVE
IRREPRODUCIBLE
REJECTED

Ignored - false positive

ACCEPTED

isAccepted:true (for NetSec)

Ignored risk acknowledged

TO_PUSH

TO_QA

PENDING_VERIFICATION

TO_REVIEW

TO_VERIFY

inProgress

Vulnerability score mapping

Outpost score

Vulcan score

CRITICAL

10

HIGH

7

MEDIUM

5

LOW

3

RECOMMENDATION

0

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any are added).

The table below lists how the status update mechanism works in the Outpost24 connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the Connector's last sync

- Asset not seen for X days according to "Last Seen"

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

- Vulnerability status on the Connector's side changes to "FIXED"

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

Support and Expected Behavior

Host Visibility Differences

When utilizing the NetSec module from Outpost24, which employs agents on various machines, customers might notice discrepancies in host data visibility between the Outpost24 portal and Vulcan. Specifically:

  • In Outpost24: Some hosts that are managed by NetSec agents may not appear in the portal interface.

  • In Vulcan: Vulcan ingests data from both the portal and NetSec, thus providing a comprehensive view of all host data.

Asset Duplication in Vulcan

Outpost24 does not differentiate between asset types, which can lead to instances of apparent data duplication in Vulcan, particularly:

For example, If Outpost24 has an agent on a machine hosting a web application, it will register this as a single asset. In contrast, Vulcan will display this information as two separate assets:

  • One entry as a host (the machine)

  • Another entry as a website (the web application)

API Endpoints in Use

API version: 3.0.1

API

Use in Vulcan

Permissions required

/opi/rest/outscan/targets

Assets (hosts)

Read Only for all targets

/opi/rest/outscan/findings

Vulnerability instances (hosts), Asset enrichment (os)

Read Only for all targets

/opi/rest/checks

Unique vulnerabilities and solutions (hosts)

View Findings

/opi/rest/assets

Assets (websites)

View Assets

/opi/rest/findings

Vulnerability instances (websites)

View Findings

/opi/rest/matches

Vulnerability instances (websites)

View Findings

/opi/rest/checks

Unique vulnerabilities and solutions (websites)

View Findings

/opi/rest/asset-groups

Asset enrichment (tags)

View Asset Groups

/opi/rest/outscan/targets

Assets (hosts)

Read Only for all targets


Data Validation

This section outlines the validation and matching of data between Outpost24 and the Vulcan Platform.

Before you start, see Support and Expected Behaviour.

For Outpost24 Portal

Matching Assets in Outpost24 portal

  1. Go to the Outpost24 Portal module > Assets.

  2. Click on the Assets tab.

  3. Filter the assets by clicking on the filter and selecting the Source column.

  4. Correspond the chosen sources with Vulcan asset types:

    Hosts - "NETSEC", "VERIFY";

    Cloud Resources - "CLOUDSEC";

    Websites - select all except "NETSEC", "VERIFY", "CLOUDSEC".

    Note: These are not necessarily all the hosts. TheOutpost24 (NetSec) section explains how to export the data for the remaining host.

  5. At the top of the screen, select the checkbox next to "Name" to show all assets.

    Note the number of assets displayed at the bottom of the screen.

Matching Vulnerability instances in Outpost24 Portal

  1. Scroll to the bottom of the screen and click on Generate report.

  2. Select the radio button next to Vulnerabilities and proceed by clicking Next.

  3. Click the Detailed tab. Then, make sure only EXCEL is selected.

  4. Click Next until you reach step 6.

  5. For the Set report timeframe, click the Custom tab, set the date range from 1999-01-01 to the current date, and click Generate.

  6. Once the report is ready, download it by clicking on the cloud icon at the upper right and then the download icon.

    The Risk Details sheet in the excel file will detail all the findings (Vulcan vulnerability instances).

Outpost24 (NetSec)

Matching Assets In Outpost24 NetSec

  1. Click on the Outpost24 logo at the bottom left and navigate to "NetSec" and "Manage Targets."

  2. You will see all NetSec targets divided into Target Groups. If the Vulcan user had access to all targets, look at the number next to All targets. Otherwise, check the numbers next to the appropriate groups.

Matching Vulnerability instances in Outpost Netsec

  1. Click on the Outpost24 logo on the bottom left and then on Netsec and Reporting Tools.

  2. In Reporting Tools, mark which Target Group you wish to export. In this example, All targets are marked.

  3. At the bottom left, click Export Report.

  4. Set the format to Excel, report type to Vulnerability, and target summary to All Selected Targets.

  5. Click Export.

  6. The Vulnerability Details sheet in the excel file will detail all the findings (Vulcan vulnerability instances).

In Vulcan

Matching Assets

  1. Go to Assets.

  2. Click on the "Filter" button, add a rule for "Asset > Connector," and input the name of the Outpost24 connector. Apply the filter.

  3. The number of assets, divided by type, will be shown on the upper left.

Matching vulnerability instances

  1. Go to Vulnerabilities.

  2. Click on the "Filter" button, add a rule for "Vulnerability > Source," and set the value to the Outpost24 connector. Apply the filter.

  3. Turn on the slider for "Vulnerability Instance mode" on the upper right.

  4. Mark "All" on the upper left to show all vulnerability instances.

Did this answer your question?