Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.
Overview
About Outpost24 Outscan
Outpost24 Outscan is an automated vulnerability scanner that enables organizations to diagnose, monitor, and triage external vulnerabilities on your internet-exposed devices as well as verify your PCI Compliance for transactional businesses.
Why integrate Outpost24 Outscan into the Vulcan platform?
The Outpost24 Outscan by Vulcan integrates with the Outpost24 platform to pull and ingest host and website assets and their vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Outpost24 Outscan Details
Supported products | Risk-based vulnerability management Web application security testing |
Categories | Endpoint Security Vulnerability Assessment Application Security - DAST |
Ingested asset types | Hosts Websites Cloud Resources |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Outpost24 Outscan server URL: https://outscan.outpost24.com/
Integration credentials (username and password) with the following permissions:
For ingesting Websites & cloud resources: Portal custom role (Viewing for Assets, Asset Groups and Findings)
For ingesting Hosts: Netsec custom role (Read Only for all targets)
Generating integration credentials and granting permissions
Log in to your account at https://outscan.outpost24.com/portal and access your account settings by clicking your name.
In the "IAM" section, add a new role named "Vulcan" with "View" permissions for Asset groups, Assets, and Findings.
In the USERS tab, create a new user with a unique username and a valid email for password delivery.
Back in the USERS tab, mark the checkbox next to the newly created users and click the Assign roles icon.
Assign the "Vulcan" role.
Back in the USERS tab, mark the checkbox next to the newly created user again and click the Assign resource groups icon.
Assign the relevant resource groups.
Hover over the left section of the page and click on Netsec.
Click the target icon > Settings > Manage Users.
In the Manage User Accounts screen, click on the User Roles tab and then + New.
Create a new user role named "Vulcan" with "Read Only" access.
Back in the Manage User Accounts screen, click on the User Accounts tab, right click the user you created earlier (Vulcan), and click Edit.
In the Maintaining User Account screen Account Settings tab, mark the Active checkbox and the one next to the recently created Vulcan role, under Granted User Roles.
Click on the Granted Targets tab and unmark the checkbox Not all Targets Granted.
Click on the Attributes tab and input a value to the Uri* (any string will do). Click Save.
Use the username and password created for the Vulcan connector setup.
Configuring the Outpost24 Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Outpost24 icon.
Set up the Connector as follows:
Enter the Outpost24 server URL: https://outscan.outpost24.com/
Insert the username and password generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Outpost24 instance, then click Create (or Save Changes).
The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the Outpost icon shows Connected, the sync is complete.
Outpost24 in the Vulcan Platform
Viewing Outpost24 vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Connector is Outpost24.
You can add more filters to narrow down your search further.
See the complete list of available vulnerability filters.Click on a vulnerability for more vulnerability details.
Viewing Outpost24 assets in the Vulcan Platform
Viewing assets by Connector for users with the new platform view (Asset Hub):
Go to the Assets page.
Click on "Filter " and specify the condition as "Assets > Connector is Outpost24".
Viewing assets by Connector for users with the older platform view:
Go to the Assets page.
Choose the relevant asset type tab.
Click on "Filter" and specify the condition as "Assets > Connector is Outpost24"
You can add more filters to narrow down your search further.
See the complete list of available asset filters.
Click on any asset for more asset details.
Taking Action on vulnerabilities and assets detected by Outpost24
To take remediation action on vulnerabilities and assets detected by Outpost24:
Go to the Vulnerabilities pr Assets Page.
Use the Filter to filter vulnerabilities by the Outpost24 connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.
Select the relevant Vulnerabilities/assets out of the results list.
Click on Take Action to proceed with remediation or further actions.
Automating remediation actions on vulnerabilities detected by Outpost24
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.
From Outpost24 to the Vulcan Platform - Data Mapping
The Vulcan Platform integrates with Outpost24 through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.
Host fields mapping
Outpost24 field | Vulcan field |
id | Asset Uniqueness criteria |
hostname or name | Hostname |
source businessCriticality exposed assetIdentifiers | Asset details |
Hosts | Asset type |
os | Asset OS |
firstSeen or created | Asset Created date |
lastSeen or updated | Asset Last seen date |
tags | Asset Vendor’s tags |
groups | Asset Additional tags |
asset id + id + Unique Vulnerability id | Vulnerability instance uniqueness criteria |
firstSeen or created | Vulnerability instance first seen |
lastSeen | Vulnerability instance Last seen |
packageName or presentableName | Vulnerability instance packages |
port | Vulnerability instance port |
protocol | Vulnerability instance protocol |
vulnId | Unique Vulnerability uniqueness criteria |
name | Unique Vulnerability title |
nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score | Unique Vulnerability score |
description | Unique Vulnerability description |
vulnId or id softwareComponent cyrating hasExploits exploitProbability farsight classifications | Unique Vulnerability details |
nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score | Unique Vulnerability CVSS |
cve | Unique Vulnerability CVE/S |
cwe | Unique Vulnerability CWE |
nvdCvssV3Vector | Unique Vulnerability CVSS attack vector |
solutionUuid | Solution uniqueness criteria |
Fix from Outpost24 | Solution title |
solution and solutionTitle and solutionType and solutionProduct | Solution description |
Website fields mapping
Outpost24 field | Vulcan field |
id | Asset Uniqueness criteria |
name | Asset Name |
Websites | Asset type |
- | Asset Address |
source asset_identifiers | Asset detail |
tags | Asset Vendor’s tags |
groups | Asset Additional tags |
firstSeen or created | Asset Created date |
lastSeen or updated | Asset Last seen date |
asset id + match id + Unique Vulnerability id | Vulnerability instance uniqueness criteria |
source port protocol match | Assets-Vulnerability details |
firstSeen or created | Vulnerability instance first seen |
url | Vulnerability instance url |
lastSeen | Vulnerability instance Last seen |
CVSS3 score | Vulnerability instance score |
finding name | Unique Vulnerability uniqueness criteria |
name | Unique Vulnerability title |
description | Unique Vulnerability description |
id softwareComponent cyrating hasExploits exploitProbability farsight classifications | Unique Vulnerability details |
nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score | Unique Vulnerability CVSS |
cve | Unique Vulnerability CVE/S |
cwe | Unique Vulnerability CWE |
nvdCvssV3Vector | Unique Vulnerability CVSS attack vector |
finding name | Solution uniqueness criteria |
Fix from Outpost24 | Solution Title |
solution + solutionTitle + solutionType + solutionProduct | Solution Description |
Cloud Resource fields mapping
Outpost24 field | Vulcan field |
id | Asset Uniqueness criteria |
name | Hostname |
source assetIdentifiers | Asset details |
Hosts | Asset type |
assetIdentifierTypes | Asset cloud type |
assetIdentifierTypes | Asset resource type |
firstSeen or created | Asset Created date |
lastSeen or updated | Asset Last seen date |
tags | Asset Vendor’s tags |
groups | Asset Additional tags |
asset id + match id + Unique Vulnerability id | Vulnerability instance uniqueness criteria |
firstSeen or created | Vulnerability instance first seen |
lastSeen | Vulnerability instance Last seen |
finding id | Unique Vulnerability uniqueness criteria |
name | Unique Vulnerability title |
nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score | Unique Vulnerability score |
description | Unique Vulnerability description |
id softwareComponent cyrating hasExploits exploitProbability farsight classifications | Unique Vulnerability details |
nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score | Unique Vulnerability CVSS |
cwe | Unique Vulnerability CWE |
nvdCvssV3Vector | Unique Vulnerability CVSS attack vector |
finding name | Solution uniqueness criteria |
Fix from Outpost24 | Solution title |
solution and solutionTitle and solutionType and solutionProduct | Solution description |
Vulnerability status mapping
Outpost Status | Vulcan Status |
PRESENT isAccepted:false (for NEtSec) | Vulnerable |
FIXED | Fixed |
FALSE_POSITIVE | Ignored - false positive |
ACCEPTED isAccepted:true (for NetSec) | Ignored risk acknowledged |
TO_PUSH TO_QA PENDING_VERIFICATION TO_REVIEW TO_VERIFY | inProgress |
Vulnerability score mapping
Outpost score | Vulcan score |
CRITICAL | 10 |
HIGH | 7 |
MEDIUM | 5 |
LOW | 3 |
RECOMMENDATION | 0 |
Status Update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any are added).
The table below lists how the status update mechanism works in the Outpost24 connector for the vulnerabilities and assets in the Vulcan Platform.
Update type in Vulcan | Mechanism (When?) |
The asset is archived | - Asset not found on the Connector's last sync - Asset not seen for X days according to "Last Seen" |
The vulnerability instance status changes to "Fixed" | - If the vulnerability no longer appears in the scan findings. - Vulnerability status on the Connector's side changes to "FIXED" |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
Support and Expected Behavior
Host Visibility Differences
When utilizing the NetSec module from Outpost24, which employs agents on various machines, customers might notice discrepancies in host data visibility between the Outpost24 portal and Vulcan. Specifically:
In Outpost24: Some hosts that are managed by NetSec agents may not appear in the portal interface.
In Vulcan: Vulcan ingests data from both the portal and NetSec, thus providing a comprehensive view of all host data.
Asset Duplication in Vulcan
Outpost24 does not differentiate between asset types, which can lead to instances of apparent data duplication in Vulcan, particularly:
For example, If Outpost24 has an agent on a machine hosting a web application, it will register this as a single asset. In contrast, Vulcan will display this information as two separate assets:
One entry as a host (the machine)
Another entry as a website (the web application)
API Endpoints in Use
API version: 3.0.1
API | Use in Vulcan | Permissions required |
/opi/rest/outscan/targets | Assets (hosts) | Read Only for all targets |
/opi/rest/outscan/findings | Vulnerability instances (hosts), Asset enrichment (os) | Read Only for all targets |
/opi/rest/checks | Unique vulnerabilities and solutions (hosts) | View Findings |
/opi/rest/assets | Assets (websites) | View Assets |
/opi/rest/findings | Vulnerability instances (websites) | View Findings |
/opi/rest/matches | Vulnerability instances (websites) | View Findings |
/opi/rest/checks | Unique vulnerabilities and solutions (websites) | View Findings |
/opi/rest/asset-groups | Asset enrichment (tags) | View Asset Groups |
/opi/rest/outscan/targets | Assets (hosts) | Read Only for all targets |
Data Validation
This section outlines the validation and matching of data between Outpost24 and the Vulcan Platform.
Before you start, see Support and Expected Behaviour.
For Outpost24 Portal
Matching Assets in Outpost24 portal
Go to the Outpost24 Portal module > Assets.
Click on the Assets tab.
Filter the assets by clicking on the filter and selecting the Source column.
Correspond the chosen sources with Vulcan asset types:
Hosts - "NETSEC", "VERIFY";
Cloud Resources - "CLOUDSEC";
Websites - select all except "NETSEC", "VERIFY", "CLOUDSEC".
At the top of the screen, select the checkbox next to "Name" to show all assets.
Note the number of assets displayed at the bottom of the screen.
Matching Vulnerability instances in Outpost24 Portal
Scroll to the bottom of the screen and click on Generate report.
Select the radio button next to Vulnerabilities and proceed by clicking Next.
Click the Detailed tab. Then, make sure only EXCEL is selected.
Click Next until you reach step 6.
For the Set report timeframe, click the Custom tab, set the date range from 1999-01-01 to the current date, and click Generate.
Once the report is ready, download it by clicking on the cloud icon at the upper right and then the download icon.
The Risk Details sheet in the excel file will detail all the findings (Vulcan vulnerability instances).
Outpost24 (NetSec)
Matching Assets In Outpost24 NetSec
Click on the Outpost24 logo at the bottom left and navigate to "NetSec" and "Manage Targets."
You will see all NetSec targets divided into Target Groups. If the Vulcan user had access to all targets, look at the number next to All targets. Otherwise, check the numbers next to the appropriate groups.
Matching Vulnerability instances in Outpost Netsec
Click on the Outpost24 logo on the bottom left and then on Netsec and Reporting Tools.
In Reporting Tools, mark which Target Group you wish to export. In this example, All targets are marked.
At the bottom left, click Export Report.
Set the format to Excel, report type to Vulnerability, and target summary to All Selected Targets.
Click Export.
The Vulnerability Details sheet in the excel file will detail all the findings (Vulcan vulnerability instances).
In Vulcan
Matching Assets
Go to Assets.
Click on the "Filter" button, add a rule for "Asset > Connector," and input the name of the Outpost24 connector. Apply the filter.
The number of assets, divided by type, will be shown on the upper left.
Matching vulnerability instances
Go to Vulnerabilities.
Click on the "Filter" button, add a rule for "Vulnerability > Source," and set the value to the Outpost24 connector. Apply the filter.
Turn on the slider for "Vulnerability Instance mode" on the upper right.
Mark "All" on the upper left to show all vulnerability instances.
