Document Version: 1.3

Date: 2021-05-24


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Purpose

This document provides users with an overview of Scout. This document has been elaborated under the assumption that the reader has access to the OUTSCAN account with Scout subscription.

Introduction

Scout is an asset discovery tool that uses the provided input to find and report on resources and their associations that might have been previously unknown. It enumerates services and deducts information about linked hosts, IPs and other resources that need additional security checks on application or infrastructure layer.

It uses the following methods to gather the data:

  • Network discovery
  • Port scanning
  • Web service enumeration
  • Software component detection
  • Subdomain bruteforcing
  • TLS scanning

Getting Started

To launch OUTSCAN application, navigate to https://outscan.outpost24.com.

Note

Use HTTPS protocol.

APPSEC00

  • Log in using your credentials.
  • To access Discovery scanning module, go to Main Menu > Portal to access Scout through the new UI.

Asset Overview

Note

Contact your Sales Engineer for information on obtaining the attack surface score and map.

Click on the Name to view the Asset details. 



Attack Surface

The user must upload both scores and components (application elements) using the rest API to view the attack surface details in the UI. Under this tab, a spider chart is displayed which depicts the distribution of risk across these 7 elements, and the top most discovered components with their overall Farsight risk. 

Info

See Asset Management for detailed information on remaining tabs.

Manage a Scout Asset


The possible user actions are:

  • Click on Configure Asset, to make a default configuration for the selected asset.

  • Click on Submit for Scoping, fill in the required fields to submit the selected assets for scoping. For more information, refer to Asset Management.

  • Click on Add tags to add a tag to the selected finding.
  • Click on Remove tags to remove a tag applied to the selected finding. See Tags for more information.

    Recommendation on how to utilize Tags


    Primary Owner

    Secondary Owner

    Location - Geographical location, Ex: London, Europe.

    Function - Such as e-commerce, finance, crm etc.

    Impact - Values Critical/High/Medium/Low should describe how the system affects business.

    Other examples of useful tags:

    Cloud - Is the system hosted in the cloud

    Cloud Provider

    Contact Info - Can be email of the person to contact about this system.

  • Click on Generate report to download a report. See Reportsfor more information. 

  • Delete Assets

    1. Select the assets to be deleted, and click on the Delete button at the bottom of the view.
    2. Confirm the action by clicking DELETE.