Document Version: 3.6
© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.
This document provides users with a comprehensive overview of Findings. It is assumed that the reader has basic access to the OUTSCAN/HIAB account with Appsec subscription.
Findings are the potential risks and recommended reconfiguration suggestions found during automatic and manual assessments of the target asset. These vary from security best practices which lower the attack surface of the target to exploitable vulnerabilities that were verified and confirmed as being present and relevant for the target.
Findings include their classification, risk score and information describing what it is, why it was found and how an attacker might be able to exploit the vulnerability as well as provide clear solutions to remediate the risk.
The Findings view will be visible without a Appsec subscription, but the view will be empty and you will not be able populate the view.
The Findings view shows the vulnerabilities identified during the scans.
Click on a finding to view its details on the right side of the window.
Shows the description of the selected finding along with the solution.
Shows if there are any known public exploits.
Comments can be a note to the finding, or the status of the finding such as resolution alternatives etc. A comment is only applicable to that finding and can not be shared across multiple findings. Comments are threaded, i.e. it is possible to reply to a specific comment to keep this thread contained for one type of discussion which allows easy overview and segmentation of conversations.
TipTo access existing comments, click on the comment icon in any row to quickly launch the comments window.
Along with Common Settings, you can apply two additional filters, based on IP addresses and Virtual hosts.
The IP address filter presents a list of IP addresses associated with the findings.
Filter the findings based on IP addresses by selecting the IPs of choice. See Reports, for generating a report based on IP addresses.
This filter presents a list of virtual host names associated with the findings.
Filter the findings based on virtual hosts by selecting the hostnames of choice. See Reports, for generating a report based on hostnames.
Select one or more findings, and choose one of the actions that is displayed on the bottom bar:
The possible user actions are:
- Click on Add tags to add a tag to the selected finding.
Click on Remove tags to remove a tag applied to the selected finding.
- Click on Mark as Fixed icon, and confirm by clicking YES, to update the status of that finding as fixed.
Click on Unmark as Fixed icon, and confirm by clicking YES, to revert the status of that finding to not fixed.
- Click on Request verification icon to add a comment and send to the technical service team for verification regarding that finding.
- Click on Change risk icon to change the change the risk information of that finding.
- Click on Accept risk icon to accept the risk. You can also select a date and add comment.
- Click on Unaccept risk icon to revert the accepted status of that finding.
- Click on Mark as false positive icon to mark a finding as false positive.
- Click on Unmark false positive icon to unmark a finding as false positive.
The Likelihood feature, powered by Cyr3con™, in Outpost24 Farsight provides an easier way to address vulnerabilities which are relevant and may impact an organization irrespective of the CVSS score or the presence of an exploit for a vulnerability.
By focusing on the likelihood, you are mitigating vulnerabilities that, based on the machine learning model, are predicting an increased risk even though it may not currently be exploited.
Risk classification of assets and services serves a purpose and should be conducted to further distinguish where to focus most efforts. This task can be time-consuming and may not produce viable results in the first couple of iterations. Farsight enables you to filter out some unlikely vulnerabilities with little to no prior knowledge about the vulnerabilities or assets, getting you on track with your vulnerability program faster.
Risk Score - Likelihood
Likelihood is a risk indicator that shows how many times more likely a vulnerability is to be exploited compared to average, where approximately 95% of all vulnerabilities are never exploited. This is displayed in the Likelihood column in Reporting Tools and Vulnerability Database. If a vulnerability has a score of 15 it is 15 times more likely to be exploited than a normal vulnerability. The value can go to 38.46 which is the equivalent of saying it will be (or has been already) exploited in the wild in the next 12 months.
The benefit to the customer is the ability to drive more aggressive risk-based remediation, focusing on even fewer vulnerabilities that reach a particular likelihood, whether that is 15 times or 30 times. It is also worth noting that any vulnerability already exploited in the wild will have the risk value of 38.46 as it has been exploited already.
Since risk score is machine learning driven, based on several factors the risk rating can decrease as well as increase based on activity in the wild.
To use Farsight you first need to enable the function in your subscription. Contact support for more information on how you can enable the Farsight function.
For more information on Farsight, see How to Use Farsight in Appsec guide.