Outpost24 uses REST API. This document is released as legacy documentation.
For the latest REST API document see REST API Interface Technical Document, or contact the Support.


Version: 2.0

Date: 2014-02-18



Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

Using the Outpost24 XML API will allow your company or third parties to integrate the OUTSCAN or HIAB solution into your own applications using an extensible XML interface. This guide is intended for those who are going to use the Outpost24 XML API. Read the Getting Started section before you start developing your application.

Getting Started

This manual provides the technical guidance required to integrate to the Outpost24 platform using a proprietary, XML-based interface. This interface is designed to provide clients with a straightforward way of how to create a connection to Outpost24. It is easy to integrate into applications and requires skills and knowledge that are familiar to most web developers.

The Outpost24 XML API features a rich set of functions, which will allow you to customize the output and request different types of information from within the system. As you can see in the illustration below, all the things that you can do from the graphical user interface can be performed from the XML API.

Processing API Requests:



The server will allow you to do either GET or POST request but if you have a request which might transfer a larger amount of data in the parameters then it's wise to use the POST request instead since that is capable of handling larger requests.

The default date and time format used by the system is yyyy-MM-dd HH:mm (Java formatting style). The time format is 24 hours so the following is an example, which refers to last day of the year right before midnight: 2012-12-31 23:59

The time zone used in the system is GMT. If you need it in another time zone you need to convert it by yourself.

The character encoding used by the system is UTF-8.

All URI parameters that are used when requesting information are case sensitive.

Basic Information

The request for the API is done against either the OUTSCAN system or the HIAB appliance/instance.

If done against the against the OUTSCAN system the URI is the following:

https://outscan.outpost24.com/opi/XMLAPI


On the HIAB the XML API is located at the following URI:

https://hiab-ip/opi/XMLAPI


When connecting to the API you should use something that is referred to as an application token called APPTOKEN. This makes it possible for you to perform a single request with a predefined users access right.

Note that the token generated should be carefully protected since it will allow direct access with out the requirement of authentication. Should you test the request in a browser, regenerate the token afterwards when the solution is put into production since the old version has been stored in the browser history.

The token can be generated under Main Menu > Settings > Account > Security Policy. In the bottom of that screen you will have a selection called Application Access Token and this is the one that will provide you access to the API without performing multiple requests.

Once the token is generated, add it to any request that you would like to perform using the parameter APPTOKEN.

For example:

https://hiab-ip/opi/XMLAPI?ACTION=SCANLOG&APPTOKEN=xxxx


Note

Read the Appendix A to see how the responses are encapsulated in XML.

Country Codes

A complete and up to date list of supported country codes by system can be retrieved from the system. Whenever the country field is given to the system it will be validated against these values. See Appendix E.

Required Keys
ACTIONCOUNTRYDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=COUNTRYDATA

Example response:

<RESPONSE>
     <RESPONSE/>
</RESPONSE>


Response Keys
TIMEZONEThe time  zone used by this country.
VCAREACODEThe area code used for this country.
VCNAMEThe name of the country.
XIDThe unique identifier of the given object.


Information In Session (License Information)

This Request will give you information regarding your license and other settings. The output below is a reflection of our test account and therefore some of these fields may not be present on your account.

Required Keys
ACTIONLOGINDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=LOGINDATA

Example response:

<RESPONSE>
   <USERLIST>
      <USER>
         <NAME>Api Api</NAME>
         <USERNAME>APIUSER</USERNAME>
         <COMPANY>Outpost24.com</COMPANY>
         <EMAIL>df@outpost24.com</EMAIL>
         <MOBILE/>
         <LASTLOGONDATE>2014-02-18 08:53</LASTLOGONDATE>
         <NUMBER_LOGON>1113</NUMBER_LOGON>
         <LASTLOGONIP>91.216.32.3</LASTLOGONIP>
         <COUNTRYCODE>gb</COUNTRYCODE>
         <COUNTRY>Sweden</COUNTRY>
         <STATE>--</STATE>
         <IS_SUBUSER>1</IS_SUBUSER>
         <ALL_TARGETGROUPS>1</ALL_TARGETGROUPS>
         <GMTOFFSET>0.00</GMTOFFSET>
         <DATEFORMAT>Y-m-d</DATEFORMAT>
         <TIMEFORMAT>H:i</TIMEFORMAT>
         <SERVERTIME>2014-02-18 08:59</SERVERTIME>
         <SHOWGUIDE>0</SHOWGUIDE>
         <SHOWPCIINFO>1</SHOWPCIINFO>
         <STARTDAYOFWEEK>1</STARTDAYOFWEEK>
         <LANGUAGE>en</LANGUAGE>
         <STARTPAGE>/js/plugins-4.1.129.12.js.gzip,/js/desktop-
4.1.129.12.js.gzip,/js/init-4.1.129.12.js.gzip,/js/pci_addon-4.1.129.12.js.gzip</STARTPAGE>
         <SHOWMONITOR>0</SHOWMONITOR>
         <MAXIP>8</MAXIP>
         <MAXPCIIP>5</MAXPCIIP>
         <SESSIONTIMEOUT>0</SESSIONTIMEOUT>
         <AUDITTARGETMANAGEMENT>1</AUDITTARGETMANAGEMENT>
         <AUDITSCHEDULEMANAGEMENT>0</AUDITSCHEDULEMANAGEMENT>
         <AUDITSCANPOLICYMANAGEMENT>0</AUDITSCANPOLICYMANAGEMENT>
         <AUDITRISKACCEPTANCE>0</AUDITRISKACCEPTANCE>
         <AUDITCHANGERISKLEVEL>0</AUDITCHANGERISKLEVEL>
         <CSRFVALIDATION>0</CSRFVALIDATION>
         <MAXWEBAPPS>5</MAXWEBAPPS>
         <P3DAYS>60</P3DAYS>
         <P4DAYS>14</P4DAYS>
         <P5DAYS>7</P5DAYS>
         <PACTIVE>7</PACTIVE>
         <P3LABEL>P3</P3LABEL>
         <P4LABEL>P2</P4LABEL>
         <P5LABEL>P1</P5LABEL>
         <FORCEGROUPSCHEDULING>1</FORCEGROUPSCHEDULING>
         <SCANPOLICYOWNERSHIP>0</SCANPOLICYOWNERSHIP>
         <SERVICES>1</SERVICES>
         <STRATEGY>1</STRATEGY>
         <MANAGEDSERVICESLIMITED>0</MANAGEDSERVICESLIMITED>
         <ACCEPTEDLENGTH>30</ACCEPTEDLENGTH>
         <ACCEPTTARGETS>0</ACCEPTTARGETS>
         <TWOFACTORAUTHENTICATIONMETHOD>0</TWOFACTORAUTHENTICATIONMETHOD>
         <SHOWVALIDATIONRECOMMENDATION>0</SHOWVALIDATIONRECOMMENDATION>
         <SUPERUSER>1</SUPERUSER>
         <SCAN_SETTINGS>0</SCAN_SETTINGS>
         <SCAN_REPORTS>0</SCAN_REPORTS>
         <SCAN_SCHEDULING>0</SCAN_SCHEDULING>
         <TARGET_ADD>0</TARGET_ADD>
         <TARGET_DELETE>0</TARGET_DELETE>
         <REPORT_DISABLE>0</REPORT_DISABLE>
         <REPORT_DELETE>0</REPORT_DELETE>
         <USERROLES_ADMIN>0</USERROLES_ADMIN>
         <TARGETGROUP_ADMIN>0</TARGETGROUP_ADMIN>
         <FINDING_ADMIN>0</FINDING_ADMIN>
         <RECEIVE_EMAIL>0</RECEIVE_EMAIL>
         <ACCEPT_RISKS>0</ACCEPT_RISKS>
         <SCAN_VERIFY>0</SCAN_VERIFY>
         <WEBAPPADMIN>0</WEBAPPADMIN>
         <WEBAPPREPORTING>0</WEBAPPREPORTING>
         <WEBAPPDELETEREPORT>0</WEBAPPDELETEREPORT>
         <STOPSCAN>0</STOPSCAN>
         <DASHBOARD>0</DASHBOARD>
         <RECEIVE_SMS>0</RECEIVE_SMS>
         <PCI_SUBUSER>0</PCI_SUBUSER>
         <PCISCOPING>0</PCISCOPING>
         <PCISCHEDULING>0</PCISCHEDULING>
         <PCIREPORTING>0</PCIREPORTING>
         <PCIDISPUTING>0</PCIDISPUTING>
         <PCIEMAILADDRESS>df@outpost24.com</PCIEMAILADDRESS>
         <SUBUSERXID>4710</SUBUSERXID>
         <USERROLE>Super User</USERROLE>
         <PRODUCT>OUTSCAN PCI OUTSCAN WAS HIAB SERVICES STRATEGY ,AGENT</PRODUCT>
         <IS_ADMIN>1</IS_ADMIN>
         <XID>114</XID>
         <XIPARENTID>101</XIPARENTID>
         <IS_SALES>1</IS_SALES>
         <ISSERVICES>1</ISSERVICES>
         <SYSTEM>OUTSCAN</SYSTEM>
         <VERSION>4.1.129.39</VERSION>
      </USER>
   </USERLIST>
</RESPONSE>


Response Keys
ACCEPT_RISKSIs the account allowed to accept risks.
ACCEPTEDLENGTHThe number of days the vulnerability has been accepted.
ACCEPTTARGETSBoolean value if the user is allowed to accept.
ALL_TARGETGROUPSSet to 1 if not all targets are available.
AUDITCHANGERISKLEVELBoolean flag if the user is required to supply an audit comment when changing a risk level for a report finding.
AUDITRISKACCEPTANCEBoolean flag if the user is required to supply an audit comment when accepting a risk.
AUDITSCANPOLICYMANAGEMENTBoolean flag if the user is required to supply an audit comment when doing a scan policy management.
AUDITSCHEDULEMANAGEMENTBoolean flag if the user is required to supply an audit comment when doing a schedule management.
AUDITTARGETMANAGEMENTBoolean flag if the user is required to supply an audit comment when doing a target  management.
COMPANYThe name of the company for this account.
COUNTRYThe country for this account, See Country Codes section.
COUNTRYCODEThe country code for this account, See Country Codes section.
CSRFVALIDATIONBoolean flag if the Cross Site Request Forgery function should be enabled.
DASHBOARD

Can this account view the dashboard.

DATEFORMATThe format that should be used when presenting dates.
EMAILEmail address for this account.
FINDING_ADMINDeprecated
FORCEGROUPSCHEDULINGBoolean flag which will enforce only use of groups if set.
GMTOFFSETThe offset from GMT used when displaying time information in this account.
ISSERVICESBoolean flag whether this account can supply reports in the service.
IS_ADMINBoolean flag whether the account has administration rights.
IS_SALESBoolean flag if this account is a sales organization.
IS_SUBUSERBoolean flag whether account is a sub account.
LANGUAGEThe language for this account. See Country Codes section.
LASTLOGONDATEThe last date this account was logged on to.
LASTLOGONIPFrom which IP the login occurred.
MANAGEDSERVICESLIMITEDBoolean flag if the service reports access can bi limited per sub user.
MAXIPThe maximum number of targets the account is allowed to use in the OUTSCAN system.
MAXPCIIPThe maximum number of targets the account is allowed to add to the PCI system.
MAXWEBAPPSThe maximum number of WEB applications this account is allowed to use.
MOBILEMobile/Cellphone number associated with this account.
NAMEThe user name which was used during log in.
NUMBER_LOGON

The number of log in that this account has done since it was created.

P3DAYSThe Number of days before a task of priority level 3 is escalated.
P4DAYSThe Number of days before a task of priority level 4 is escalated.
P5DAYSThe Number of days before a task of priority level 5 is escalated.
P3LABELText label for priority level 3.
P4LABELText label for priority level 4.
P5LABELText label for priority level 5.
PACTIVEBoolean flag whether this account is active or not.
PCIDISPUTINGCan this account dispute PCI findings.
PCIEMAILADDRESSThe primary email address used for contact when doing PCI disputes.
PCIREPORTINGCan this account access  PCI reports.
PCISCHEDULINGCan this account schedule PCI scans.
PCISCOPINGCan this account change PCI scope.
PCI_SUBUSERIs this account a sub user in the PCI solution.
PRODUCTA list of products which is associated with this account.
RECEIVE_EMAILCan this account receive report email.
RECEIVE_SMSCan this account receive SMS notifications.
REPORT_DELETECan this account delete reports.
REPORT_DISABLECan the user mark findings as false positives.
SCANPOLICYOWNERSHIPBoolean flag if newly created scan policies should be visible to all users.
SCAN_REPORTSCan the user see reports.
SCAN_SCHEDULINGCan this account modify scan schedulings.
SCAN_SETTINGSCan this account modify scan settings.
SCAN_VERIFYCan this account perform verify scans.
SERVERTIMEThe local time of the server.
SERVICESBoolean flag whether this account has the service product.
SESSIONTIMEOUTThe session timeout in minutes.
SHOWGUIDEBoolean value which tells if the guide should be showed upon login.
SHOWMONITORBoolean flag whether to display the monitor application in the menu.
SHOWPCIINFOBoolean flag whether the PCI information window should be displayed.
SHOWRELEASENOTESBoolean flag if release notes should be presented when you log in (Please note that this field may not be present).
SHOWVALIDATIONRECOMMENDATIONBoolean flag if the two factor tip should be displayed after log in.
STARTDAYOFWEEKFirst day of week.
STARTPAGEInternal value. Used by the GUI.
STATEThe state for this account.
STOPSCANCan this account stop running scans.
STRATEGYBoolean flag whether this account has the strategy product.
SUBUSERXIDThe unique id for this sub user.
SUPERUSERDoes this account have the same rights as the main account.
SYSTEMThe name of the system you have connected to.
TARGETGROUP_ADMINCan this account change target groups.
TARGET_ADDCan this account add target.
TARGET_DELETECan this account remove target.
TIMEFORMATThe format that should be used when presenting time.
TWOFACTORAUTHENTICATIONMETHODMethod used for two factor authentication.
USERNAMEThe user name which was used during login.
USERROLEThe roles the user is granted.
USERROLES_ADMINCan this account change the user roles.
VERSIONThe version of the system you are connected to.
WEBAPPADMINCan this account manage web application settings.
WEBAPPDELETEREPORTCan this account remove web application reports.
WEBAPPREPORTINGCan this account view application reports.
XIDThe unique identifier of the given object.
XIPARENTIDThe unique id for any parent object for this object within the system.


State Codes

A complete and up to date list of supported state codes by the system can be retrieved from the system. Whenever  the state field is given to the system it will be validated against these values. See Appendix F.


Required Keys
ACTIONSTATEDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=STATEDATA


Example response:

<RESPONSE>
     <RESPONSE/>
</RESPONSE>


Response Keys
COUNTRXIDThe country id.
TIMEZONEThe time  zone used by this state.
VCNAMEThe name of the state.
XIDThe short form of the name for this state.


Account

This section describes how to change user name, password, and any account details.

See the List Account section for information about the meaning of the different fields that can be changed.

It also reports any restraints that may be present on your account, for example if you do not have access to all targets.


Update Account

This section describes how you can change user name, password, and other account details.

Required Keys
ACTIONUPDATEACCOUNTDATA

Optional Keys

Along with the above required key you can also submit any of the additional keys in case you would like to update them.

Optional Keys
LANGUAGEThe language set on the user profile.
PASSWD1Change password, you are required to submit PASSWD1, PASSWD2, and VCOLDPASSWORD in order to update it.
PASSWD2Change password, you are required to submit PASSWD1, PASSWD2, and VCOLDPASSWORD in order to update it.
SESSIONTIMEOUTThe timeout value used when determine if the users session should be considered invalid.
VCCOUNTRYThe country the user is located in.
VCEMAILThe users email address within the system.
VCFIRSTNAMEThe first name (spoken name) of the user.
VCLASTNAMEThe last name (surname) of the user.
VCOLDPASSWORDChange password, you are required to submit PASSWD1, PASSWD2, and VCOLDPASSWORD in order to update it.
VCPHONEDAYThe phone number of the user.
VCPHONEMOBILEThe mobile phone number of the user.
VCUSERNAMEThe name of the user which we would like to log in to.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=UPDATEACCOUNTDATA


Note

The above given request generates a generic response.

More information about this response type is available in Appendix A.


List Account

This function allows you to see the settings on your account along with any restrictions that may be present.

Required Keys
ACTIONACCOUNTDATA
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XDI=-1&ACTION=ACCOUNTDATA


Example response:

<RESPONSE>
   <USERLIST>
      <USER>
         <XID>4710</XID>
         <VCFIRSTNAME>Api</VCFIRSTNAME>
         <VCLASTNAME>Api</VCLASTNAME>
         <VCFULLNAME>Api Api</VCFULLNAME>
         <PARENT>Top Level</PARENT>
         <VCEMAIL>df@outpost24.com</VCEMAIL>
         <BACTIVE>1</BACTIVE>
         <VCUSERNAME>APIUSER</VCUSERNAME>
         <DLASTLOGON>2014-02-18 08:59</DLASTLOGON>
         <ILOGON>1114</ILOGON>
         <XISUBPARENTID>-1</XISUBPARENTID>
         <ITEST>-1</ITEST>
         <IFAILEDLOGON>0</IFAILEDLOGON>
         <BSUBUSER>1</BSUBUSER>
         <VCPASSWORD>$2a$10$8RTdaJZ0NIz/ne8GEKkAWO.RYCyw/.Uw0Mn3xTHheFN95u4LS/e0u</VCPASSWORD>
         <IEMAILTYPE>1</IEMAILTYPE>
         <BSECURITYEMAIL>1</BSECURITYEMAIL>
         <BREPORTTYPE>0</BREPORTTYPE>
         <BDISCOVERYEMAIL>1</BDISCOVERYEMAIL>
         <XVCIP>91.216.32.3</XVCIP>
         <DEMAIL>2012-10-30 12:58</DEMAIL>
         <BREMOVEREPORT>0</BREMOVEREPORT>
         <BOALLHOSTS>1</BOALLHOSTS>
         <BSMSREPORT>0</BSMSREPORT>
         <IDATASOURCE>0</IDATASOURCE>
         <STATE>--</STATE>
         <VCCOUNTRY>gb</VCCOUNTRY>
         <COUNTRY>United Kingdom</COUNTRY>
         <VCSTATE>--</VCSTATE>
         <STATE>--</STATE>
         <GROUPLIST/>
         <TARGETLIST/>
         <USERGROUPLIST/>
         <SCANNERLIST/>
         <ALLSCANNERS>1</ALLSCANNERS>
         <VCCOMPANY>Outpost24.com</VCCOMPANY>
         <GMTOFFSET>0.00</GMTOFFSET>
         <LANGUAGE>en</LANGUAGE>
         <DATEFORMAT>Y-m-d</DATEFORMAT>
         <TIMEFORMAT>H:i</TIMEFORMAT>
         <AUTHENTICATIONMETHOD>0</AUTHENTICATIONMETHOD>
         <SHOWGUIDE>0</SHOWGUIDE>
         <STARTDAYOFWEEK>1</STARTDAYOFWEEK>
         <XPATHUP>,4710,</XPATHUP>
         <XOSIP>8</XOSIP>
         <XOSSCAN>1</XOSSCAN>
         <XPCIIP>5</XPCIIP>
         <XPCISCAN>0</XPCISCAN>
         <XHIABEXTERNALIP>0</XHIABEXTERNALIP>
         <XHIABIP>-1</XHIABIP>
         <XHIABSCHEDULE>-1</XHIABSCHEDULE>
         <XHIABSCHEDULEADD>0</XHIABSCHEDULEADD>
         <XHIABMERGE>0</XHIABMERGE>
         <XHIABCLOSED>0</XHIABCLOSED>
         <MAXWEBAPPS>5</MAXWEBAPPS>
         <WEBAPPSCANS>0</WEBAPPSCANS>
         <WEBAPPSCANSLEFT>4</WEBAPPSCANSLEFT>
         <WEBAPPTRIAL>0</WEBAPPTRIAL>
         <EXTERNALWEBAPPSCANSLEFT>0</EXTERNALWEBAPPSCANSLEFT>
         <HIABEXTERNALWEBAPPS>0</HIABEXTERNALWEBAPPS>
         <XOOSIP>0</XOOSIP>
         <XOOSSCHEDULE>0</XOOSSCHEDULE>
         <XOOSSCHEDULEADD>0</XOOSSCHEDULEADD>
         <XOOSCLOSED>0</XOOSCLOSED>
         <ISECURITYLEFT>2</ISECURITYLEFT>
         <IPCISCANSLEFT>5</IPCISCANSLEFT>
         <IEXTERNALSCANSLEFT>0</IEXTERNALSCANSLEFT>
         <SUPERUSER>1</SUPERUSER>
         <RISKAGE>60</RISKAGE>
         <CUSTOMCOMPANYNAME>My company</CUSTOMCOMPANYNAME>
         <CUSTOMREPORTHEADER>Custom header text</CUSTOMREPORTHEADER>
         <CUSTOMREPORTFOOTER>Custom footer text</CUSTOMREPORTFOOTER>
         <WASMAXIMUMLINKS>2000</WASMAXIMUMLINKS>
         <PASSWORDAGE>356</PASSWORDAGE>
         <TICKETPARENT>-1</TICKETPARENT>
         <PACTIVE>31</PACTIVE>
         <ALLWEB>1</ALLWEB>
         <AUTOMATICGMT>1</AUTOMATICGMT>
         <CHANGEPASSWORDONLOGON>0</CHANGEPASSWORDONLOGON>
         <SYSTEMNOTIFICATIONS>0</SYSTEMNOTIFICATIONS>
         <TWOFACTORAUTHENTICATION>0</TWOFACTORAUTHENTICATION>
         <MAXIP>8</MAXIP>
         <MAXSCAN>1</MAXSCAN>
         <MAXPCIIP>5</MAXPCIIP>
         <MAXPCISCAN>0</MAXPCISCAN>
         <BOEMAIL>1</BOEMAIL>
         <BOSETTINGS>1</BOSETTINGS>
         <BOREPORTS>1</BOREPORTS>
         <BOSCHEDULES>1</BOSCHEDULES>
         <BSUBADMIN>1</BSUBADMIN>
         <BOADMINGROUPS>1</BOADMINGROUPS>
         <BHADMIN>1</BHADMIN>
         <BOWAIVER>1</BOWAIVER>
         <BOSMS>1</BOSMS>
         <BODISABLE>1</BODISABLE>
         <BHMONITOR>1</BHMONITOR>
         <BOVULTEXT>1</BOVULTEXT>
         <BODELETEIP>1</BODELETEIP>
         <BODELETEREPORT>1</BODELETEREPORT>
         <BADMINUSERGROUP>1</BADMINUSERGROUP>
         <BACCEPTRISK>1</BACCEPTRISK>
         <PCISCOPING>1</PCISCOPING>
         <PCISCHEDULING>1</PCISCHEDULING>
         <PCIREPORTING>1</PCIREPORTING>
         <PCIDISPUTING>1</PCIDISPUTING>
         <WEBAPPADMIN>1</WEBAPPADMIN>
         <WEBAPPREPORTING>1</WEBAPPREPORTING>
         <WEBAPPDELETEREPORT>1</WEBAPPDELETEREPORT>
         <FORCEGROUPSCHEDULING>1</FORCEGROUPSCHEDULING>
         <MANAGEDSERVICES>1</MANAGEDSERVICES>
         <MANAGEDSERVICESCOMMENT>1</MANAGEDSERVICESCOMMENT>
         <VERIFYSCAN>1</VERIFYSCAN>
         <STOPSCAN>1</STOPSCAN>
         <DASHBOARD>1</DASHBOARD>
      </USER>
   </USERLIST>
</RESPONSE>


Response Keys
ALLSCANNERSBoolean flag which determines if the account has access to all scanners (only valid in a distributed HIAB environment).
ALLWEBBoolean flag if the account has access to all web application scanning scopes.
AUTHENTICATIONMETHODFlag for determining if the user is authenticated via the internal system or a LDAP/AD solution.
AUTOMATICGMTBoolean flag which will automatically set the GMT offset if true (will use the country details for this).
BACCEPTRISKSet if the account is allowed to accept risks in the report section.
BACTIVESet if the account is enabled.
BADMINUSERGROUPSet if the account is able to administer user roles.
BDISCOVERYEMAILSet if the account is allowed to receive discovery results e-mails.
BHADMINSet if the account is allowed to perform HIAB administrative tasks.
BHMONITORSet if the account is allowed to use the monitor utility.
BOADMINGROUPSSet if the account is allowed to administer groups.
BOALLHOSTSSet if the account has access to all targets.
BODELETEIPSet if the account is able to delete targets from the system.
BODELETEREPORTSet if the account is able to remove report from the system.
BODISABLESet if the account is able to disable scripts.
BOEMAILSet if the account is allowed to receive email notifications.
BOREPORTSSet if the account is allowed to read reports.
BOSCHEDULESSet if the account is allowed to schedule scans.
BOSETTINGSSet if the account is allowed to change scan settings on schedules (scan policies).
BOSMSSet if the account is allowed to receive SMS notifications.
BOVULTEXTSet if the account is allowed to comment vulnerabilities.
BOWAIVERSet if the account has accepted the waiver.
BREMOVEREPORTSet if the report should be removed after it has been sent out via e-mail.
BREPORTTYPEThe report type that should be included in the e-mail.
BSECURITYEMAILSet if the report should be sent out in a e-mail.
BSMSREPORTSet if the account is allowed to receive SMS notifications on reports.
BSUBADMINSet if the account is allowed to administer sub users.
BSUBUSERSet if the account is a sub user.
CHANGEPASSWORDONLOGONSet if the password is required to be updated upon the initial log in.
COUNTRYThe country for this account.
CUSTOMCOMPANYNAMEThe defined custom company name for this account.
CUSTOMREPORTFOOTERCustom text which will be available in the footer of the exported PDF report.
CUSTOMREPORTHEADERCustom text which will be available in the header of the exported PDF report.
DASHBOARDBoolean flag if the user have access to the dashboard.
DATEFORMATThe date format which will be used when presenting date information within the system.
DEMAILThe date when the initial e-mail was sent out.
DLASTLOGONThe date when the account last logged on to the system.
EXTERNALWEBAPPSCANSLEFTThe number of external web applications scans that are left on this account.
FORCEGROUPSCHEDULING

Flag if you are forced to use the groups instead of free text target definition in the schedule section.

GMTOFFSETThe offset from GMT where this user is located (used to display the correct local time in the system).
GROUPLIST/Comma separated list of granted groups for this account.
HIABEXTERNALWEBAPPSThe total number of external web application scans for this account.
IDATASOURCEDeprecated
IEMAILTYPEThe type of to send out (HTML/text).
IEXTERNALSCANSLEFTThe number of external scan left on this account.
IFAILEDLOGONThe number of failed login on this account.
ILOGONThe total number of login on this account.
IPCISCANSLEFTThe number of PCI scans left on this account.
ISECURITYLEFTThe number of scans left on this account .
ITESTThe number of scans on this account.
LANGUAGEThe language for this account.
MANAGEDSERVICESBoolean flag if the user has managed service.
MANAGEDSERVICESCOMMENTComment on the manager service.
MAXIPThe maximum number of IPs allowed to be defined on this account.
MAXPCIIPThe maximum number of PCI IPs allowed to be defined on this account.
MAXPCISCANThe maximum number of PCI scans allowed to be defined on this account.
MAXSCANThe maximum number of scans allowed to be defined on this account.
MAXWEBAPPSThe maximum number of web application scans allowed to be defined on this account.
PACTIVESet if parent account is enabled.
PARENTThe parent id.
PASSWORDAGEThe maximum age of a password before you are required to change it.
PCIDISPUTINGSet if the account is allowed to dispute PCI findings.
PCIREPORTINGSet if the account is allowed to see PCI reports.
PCISCHEDULINGSet if the account is allowed to schedule PCI scans.
PCISCOPINGSet if the account is allowed to change PCI scoping.
RISKAGEThe maximum age of a risk before it violates the company policy.
SCANNERLISTList of granted scanners for this account.
SHOWGUIDESet if the initial guide will be displayed upon log in.
STARTDAYOFWEEKValue for determining which is the first date of the week.
STATEThe state which the user is located within.
STOPSCANBoolean flag if the user is allowed to stop scans.
SUPERUSERSet if the user has the same access rights as the main account holder.
SYSTEMNOTIFICATIONS

Boolean flag if system notifications should be sent out to this user.

TARGETLISTThe target list as accepted by the graphical user interface.
TICKETPARENT

The parent account which will receive any tickets assigned to this user if they haven't been resolved within the defined due date.

TIMEFORMATThe time format to use when displaying time throughout the system.
TWOFACTORAUTHENTICATIONBoolean value if two factor authentication is required.
USERGROUPLIST

List of assigned user roles for this account.

VCCOMPANYThe company name for this account.
VCCOUNTRY

The country for this account.

VCEMAILThe e-mail address associated with this account.
VCFIRSTNAME

The first name of the user.

VCFULLNAMEThe full name (both first and last name) of the user.
VCLASTNAMEThe surname of the user.
VCPASSWORDThe password for the user which we try to log in with.
VCSTATE

Current state of the scan.

VCUSERNAMEThe name of the user which we would like to log in to.
VERIFYSCANBoolean flag if the user can perform verify scan.
WASMAXIMUMLINKSThe maximum number of WAS links that this user can scan.
WEBAPPADMINSet if the account can administer the WAS module.
WEBAPPDELETEREPORTSet if the account is allowed to delete WAS reports.
WEBAPPREPORTINGSet if the account is allowed to see WAS reports.
WEBAPPSCANSNumber of WAS scans in total.
WEBAPPSCANSLEFTNumber of WAS scans left on this account.
WEBAPPTRIALSet if the accounthas a trial account for the WAS module.
XHIABCLOSEDSet if the accountHIAB has been disabled.
XHIABEXTERNALIPThe number of external IPsthat the HIAB can have defined.
XHIABIPThe number of IPs allowed on this HIAB.
XHIABMERGEDeprecated
XHIABSCHEDULEThe number of scans for this account.
XHIABSCHEDULEADDThe number of scans to add for this account.
XIDThe unique identifier of the given object.
XISUBPARENTIDThe unique id for any parent object for this object within the system.
XOOSCLOSEDDeprecated
XOOSIPDeprecated
XOOSSCHEDULEDeprecated
XOOSSCHEDULEADDDeprecated
XOSIPDeprecated
XOSSCANDeprecated
XPATHUPInternal use only.
XPCIIPThe number of PCI targets that this account is allowed to have.
XPCISCANThe number of PCI scans that this account is allowed to perform.
XVCIPThe IP number which this account logged on from the last time.


Attributes

In the system you can create additional attributes which can be made available in different sections.

You can for instance add a Business function field so that this information can be defined and visible in the exported reports if required. It is also possible to define these attributes on users so that you for instance can add his/her role within the company.

The combo type allows you to define a drop down menu which contains static values (this can be used to prevent input errors due to spelling errors).

Update Attribute

This request will allow you to redefine the attribute (and also disable it since it cannot be removed). Within the system you can have 10 attributes defined at the same time

Required Keys
ACCEPTABLEVALUESThis field allows you to define which values are accepted for this specific attribute.
ACTIONUPDATEATTRIBUTEDATA
BACTIVE

Boolean flag if this attribute is active.

COLUMNIDThe unique column identifier for this attribute. Up to 10 are allowed to be defined.
EXPORTREPORTBoolean flag if this attribute is available in exported reports.
FIELDTYPE

The field type defines what type this field has.
Available field types:
0 : Text
1 : Combo
2: Check box
3 : Number

NAMEThe name of the attribute.
ONUSERBoolean flag if this attribute is available on users.
REPORTING

Boolean flag if this attribute is available in reporting.

REQUIREDBoolean flag if this attribute is required to have a value.
TARGETThe target that this entry is about.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?NAME=Test&COLUMNID=1&FIELDTYPE=3&REPORTING=1&TARGET=1&ACCEPTABLEVALUES=1-10&REQUIRED=1&BACTIVE=1&ACTION=UPDATEATTRIBUTEDATA&ONUSER=1&EXPORTREPORT=3


The above given request will generate a generic response.

More information about this response type is available in Appendix A.


List Attributes

Additional attributes are possible to define in the system. These can for instance be defined as additional values which can be made availble in the target, user or report section.

Required Keys
ACTIONATTRIBUTEDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=ATTRIBUTEDATA


Example response:

<RESPONSE>
   <USERLIST>
      <USER>
         <XID>7884</XID>
         <COLUMNID>0</COLUMNID>
         <XUSERXID>114</XUSERXID>
         <NAME>Geographic location</NAME>
         <BACTIVE>1</BACTIVE>
         <ONUSER>0</ONUSER>
         <TARGET>1</TARGET>
         <REPORTING>1</REPORTING>
         <SCHEDULING>0</SCHEDULING>
         <REQUIRED>0</REQUIRED>
         <FIELDTYPE>0</FIELDTYPE>
         <EXPORTREPORT>1</EXPORTREPORT>
      </USER>
   </USERLIST>
</RESPONSE>


Required Keys
ACCEPTABLEVALUESThis field allows you to define which values are accepted for this specific attribute.
BACTIVE

Boolean flag if this attribute is active.

COLUMNIDThe unique column identifier for this attribute. Up to 10 are allowed to be defined.
EXPORTREPORTBoolean flag if this attribute is available in exported reports.
FIELDTYPE

The field type defines what type this field has.
Available field types:
0 : Text
1 : Combo
2 : Check box
3 : Number

NAMEThe name of the attribute.
ONUSERBoolean flag if this attribute is available on users.
REPORTING

Boolean flag if this attribute is available in reporting.

REQUIREDBoolean flag if this attribute is required to have a value.
SCHEDULINGShould this attribute be available in the schedule section.
TARGETThe target that this entry is about.
XIDThe unique identifier of the given object.
XUSERXIDThe unique user id.


Manage User Accounts

This section describes how to add sub users and define their access rights and roles. An unlimited amount of sub users can be added to the system and they can also be added in an hierarchy so that you can define users that will manage and maintain other users.

The user roles will give you the possibility to create roles within the system that will fit your organization. For example, if you have managers that only should be able to receive reports, they can simply be added and restricted to only perform such action within the system.

User Roles

The user roles are predefined roles which can be assigned to multiple users which will help you when managing the access to the different actions which can be performed within the system.

You can for example create user roles like the following:
   Manager
   SOC - Team
   System owner
   Vulnerability Manager - User
   Vulnerability Manager - Manager
   DBA
   Developer
   Network administrator

It is of course also possible to make them user specific if you have a smaller organization:
   Jane Doe
  
John Smith

Update User Roles

In order to add or update an user role you need to supply the following parameter.

Required Keys
ACTIONUPDATEUSERGROUPDATA
VCNAMEName of the user role.

Optional Keys

If you would like to create a new role you would enter "-1" (or not supply it at all) as the value for the XID parameter but if you would like to update an already present role you need to supply the unique identification number for that role in that field instead.

Optional Keys
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?VCNAME=RemovemeAPI&ACTION=UPDATEUSERGROUPDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.



List User Roles

The user roles are predefined roles which can be assigned to multiple users which will help you when managing the access to the different actions which can be performed within the system.

Required Keys
ACTIONUPDATEUSERGROUPDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=USERGROUPDATA

Example response:

<RESPONSE>
   <USERGROUPLIST>
      <USERGROUP>
         <XID>54</XID>
         <VCNAME>My User Role</VCNAME>
         <BOSETTINGS>1</BOSETTINGS>
         <BOREPORTS>0</BOREPORTS>
         <BOSCHEDULES>1</BOSCHEDULES>
         <BSUBADMIN>0</BSUBADMIN>
         <BOEMAIL>0</BOEMAIL>
         <BOADMINGROUPS>1</BOADMINGROUPS>
         <BHADMIN>0</BHADMIN>
         <BOWAIVER>1</BOWAIVER>
         <BOSMS>0</BOSMS>
         <BODISABLE>0</BODISABLE>
         <BHMONITOR>0</BHMONITOR>
         <BOVULTEXT>0</BOVULTEXT>
         <BODELETEIP>1</BODELETEIP>
         <BODELETEREPORT>0</BODELETEREPORT>
         <BADMINUSERGROUP>1</BADMINUSERGROUP>
         <BACCEPTRISK>0</BACCEPTRISK>
         <PCISCOPING>0</PCISCOPING>
         <PCIREPORTING>0</PCIREPORTING>
         <PCISCHEDULING>0</PCISCHEDULING>
         <PCIDISPUTING>0</PCIDISPUTING>
         <WEBAPPADMIN>0</WEBAPPADMIN>
         <FORCEGROUPSCHEDULING>0</FORCEGROUPSCHEDULING>
         <WEBAPPREPORTING>0</WEBAPPREPORTING>
         <WEBAPPDELETEREPORT>0</WEBAPPDELETEREPORT>
         <MANAGEDSERVICES>0</MANAGEDSERVICES>
         <MANAGEDSERVICESCOMMENT>0</MANAGEDSERVICESCOMMENT>
         <VERIFYSCAN>0</VERIFYSCAN>
         <DASHBOARD>0</DASHBOARD>
         <STOPSCAN>1</STOPSCAN>
      </USERGROUP>
   </USERGROUPLIST>
</RESPONSE>


Response Keys
BACCEPTRISKCan the user mark a risk as accepted.
BADMINUSERGROUPCan the user administer user roles.
BHADMINCan the user restart the HIAB and setup the HIAB settings, such as backup and networking.
BHMONITORCan the user access the network monitor module.
BOADMINGROUPSCan the user administer targets and target groups.
BODELETEIPCan the user delete targets.
BODELETEREPORTCan the user delete scans.
BODISABLECan the user mark a vulnerability as false positive.
BOEMAILCan the user receive scan report e-mails.
BOREPORTSCan the user show scan reports.
BOSCHEDULESCan the user administer scan schedules.
BOSETTINGSCan the user administer scanning policies.
BOSMSIs the user allowed to receive SMS notifications.
BOVULTEXTCan the user change vulnerability comments.
BOWAIVERShould the waiver be displayed to the user.
BSUBADMINSet if the account is allowed to administer sub users.
DASHBOARDBoolean flag if the user have access to the dashboard.
FORCEGROUPSCHEDULINGIf enabled then no Target List section will be available in the Scheduling section.
MANAGEDSERVICESCan the user access the managed report section.
MANAGEDSERVICESCOMMENTCan the user add comments to managed reports.
PCIDISPUTINGCan the user dispute findings in the PCI reports.
PCIREPORTINGCan the user access the PCI reporting section.
PCISCHEDULINGCan the user change the PCI scheduling.
PCISCOPINGCan the user change the PCI scoping.
STOPSCANCan the user stop running scans.
VCNAMEName of the user role.
VERIFYSCANCan the user perform verify scans.
WEBAPPADMINCan the user administer the web application scanner.
WEBAPPDELETEREPORTCan the user remove the web application scans.
WEBAPPREPORTINGCan the user access the web application scan reports.
XIDThe unique identifier of the given object.


Remove User Role

In order to remove an already defined user role you need the unique identification number for that specific role. This is received from the list of already defined user roles ( See section: List User Roles).

Required Keys
ACTIONREMOVEUSERGROUPDATA
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=4020&ACTION=REMOVEUSERGROUPDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Users Accounts

The user account section contains information regarding how your account or sub accounts are defined.

This is also the location where you can change the password on you account. The account details will also provide you with any limitations that may be present on the defined sub accounts within the system.

Update Account

In order to add or update an user account you need to supply the following parameters. If you would like to create a new account you would enter "-1" as the value for the XID parameter but if you would like to update an already present account you need to supply the unique identification number for that role in that field instead.

Required Keys
ACTIONUPDATESUBACCOUNTDATA
VCCOUNTRYThe country for this account.
VCEMAILThe e-mail address associated with this account.
VCFIRSTNAMEThe first name of the user.
VCLASTNAMEThe surname of the user.
VCUSERNAMEThe name of the user which we would like to log in to.
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?VCUSERNAME=removemeapi&VCLASTNAME=removemeapi&XID=-1&VCCOUNTRY=se&VCFIRSTNAME=removemeapi&VCEMAIL=removemeapi@outpost24.com@ACTION=UPDATESUBACCOUNTDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.


List Accounts

In order to see the available defined user roles which you can assign to your sub users you need to retrieve a list of them where you will get the unique identification number of it (XID).

The request has the following parameters:

Required Keys
ACTIONSUBACCOUNTDATA

Example Request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=SUBACCOUNTDATA

Example Response:

<RESPONSE>
   <USERLIST>
      <USER>
         <XID>2138</XID>
         <VCFIRSTNAME>Jane</VCFIRSTNAME>
         <VCLASTNAME>Doe</VCLASTNAME>
         <VCFULLNAME>Jane Doe</VCFULLNAME>
         <PARENT>Top Level</PARENT>
         <VCEMAIL>df@outpost24.com</VCEMAIL>
         <BACTIVE>1</BACTIVE>
         <VCUSERNAME>OUPOST24SUBUSER</VCUSERNAME>
         <BSUBADMIN>0</BSUBADMIN>
         <DLASTLOGON>2012-05-25 12:54</DLASTLOGON>
         <DCREATED>2009-06-25 11:54</DCREATED>
         <ILOGON>11</ILOGON>
         <XISUBPARENTID>-1</XISUBPARENTID>
         <IEMAILTYPE>1</IEMAILTYPE>
         <COUNTRY>Sweden</COUNTRY>
         <AUTHENTICATIONMETHOD>0</AUTHENTICATIONMETHOD>
         <SHOWGUIDE>1</SHOWGUIDE>
         <STARTDAYOFWEEK>1</STARTDAYOFWEEK>
         <USERGROUPLIST>2996,</USERGROUPLIST>
         <SUPERUSER>0</SUPERUSER>
         <GROUPLIST>21666,21671,</GROUPLIST>
         <SCANNERLIST/>
         <ALLSCANNERS>1</ALLSCANNERS>
         <WASMAXIMUMLINKS>2000</WASMAXIMUMLINKS>
         <TICKETPARENT>0</TICKETPARENT>
         <XPATHUP>,2138,</XPATHUP>
         <USERGROUPNAMES>DBA</USERGROUPNAMES>
         <TARGETLIST/>
         <BOALLHOSTS>0</BOALLHOSTS>
         <SYSTEMNOTIFICATIONS>0</SYSTEMNOTIFICATIONS>
         <TWOFACTORAUTHENTICATION>0</TWOFACTORAUTHENTICATION>
      </USER>
   </USERLIST>
</RESPONSE>
Response Keys
ALLSCANNERSBoolean flag which determines if the account has access to all scanners (only valid in a distributed HIAB environment).
AUTHENTICATIONMETHODFlag for determining if the user is authenticated via the internal system or a LDAP/AD solution.
BACTIVESet if your account is enabled.
BOALLHOSTSBoolean value if the user has access to all OUTSCAN hosts.
BSUBADMINSet if the account is allowed to administer sub users. (Please note that this field may not be present).
COUNTRYThe country for this account.
CUSTOM1Custom attributed defined on either an user or a target. (Please note that this field may not be present).
DCREATEDThe date when this account was created.
DEMAILThe date when the initial eamil was sent out.
DLASTLOGONThe date when the account last logged on to the system.
GROUPLISTComma separated list of granted groups for this account.
IEMAILTYPEThe type of email to send out (HTML/text).
ILOGONThe total number of logins on this account.
PARENTThe parent account for this account.
SCANNERLIST

List of granted scanners for this account.

SHOWGUIDESet if the initial guide will be displayed upon log in.
STARTDAYOFWEEK

Value for determining which is the first date of the week.

SUPERUSERSet if the user has the same access rights as the main account holder.
SYSTEMNOTIFICATIONS

Boolean flag if system notifications should be sent out to this user.

TARGETLISTThe target list as accepted by the graphical user interface.
TICKETPARENTThe parent account which will receive any tickets assigned to this user if they haven't been resolved within the defined due date.
TWOFACTORAUTHENTICATIONBoolean value if two factor authentication is required.
USERGROUPLISTList of assigned user roles for this account.
USERGROUPNAMESList of user roles that is assigned to this account (Please note that this field may not be present).
VCEMAIL

The e-mail address associated with this account.

VCFIRSTNAME

The first name of the user.

VCFULLNAMEThe full name (both first and last name) of the user.
VCLASTNAMEThe surname of the user.
VCUSERNAMEThe name of the user which we would like to log in to.
WASMAXIMUMLINKSThe maximum number of WAS links that this user can scan.
XIDThe unique identifier of the given object.
XISUBPARENTIDThe parent id of this sub user.
XPATHUPInternal use only.

Remove Account

In order to remove an already defined account you need the unique identification number for that specific account. This is retrieved from the list of already defined user account (See section: List Accounts).

Required Keys
ACTIONREMOVESUBACCOUNTDATA
DELETENOTEAudit note which may be required.
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?DELETENOTE=AutoDelete&XID=6203&ACTION=REMOVESUBACCOUNTDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Manage Targets

This section will describe how you can manage your assets within the system. The grouping system will allow you to store the same target in multiple groups which will allow you to define for example groups based on the following:


Geographical location:
   North America
      NY
      LA
   South America
      BR
   Europe
      DE
      UK
   Asia
      CH
      JP

Business function
   Billing
   Ordering
   Support
   Monitoring

Or even based on asset type:
   Web servers
   Routers
   Firewalls
   Mail servers
   DNS servers
   Database servers



Targets

The targets are either IP addresses or host names of system that you would like to perform vulnerability management against. The targets can be added automatically to the system by performing a discovery scan.

On the targets you can also define multiple attributes and also partial scan policies that should only apply to a single host.

Insert Targets

In order to add a target you need to supply the following parameters.

Required Keys
ACTIONINSERTTARGETDATA
ADDNOTEAudit note that may be required.
GROUPThe group id to add this target into. Set the value to -1 for none.
TARGETLIST

The target list as accepted by the graphical user interface.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?GROUP=-1&TARGETLIST=91.216.32.100&ACTION=INSERTTARGETDATA&ADDNOTE=Test

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Update Targets

Inordet to update a target you need to supply the following parameters.

Required Keys
ACTIONUPDATETARGETDATA
ADDNOTEAudit note that may be required.
CUSTOM0

Custom attributed defined on either an user or a target.

CUSTOM1

Custom attributed defined on either an user or a target.

CVSS_CDPCVSS Collateral Damage Potential.
CVSS_SR_AVAILCVSS Security Requirements - Availability.
CVSS_SR_CONF

CVSS Security Requirements - Confidentiality.

CVSS_SR_INTEG

CVSS Security Requirements - Integrity.

CVSS_TDCVSS - Target Distribution.
HIDDENURLSHidden URI that are present on this target that you would like to include in the scan.
HOSTNAMEThe FQDN of the host.
MACADDRESSThe targets MAC address
VIRTUALHOSTSThe virtual hosts for this target.
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?MACADDRESS=&CUSTOM0=&CVSS_CDP=ND&VIRTUALHOSTS=&CUSTOM1=1&HOSTNAME=&CVSS_SR_INTEG=ND&CVSS_SR_AVAIL=ND&XID=509319&HIDDENURLS=&CVSS_TD=ND&CVSS_SR_CONF=ND&ACTION=UPDATETARGETDATA&ADDNOTE=Test


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

List Targets

In order to see all targets which has been added to the system on your profile you need to supply the following details.

Required keys
ACTIONTARGETDATA

Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=TARGETDATA

Example response:

<RESPONSE>
   <TARGETLIST>
      <TARGET>
         <XID>87382</XID>
         <IPADDRESS>192.168.200.75</IPADDRESS>
         <SCANNERID>0</SCANNERID>
         <SCANNERNAME>Undefined</SCANNERNAME>
         <VIRTUALHOSTS>myserver.company.com</VIRTUALHOSTS>
         <MACADDRESS>00:23:76:a5:b4:df</MACADDRESS>
         <LATESTSCANSTATUS>-1</LATESTSCANSTATUS>
         <CVSS_SR_AVAIL>ND</CVSS_SR_AVAIL>
         <CVSS_SR_INTEG>ND</CVSS_SR_INTEG>
         <CVSS_SR_CONF>ND</CVSS_SR_CONF>
         <CVSS_CDP>ND</CVSS_CDP>
         <CVSS_TD>ND</CVSS_TD>
         <PCI>0</PCI>
         <CONFIRMED>0</CONFIRMED>
         <SYNC>0</SYNC>
         <PLATFORM>ND</PLATFORM>
         <PCICOMPLIANCE>0</PCICOMPLIANCE>
         <AUTHENTICATIONTYPE>0</AUTHENTICATIONTYPE>
         <USESLICENSE>0</USESLICENSE>
         <LIMITED>1</LIMITED>
      </TARGET>
   </TARGETLIST>
</RESPONSE>


Response keys
AUTHENTICATIONTYPE

Authentication type used:
   0 : SMB
   1 : SSH.

CONFIRMEDBoolean flag if this target is confirmed within the PCI section.
CUSTOM0Custom attributed defined on either an user or a target.
CUSTOM1Custom attributed defined on either an user or a target.
CUSTOM2Custom attributed defined on either an user or a target.
CUSTOM3Custom attributed defined on either an user or a target.
CUSTOM4Custom attributed defined on either an user or a target.
CUSTOM5Custom attributed defined on either an user or a target.
CUSTOM6Custom attributed defined on either an user or a target.
CUSTOM7Custom attributed defined on either an user or a target.
CUSTOM8Custom attributed defined on either an user or a target.
CUSTOM9Custom attributed defined on either an user or a target.
CVSS_CDPCVSS Collateral Damage Potential.
CVSS_SR_AVAILCVSS Security Requirements - Availability.
CVSS_SR_CONF

CVSS Security Requirements - Confidentiality.

CVSS_SR_INTEGCVSS Security Requirements - Integrity.
CVSS_TDCVSS - Target Distribution.
HOSTNAMEThe FQDN of the host.
IPADDRESS

The IP address of the target.

LASTDISCOVERYDATEThe last date when the discovery scan was executed (Please note that this field may not be present).
LATESTSCANDATEThe latest scan date of this target (Please note that this field may not be present).
LATESTSCANSTATUSThe latest scan status of this target.
LATESTSUCCESSFULSCANDATEThe last date whena scan was successfully done against this target (Please note that this field may not be present).
LIMITEDThe presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request.
MACADDRESSThe targets MAC address
PCIBoolean flag if this target is part of the PCI product.
PCICOMPLIANCEBoolean flag if this target is PCI compliant.
PLATFORMThe detected platform for this target.
SCANNERIDThe scanner id which this target will be tested from.
SCANNERNAMEThe scanner name of the above scanner id.
SYNCInternal use only.
USESLICENSEBoolean value if this target utilize any license.
VIRTUALHOSTS

The virtual hosts for this target.

XIDThe unique identifier of the given object.


Remove Targets

In order to remove a target you need the unique identification number for that specific target. This is retrieved from the list of already defined targets (See section: List Targets).

Required keys
ACTIONREMOVETARGETDATA
DELETENOTEAudit note which may be required.
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?DELETENOTE=AutoDelete&XID=509319&ACTION=REMOVETARGETDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Groups

A couple of special target groups are in the system by default (these can not be removed or updated):

All Targets: This group contains all the targets that have been added to the system.

Ungrouped: contains all targets that are not present in another group defined within the system.

The group system will allow you to store the same target in multiple groups. This opens up for the possibility to create groups specifically for reporting, scheduling, target assignment and event notifications.


Update Group

In order to update a group you need to supply the following parameters.

Required keys
ACTIONUPDATETARGETGROUDATA
NAMEName of the group
XIDThe unique identifier of the object that you would like to update. Omit or set to -1 if you would like to add a new group to the system.


Optional Keys

This function is not only for adding a group which the example shows you. You can of course also add or remove targets with the use of that function. In order to do that you should supply either of the following parameters to the request. You would need to know the unique id values of the targets in order to add them but they can be extracted from the system, please see the List Target section.

Optional keys
ADDTARGETLISTComma separeted list of unique targets id which you would like to add to the group.
REMOVETARGETLISTComma separeted list of unique targets id which you would like to remove from the group.

Example Request:

https://outscan.outpost24.com/opi/XMLAPI?NAME=TESTAPI&XID=-1&ACTION=UPDATETARGETGROUDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Target Group

In order to see all the groups which has been added to the system on your profile you need to supply the following details.

Required keys
ACTIONTARGETGROUPDATA

Example Request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=UPDATETARGETGROUDATA

Example Response:

<RESPONSE>
   <GROUPLIST>
      <GROUP>
         <XID>-1</XID>
         <XIPARENTID>-3</XIPARENTID>
         <NAME>All targets</NAME>
         <ICOUNT>9</ICOUNT>
         <RULEBASED>0</RULEBASED>
         <REPORTBASED>0</REPORTBASED>
         <DESCRIPTION/>
         <LIMITED>1</LIMITED>
      </GROUP>
   </GROUPLIST>
</RESPONSE>


Response keys
DESCRIPTION

Description of the object.

ICOUNT

The number of targets within this scan scope.

LIMITEDThe presence of this field indicates that the response has been limited by the use of the limit parameter in the request.
NAME

The name of the attribute.

REPORTBASEDBoolean flag if this group is based on a report filter.
RULEBASEDBoolean flag if this group is based on a target filter.
XIDThe unique identifier of the given object.
XIPARENTID

The unique id for any parent object for this object within the system.


Remove Group

In order to remove a target you need the unique identification number for that specific group. This is retrieved from the list of already defined groups (See section: List Groups).

Required keys
ACTIONREMOVETARGETGROUPDATA
XIDThe unique identifier of the given object.

Example Request:

https://outscan.outpost24.com/opi/XMLAPI?XID=30381&ACTION=REMOVETARGETGROUDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Manage Schedule

This is the section where you perform the scheduling of the target scans, creates scanning policies and see the status of the scans.

The scan history section will allow you to see when a scan started, ended, duration and any errors that might have occurred during the scan.

Scan policies will allow you to change the settings for the scan so that you can either go deeper into the targets (with the use of authenticated scan) or change the selection of test to be utilized during the scan. The system comes with a predefined set of scanning policies which will allow you to perform simplified, normal or extend scans.

There is an unsafe scanning policy defined. Please note that this is NOT supposed to be used against a live production environment. The intention with this scan policy is to use it prior to putting a server into production as a form of acceptance test. Please make sure that you have a working backup just in case when performing such a scan.

The scan schedules section will allow you to set up simple or complex scanning rules with scan windows and against already defined targets or groups as for dynamic network ranges.

In the running scans part you will be able to extract the currently running scans along with their status. These can then either be paused or stopped depending on your requirements.

Scan History

In order to see what has been executed in the past on your account you can retrive a scan log which will contain the history of your scanning.

Required keys
ACTIONSCANLOG

Optional Keys

The following parameters can be supplied in case you would like to exclude specific entries from being retrieved.

Required keys
EXCLUDEEMPTYBoolean value if empty scan logs should be included in the results.
ITYPEThe type of this entry, see Appendix C.

Example Request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCANLOG

Example Response:

<RESPONSE>
   <SCANLOGLIST>
      <SCANLOG>
         <XID>155468</XID>
         <VCHOST>83.233.57.212</VCHOST>
         <XIPXID>-1</XIPXID>
         <DSCANSTARTDATE>2006-05-31 06:57</DSCANSTARTDATE>
         <DSCANENDDATE>2006-05-31 06:59</DSCANENDDATE>
         <ITYPE>1</ITYPE>
         <XTEMPLATE>0</XTEMPLATE>
         <SCANNERID>0</SCANNERID>
         <XSOXID>1723400</XSOXID>
         <SCHEDULEJOB>Recovered</SCHEDULEJOB>
         <DISCOVERYTEMPLATE/>
         <TARGET>83.233.57.212</TARGET>
         <XSCANJOBXID>900067</XSCANJOBXID>
         <IID>0</IID>
         <SCANNERNAME>Local</SCANNERNAME>
         <CONFIRMED>0</CONFIRMED>
         <COMPLIANT>0</COMPLIANT>
         <FROMHIAB>0</FROMHIAB>
         <SCANTIME>00:02:00</SCANTIME>
         <SUBMITTED>0</SUBMITTED>
         <LAST>0</LAST>
         <CANUPDATE>0</CANUPDATE>
         <SCANLESS>0</SCANLESS>
         <LATESTSCANUPDATE>2006-05-31 06:57</LATESTSCANUPDATE>
         <HASWASSTATS>0</HASWASSTATS>
         <LIMITED>1</LIMITED>
      </SCANLOG>
   </SCANLOGLIST>
</RESPONSE>
Response key
CANUPDATEBoolean flag if this entry can be updated using the SLS feature.
COMPLIANTBoolean flag which shows if the target where compliant according to the PCI guidelines in case the scan refers to such a target.
CONFIRMEDBoolean flag if this target is confirmed within the PCI section.
DISCOVERYTEMPLATEName of the discovery job if it's a discovery.
DSCANENDDATEThe date and time when the scan ended.
DSCANSTARTDATEThe date and time when the scan started.
FROMHIABBoolean flag which is set to 1 if the scan originated from a HIAB (only viable on OUTSCAN).
HASWASSTATSBoolean flag if the target has web application scanning statistics.
IIDInternal use only.
ITYPEThe type of this entry, see Appendix C.
LASTBoolean value if this is the latest entry for this target.
LASTSCANUPDATE

Date and time when this scan where last updated using the SLS thechnology.

LIMITEDThe presence of this field indicates that the response has been limited by the use of the limit parameter in the request.
SCANLESSBoolean value if this is an SLS update of the report.
SCANNERIDThe scanner id which this target will be tested from.
SCANNERNAMEThe name of the scanner where this action takes place.
SCANTIMEThe total amount of time the scan took.
SCHEDULEJOBThe name of the schedule job which is associated with this entry.
SUBMITTEDBoolean flag if this target is a PCI target and that the report has not been submitted yet in this quarter.
TARGETThe target that this entry is about.
TEMPLATE

The scan policy utilized by this object.

VCHOSTThe IP or host name of the target which where tested.
XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.
XSCANJOBXIDThe unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range).
XSOXID

The unique identifier of the schedule object which contain the schedule preferences.

XTEMPLATEThe unique identifier of the scan policy utilized by this object.

Scan Policy

The scan policy is used to define rules and settings for the scan to use when it is executed.

These scan policies allows you to specify what test to execute and also provide specific settings for different services.

Update Scan Policy

In order to add or uppdate scan policy you need to supply the following parameters. If you would like to create a scan policy you would enter "-1" as the value for the XID parameter but if you would like to update an already present role you need to supply the unique identification number for that scan policy in that field instead.


Required keys
ACTIONUPDATETEMPLATEDATA
NAMEThe name of the scan policy.
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?NAME=PemoveMeAPI&XID=-1&ACTION=UPDATETEMPLATEDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

List Scan Policy

In order to see a list of available scanning policies you shall supply the following information. The scanning policies allows you to define credentials for different services that may be available. This may allow the scanner to log in and retrieve additional information like which patches are installed on the tested server and hence produce a more accurate report.

Required keys
ACTIONTEMPLATEDATA

Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=TEMPLATEDATA

Example reponse:

<RESPONSE>
   <TEMPLATELIST>
      <TEMPLATE>
         <XID>1</XID>
         <NAME>Port scan</NAME>
         <DESCRIPTION>This scan policy will only perform a port scan on the defined TCP and UDP ports within the policy.</DESCRIPTION>
         <GLOBAL>1</GLOBAL>
         <ENABLEDFAMILYLIST/>
         <DISABLEDFAMILYLIST/>
         <ENABLEDSCRIPTLIST/>
         <DISABLEDSCRIPTLIST>-1,</DISABLEDSCRIPTLIST>
         <OWNER>OUTPOST24 ADMINISTRATOR</OWNER>
         <LIMITED>1</LIMITED>
      </TEMPLATE>
   </TEMPLATELIST>
</RESPONSE>


Response key
DESCRIPTIONShort description of the scan policy.
DISABLEFAMILYLISTA comma separated list of families that has been disabled in this scan policy.
DISABLESCRIPTLISTA comma separated list of script ids that has been disabled in this scan policy.
ENABLEFAMILYLIST

A comma separated list of families that has been enabled in this scan policy.

ENABLESCRIPTLISTA comma separated list of script ids that has been enabled in this scan policy
GLOBALBoolean flag if the template is avialable to other users within your company.
LIMITEDThe presence of this field indicates that the response has been limited by the use of the limit parameter in the request.
NAMEThe name of the template.
OWNERThe owner of the object.
XIDThe unique identifier of the given object.



Remove Scan Policy

In order to remove a scan policy job you need the unique identification number for that specific scan policy. This is retrieved from the list of already defined scanning policies (See section: List Scan Policies).

Required keys
ACTIONREMOVETEMPLATEDATA
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=3451&ACTION=REMOVETEMPLATEDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Scan Schedule

The schedules are groups of targets on which you would like to execute scans against at specific times. A schedule can be set to repeat at a certain interval but also be set to only run once or started manually.

Update Scan Schedule

In order to add or update an user role you need to supply the following parameters. If you would like to create a new role you would enter "-1" as  the value for the XID parameter but if you would like to update an already present role you need to supply the unique identifier for that role in that field instead.

Required keys
ACTIONUPDATESCHEDULEDATA
NAMEThe name of the schedule job that you would like to add/update
XIDMUST be set to "-1" if you do not update an already existing schedule.
XUSERXIDMUST be supplied, this value can be retrieved from the LOGINDATA function.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XUSERXID=114&NAME=RemoveMeAPI&XID=-1&ACTION=UPDATESCHEDULEDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


List Scan Schedule

In order to see all the scheduled jobs which has been added to the system on your profile you need to supply the following details.

Required keys
ACTIONSCHEDULEDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCHEDULEDATA


Example Response:

<RESPONSE>
   <SCHEDULELIST>
      <SCHEDULE>
         <XID>1731319</XID>
         <TARGETLIST/>
         <GROUPLIST>4523,</GROUPLIST>
         <TEMPLATEID>2</TEMPLATEID>
         <SCANCOUNT>0</SCANCOUNT>
         <MAXSCANTIME>12</MAXSCANTIME>
         <LATESTSCANDATE>2009-11-19 12:00</LATESTSCANDATE>
         <LATESTSCANSTATUS>20</LATESTSCANSTATUS>
         <FREQUENCY>1</FREQUENCY>
         <DAYWEEKMONTH>0</DAYWEEKMONTH>
         <NAME>Application server</NAME>
         <OWNER>Daniel Fredriksson</OWNER>
         <ICOUNT>1</ICOUNT>
         <SCANWINDOWS>1</SCANWINDOWS>
         <SCANWINDOWDELAY>1</SCANWINDOWDELAY>
         <SCANMODE>2</SCANMODE>
         <DNSLOOKUP>1</DNSLOOKUP>
         <NETBIOSLOOKUP>1</NETBIOSLOOKUP>
         <CVSS_SR_AVAIL>ND</CVSS_SR_AVAIL>
         <CVSS_SR_INTEG>ND</CVSS_SR_INTEG>
         <CVSS_SR_CONF>ND</CVSS_SR_CONF>
         <CVSS_CDP>ND</CVSS_CDP>
         <CVSS_TD>ND</CVSS_TD>
         <DISABLEPROTOCOL>0</DISABLEPROTOCOL>
         <EMPTYTARGETGROUP>0</EMPTYTARGETGROUP>
         <SCANLESS>0</SCANLESS>
         <WAKEONLANDELAY>0</WAKEONLANDELAY>
         <FROMLDAP>0</FROMLDAP>
         <LATESTSCANDURATION>00:23:00</LATESTSCANDURATION>
         <AVERAGESCANDURATION>00:38:00</AVERAGESCANDURATION>
         <DELETED>0</DELETED>
      </SCHEDULE>
   </SCHEDULELIST>
</RESPONSE>


Response key
ADDTOGROUPXIDAdd found targets to the following group (if schedule jod is a discovery scan)
AVERAGESCANDURATIONThe average scan time.
CONCURRENTSCANSNumber of concurrent scansallowed in this schedul job
CVSS_CDP

CVSS Collateral Damage Potential.

CVSS_SR_AVAIL

CVSS Security Requirements - Availability.

CVSS_SR_CONFCVSS Security Requirements - Confidentiality.
CVSS_SR_INTEGCVSS Security Requirements - Integrity.
CVSS_TDCVSS - Target Distribution.
DAYWEEKMONTHFlag if specific day of week or month should be used (available on monthly scanning).
DELETEDBoolean value if this entry is marked as removed and should not be displayed.
DISABLEPROTOCOLFlag regarding which process should be disabled during discovery.
DNSLOOKUPBoolean flag if a DNS lookup should be performed on all targets that are added in case this schedule is in discovery mode.
EMPTYTARGETGROUPBoolean value if the groupwhich we add targets t oshould be emptired prior to adding newly discovered targets.
FREQUENCYThe frequency of the scheduled time for this job.
FROMLDAP

Boolean flag if targets has been/shall be retrieved from a LDAP/AD server.

GROUPLISTComma separated list of granted groups for this account.
ICOUNT

The number of targets which will be scanned by this schedule.

LASTSCANDATEWhen this schedule will no longer be re-schedule.
LATESTSCANDATEWhen this schedule was scanned the latest time.
LATESTSCANDURATIONThe duration of the latest scan.
LATESTSCANSTATUSThe latest scan status of this schedule.
MAXSCANTIMEThe maximum amount of time allowed to scan this schedule.
NAMEThe name of the schedule job.
NETBIOSLOOKUPBoolean flag if a NetBIOS lookup should be performed on all targets that are added in case this schedule is in discovery mode.
NEXTSCANDATEThe next time this schedule will be executed.
OWNER

The owner of this schedule job (used when sending out notification).

SCANCOUNTDeprecated
SCANLESSBoolean flag if this schedule job should update daily.
SCANMODEThe mode of this schedule job (discovery, discovery/scan, scan).
SCANNERIDThe scanner id which this target will be tested from.
SCANWINDOWDELAYThe delay between scan windows (in days).
SCANWINDOWSThe number of allowed scan windows for this schedule.
TARGETLIST

The target list as accepted by the graphical user interface.

TEMPLATEIDThe scanning policy used by this schedule.
WAKEONLANDELAYThe delay before starting a scan against a target which has been woken up for testing.
XIDThe unique identifier of the given object.
XSUBUSERXIDThe unique identifier of sub account that has created this schedule (Please note that this field may not be present).

Remove Schedule

In order to remove a schedule job you need the unique identification number for that specific schedule job. This is retrived from the list of already defined schedule jobs ( See section: List Schedule).

Required keys
ACTIONREMOVESCHEDULEDATA
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=REMOVESCHEDULEDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Running Scan

In this section you can view the currently running scans and if required you can either pause ( and resume ) or stop any running scans.

List Running Scans

In order to see a list of currently running scans you shall supply the following information.

Required keys
ACTIONSCANSTATUSDATA

Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCANSTATUSDATA

Example response:

<RESPONSE>
   <STATUSLIST>
      <STATUS>
         <XID>2122465</XID>
         <XUSERXID>1000</XUSERXID>
         <XSUBUSERXID>1000</XSUBUSERXID>
         <XSOXID>1003</XSOXID>
         <SCANNERID>-1</SCANNERID>
         <SCANNERNAME>Local</SCANNERNAME>
         <REMOTEXID>6961</REMOTEXID>
         <COMPANY>Outpost24</COMPANY>
         <VCSERVICE>O</VCSERVICE>
         <VCPERCENT>10/15</VCPERCENT>
         <IPERCENTV>66</IPERCENTV>
         <ITHREADID>2122465</ITHREADID>
         <VCSTATUS>running</VCSTATUS>
         <VCSTATE>CAT_SCAN</VCSTATE>
         <BPAUSE>0</BPAUSE>
         <BSTOP>0</BSTOP>
         <VCJOBNAME>Test API</VCJOBNAME>
         <VCGNAME>lpattack15</VCGNAME>
         <IATTACKERID>15</IATTACKERID>
         <VCTARGET>91.216.32.140</VCTARGET>
         <XIPXID>1140</XIPXID>
         <ICOUNT>1</ICOUNT>
         <IVERIFY>0</IVERIFY>
         <DSCANSTARTED>2012-11-16 10:45</DSCANSTARTED>
         <DSCANSTART>2012-11-16 10:45</DSCANSTART>
         <DSCANEND>2012-11-16 22:45</DSCANEND>
         <XTEMPLATE>-2</XTEMPLATE>
         <XSCANJOBXID>7147</XSCANJOBXID>
         <TXSETTINGS/>
         <PROBEID>11fbf171</PROBEID>
         <SCANWINDOWS>1</SCANWINDOWS>
         <SCANWINDOWDELAY>1</SCANWINDOWDELAY>
         <RESUMING>0</RESUMING>
         <SCANSENT>0</SCANSENT>
         <TARGETTYPE>0</TARGETTYPE>
         <ISSTOPPED>0</ISSTOPPED>
         <ISPAUSED>0</ISPAUSED>
         <DBSCHEMA/>
         <SCANLESSREPORTXID>-1</SCANLESSREPORTXID>
         <SMARTFILTERING>1</SMARTFILTERING>
         <HOSTNAME>www.outpost24.com</HOSTNAME>
         <LOOKUP>0</LOOKUP>
         <SCANSCHEMA>scan</SCANSCHEMA>
         <WAKEONLAN/>
         <WAKEONLANDELAY>0</WAKEONLANDELAY>
         <FROMLDAP/>
      </STATUS>
   </STATUSLIST>
</RESPONSE>
Response key
BPAUSEBoolean flag if the scan is marked as paused.
BSTOPBoolean flag if the scan is marked as stopped.
COMPANYThe name of the company for this account
DBSCHEMAInternal use only.
DSCANEND

Date and time information when the scan will terminate if not already finished.

DSCANSTARTDate and time information when the scan shall start.
DSCANSTARTEDDate and time information when the scan started.
FROMLDAPRetrieve targets from the configured LDAP/AD server.
HOSTNAMEThe FQDN of the host.
IATTACKERIDThe internal attacker id which this scan is running from.
ICOUNTThe number of targets within this scan scope.
IPERCENTVThe percentage value of the progress of the scan.
ISPAUSEDBoolean flag if the scan is paused.
ISSTOPPED

Boolean flag if the scan is stopped.

ITHREADIDThe thread identification number within the system. Used for performing actions upon specific scans.
IVERIFYBoolean flag if the running scan is a verification scan.
LOOKUPBoolean flag if any discovered targets will perform a lookup upon adding them to the system.
PDETECTTEMPLATE

The scan policy which will be used on scan started by a discovery/scan type of scan (Please note that this field may not be present).

PROBEIDThe unique probe identification number.
REASONThe comment that will be used when adding targets to the system if the are detected (Please note that this field may not be present). 
REMOTEXIDInternal use.
RESUMINGBoolean flag if this scan is resumed from a previously paused scan.
SCANLESSREPORTXID

The unique identifier of the report which is updated using the SLS feature.

SCANNERIDThe scanner id which this target will be tested from.
SCANNERNAME

The name of the scanner where this action takes place.

SCANSCHEMAInternal use.
SCANSENTBoolean flag if the scan has been sent to the designated scanner.
SCANWINDOWDELAYThe delay between scan windows (in days).
SCANWINDOWSThe number of allowed scan windows for this schedule.
SMARTFILTERING

Boolean flag if the results will utilize smart filtering.

TARGETTYPE

The available types of targets:
0 : IP
1 : Host name
2 : NetBIOS name.

TEMPLATEThe scan policy utilized by this object (Please note that this field may not be present).
TXREPORTDeprecated (Please note that this field may not be present).
TXSETTINGSText settings for this scan.
VCGNAMEInternal use.
VCJOBNAMEThe name of the schedule job.
VCPERCENTText representation of the percentage value.
VCSERVICE

Should be set to W in order to only see Web Applications scan status.

VCSTATECurrent state of the scan.
VCSTATUSCurrent status of the scan.
VCTARGETText representation of the target.
WAKEONLANBoolean flag if targets should woken up by the WOL feature.
WAKEONLANDELAYThe delay before targets will be scanned since the WOL request is sent.
XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.
XSCANJOBXIDThe unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range).
XSOXIDThe unique identifier of the schedule object which contain the schedule preferences.
XSUBUSERXIDThe unique identifier of sub user which this object is connected to.
XTEMPLATEThe unique identifier of the scan policy used by this object.
XUSERXID

The unique user id.

Start a Scan

In order to start a scan you need to supply the unique identification number for a specific schedule. This can retrived from the schedule list (See section: List schedule).

Required keys
ACTIONSTARTSCAN
ONLYSCANNOWShould be set to 1.
XIDThe unique identiefier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ONLYSCANNOW=1&ACTION=STARTSCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Pause a Scan

In order to pause a currently running scan you need to supply the unique identification number for that specific scan. This can be retrived from the scan list (See section: List running scans).

Required keys
ACTIONPAUSESCAN
XIDThe unique identifier orf the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=PAUSESCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Resume a Scan

In order to resume a currently paused scan you need to supply the unique identification number for that specific scan. This can be retrived from the scan list (See section: List running scans).

Required keys
ACTIONRESUMESCAN
XIDThe unique identifier orf the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=RESUMESCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Stop  a Scan

In order to stop a currently running scan you need to supply the unique identification number for that specific scan. This can be retrived from the scan list (See section: List running scans).

If you would like to stop all running scans then you should supply -1 as the XID value.

Required keys
ACTIONSTOPSCAN
XIDThe unique identifier orf the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=STOPSCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Manage Reports

Here you can see the result of a scan and also export the results to different formats (PDF, Excel and XML). This section will also provide information regarding additional tasks that can be performed on single entries, like for instance how to accept a reported risk in a report.

There are several actions that can be performed upon a single report entry, such as assign task, accept risk, perform verify scan and comment vulnerability.

The different report types that you can export are the following:

Delta report - Shows that has changed between the latest and the selected previous report. The information will contain added and removed findings a long with any newly opened or closed ports. This is very useful when you need to determine what has changed between two scanning occurrences.

Overview report - Shows in which vulnerability families you currently have you reported vulnerabilities.

Solution report - This will give you information regarding how many issues will be resolved by applying the unique solutions for the selected report. With this information it's really easy to determine where you have your quick wins that you can apply and drastically reduce your risk level with minimal workload.

Trend report - This will provide statistics for the number of high, medium and low risks over time for the selected target.

Report Selection

This section will guide you through the different requests that you are required to perform in order to retrieve a report. This will contain requests like how to retrieve the schedules, templates or plain lists or targets which are available in the report.

There are two different ways to retrieve the reports. These are:

  1. From a group (list) - All targets currently defined in that group(s) will be used to present a report.
  2. From a host (list) - Only the individual selected target(s) will be used to generate a report.

The above ways of retrieving the reports will be explain in the following section.

Report Target

This is the sectioin where you receive information about the actual finding for a specific target. With the use of the filtering and addional parameters that can be defined you have a very powerful way of extracting information from the system based on your requirements.

Required keys
ACTIONREPORTTARGETDATA
GROUPSComma separated list of groups which you would like to retrive the targets for.
TARGETSComma separated list of targets which you would like to retrive the target report target information for.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?GROUPS=,-1,&ACTION=REPORTTARGETDATA&TARGETS=-1

Example reponse:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <XTEMPLATE>2</XTEMPLATE>
         <GLOBALTEMPLATE>1</GLOBALTEMPLATE>
         <VERIFIED>0</VERIFIED>
         <SCHEDULEJOB>Application server</SCHEDULEJOB>
         <CVSSSCORE>0.0</CVSSSCORE>
         <PCICVSSSCORE>0.0</PCICVSSSCORE>
         <DFIRSTSEEN>2009-11-05 12:00</DFIRSTSEEN>
         <DLASTSEEN>2009-11-05 12:00</DLASTSEEN>
         <DATE>2009-11-05 12:00</DATE>
         <XIPXID>87386</XIPXID>
         <VCTARGET>192.168.200.33</VCTARGET>
         <HOSTNAME>www.example.com</HOSTNAME>
         <IPORT>445</IPORT>
         <IPROTOCOL>6</IPROTOCOL>
         <XID>5800689</XID>
         <VCNAME>Port scanner</VCNAME>
         <VCVULNID>101010</VCVULNID>
         <BFALSEPOS>0</BFALSEPOS>
         <BNEW>1</BNEW>
         <BPCI>0</BPCI>
         <TYPE>Port</TYPE>
         <SERVICENAME>netbios-ssn</SERVICENAME>
         <IRISK>0</IRISK>
         <ORIGINALRISKLEVEL>-1</ORIGINALRISKLEVEL>
         <SCANNERNAME>Local</SCANNERNAME>
         <POTENTIALFALSE>0</POTENTIALFALSE>
         <CUSTOM0>SE</CUSTOM0>
         <CUSTOM1>1</CUSTOM1>
         <CUSTOM2>dalskdjlasjd</CUSTOM2>
         <CUSTOM3/>
         <CUSTOM4>London</CUSTOM4>
         <ACCEPTEDLENGTH>0</ACCEPTEDLENGTH>
         <ACCEPTED>0</ACCEPTED>
         <VCVHOST/>
         <TARGETTYPE>0</TARGETTYPE>
         <PLATFORM>ND</PLATFORM>
         <ASSIGNEE>Unassigned</ASSIGNEE>
         <ISADDED>0</ISADDED>
         <FINDINGDATE>2009-11-05 12:00</FINDINGDATE>
         <HASFPCOMMENT>0</HASFPCOMMENT>
         <AGE>1565.0</AGE>
         <HASEXPLOITS>0</HASEXPLOITS>
         <LIMITED>1</LIMITED>
      </REPORT>
   </REPORTLIST>
</RESPONSE>


Response keys
ACCEPTCOMMENTWritten comment that shall describe why the finding has been marked as an accepted risk (Please note that this field may not be present).
ACCEPTEDBoolean value if the report entry has been marked as an accepted risk.
ACCEPTEDLENGTH

For how many days was the entry accepted.

ACCEPTEXPIRESThe end date when the finding is no longer accepted automatically.
AGEThe number of days since the first occurrence of this specific finding.
ASSIGNEEThe user who is assigned to this specific entry.
BFALSEPOS

Boolean value if this entry is marked as a potential false positive.

BNEWBoolean value if this finding wasn't reported on the previous report for this target.
BPCIBoolean value if this finding is related to PCI.
CUSTOM0Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM1Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM2Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM3Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM4Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM5Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM6Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM7Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM8Custom attributed defined on either an user or a target (Please note that this field may not be present).
CUSTOM9Custom attributed defined on either an user or a target (Please note that this field may not be present).
CVSSSCOREThe calculated CVSS score for this finding.
DATEReport date and time.
DFIRSTSEENDate and time when this finding where first reported for this target and service.
DLASTSEEN

The date and time when this finding where seen the last time for this target and service.

FINDINGDATE

The date and time when this finding where either verified or updated from the SLS scanning.

GLOBALTEMPLATE

Name of the global template usedwhen performing the scan if any.

HASEXPLOITSBoolean flag if the vulnerability has a known exploit.
HOSTNAME

The FQDN of the host.

IIPVAL

The calculated number of the target (if IPv4) (Please note that this field may not be present).

IPORT

The port where this issue has been detected.

IPROTOCOLThe protocol where this issue has been detected (See http://www.isi.edu/in-notes/iana/assignments/protocol-numbers).
IRISK

The risk value for this finding
0 : Information
1 : Low
2 : Medium.
4 : High

ISADDED

Boolean flag if this finding has been added since the last scan.

LIMITEDThe presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request.
ORIGINALRISKLEVELThe original risk level if it has been changed.
PCICVSSSCORE

The calculated PCI CVSS score.

PLATFORM

The platform that has been detected upon this target.

POTENTIALFALSEBoolean flag if this finding is a potential false positive.
SCANNERNAME

The name of the scanner where this action takes place.

SCHEDULEJOBThe name of the schedule job which where used when performing this scan.
SERVICENAMEThe name of the service which where used when performing this scan.
TARGETTYPE

The available types of targets:
0 : IP
1 : Host name
2 : NetBIOS name

TYPE

What type of entry this is:
0 : Port
1 : Information
2 : Vulnerability

VCBUGBugtraq ID for this finding.
VCCVECVE ID for this finding.
VCFAMILYThe vulnerability family which this entry falls under.
VCNAMEThe name of the vulnerability.
VCTARGETText representation of the target.
VCVHOSTThe virtual host where this vulnerability has been detected.
VCVULNIDThe unique vulnerability id for this entry.
VERIFIEDBoolean flag if this finding has been verified scanned.
XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.
XTEMPLATEThe unique identifier of the scan policy utilized by this object.

Report Template

Using predefined templates when retrieving reports allows you to use saved filters when selecting what should be present in the report.

How to define a template will not be covered by this documentation. This document will rather function as a guide to what the different values represent for your knowledge. It is only includded here in so that you can use it when selecting what the content should be in the report. When using a template you will only submit the filtering section to the backend.

Required keys
ACTIONREPORTTEMPLATEDATA
SCANTYPE

The type of scan which you would like to recieve the templates for.

Valid values:
0 : OUTSCAN or HIAB
1 : OUTSCAN PCI
2 : WAS

Example request:

https://outscan.outpost24.com/opi/XMLAPI?SCANTYPE=0&ACTION=REPORTTEMPLATEDATA

Example reponse:

<RESPONSE>
   <REPORTTEMPLATES>
      <TEMPLATE>
         <XID>1059</XID>
         <XUSERXID>114</XUSERXID>
         <NAME>High risks - All targets</NAME>
         <ISPUBLIC>1</ISPUBLIC>
<STATE>o%3Acolumns%3Da%253Ao%25253Aid%25253Ds%2525253Aexpander%25255Ewidth%25253Dn%2525253A20
%255Eo%25253Aid%25253Ds%2525253Arfg_TARGET%25255Ewidth%25253Dn%2525253A100%255Eo%25253Aid%252
53Ds%2525253Arfg_HOSTNAME%25255Ewidth%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255E
o%25253Aid%25253Ds%2525253Arfg_DATE%25255Ewidth%25253Dn%2525253A120%255Eo%25253Aid%25253Ds%25
25253Arfg_VULNID%25255Ewidth%25253Dn%2525253A70%255Eo%25253Aid%25253Ds%2525253Arfg_NAME%25255
Ewidth%25253Dn%2525253A494%255Eo%25253Aid%25253Ds%2525253Arfg_HASEXPLOITS%25255Ewidth%25253Dn
%2525253A100%255Eo%25253Aid%25253Ds%2525253Arfg_TYPE%25255Ewidth%25253Dn%2525253A80%25255Ehid
den%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_CVSS%25255Ewidth%25253Dn%2525253A73%
255Eo%25253Aid%25253Ds%2525253Arfg_RISK%25255Ewidth%25253Dn%2525253A140%255Eo%25253Aid%25253D
s%2525253Arfg_PORT%25255Ewidth%25253Dn%2525253A50%255Eo%25253Aid%25253Ds%2525253Arfg_PROTOCOL
%25255Ewidth%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253
Arfg_CVE%25255Ewidth%25253Dn%2525253A100%255Eo%25253Aid%25253Ds%2525253Arfg_FAMILY%25255Ewidt
h%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_BUGTR
AQ%25255Ewidth%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525
253Arfg_ACCEPTED%25255Ewidth%25253Dn%2525253A70%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid
%25253Ds%2525253Arfg_ACCEPTEXPIRES%25255Ewidth%25253Dn%2525253A227%25255Ehidden%25253Db%25252
53A1%255Eo%25253Aid%25253Ds%2525253Arfg_BFALSEPOS%25255Ewidth%25253Dn%2525253A50%25255Ehidden
%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_BPOTENTIALFALSEPOS%25255Ewidth%25253Dn%
2525253A102%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_BNEW%25255Ewidt
h%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_VERIFI
ED%25255Ewidth%25253Dn%2525253A133%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525
253Aid_rfg0%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_DFIRSTSEEN%2525
5Ewidth%25253Dn%2525253A120%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg
_DLASTSEEN%25255Ewidth%25253Dn%2525253A120%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%2525
3Ds%2525253Arfg_PRODUCT%25255Ewidth%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255Eo%
25253Aid%25253Ds%2525253Arfg_VCVHOST%25255Ewidth%25253Dn%2525253A200%25255Ehidden%25253Db%252
5253A1%255Eo%25253Aid%25253Ds%2525253Arfg_PLATFORM%25255Ewidth%25253Dn%2525253A100%25255Ehidd
en%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_ASSIGNEE%25255Ewidth%25253Dn%2525253A
205%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_PCICOMPLIANCE%25255Ewid
th%25253Dn%2525253A70%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_FINDI
NGDATE%25255Ewidth%25253Dn%2525253A120%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%
2525253Arfg_ISADDED%25255Ewidth%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%255Eo%25253
Aid%25253Ds%2525253Aid_rfg6%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg
_HASFPCOMMENT%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_AGE%25255Ewid
th%25253Dn%2525253A70%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg8%2
5255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg7%25255Ehidden%25253Db%252
5253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg4%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%2
5253Ds%2525253Aid_rfg1%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg2%
5Esort%3Do%253Afield%253Ds%25253AVCNAME%255Edirection%253Ds%25253AASC%255Ecolumn%253Ds%25253A
Name%5Efilters%3Do%253AIRISK%253Da%25253As%2525253A4%5Egrouping%3Ds%253AVCTARGET</STATE>
<SERVERFILTER>filter%5B0%5D%5Bfield%5D=IRISK&filter%5B0%5D%5Bdata%5D%5Btype%5D=list&f
ilter%5B0%5D%5Bdata%5D%5Bvalue%5D=4</SERVERFILTER>
         <TARGETS>-1</TARGETS>
         <TARGETGROUPS>,-1,</TARGETGROUPS>
         <OWNER>John Doe</OWNER>
         <SCANTYPE>0</SCANTYPE>
      </TEMPLATE>
   </REPORTTEMPLATES>
</RESPONSE>


Response keys
ISPUBLICBoolean flag if this template is publicly available to all your sub users.
NAMENema of the report template.
OWNERThe creator of this template.
SCANTYPE

The type of scan which you would like to receive the templates for.

Valid values:
0 : OUTSCAN or HIAB
1 : OUTSCAN PCI
2 : WAS

SERVERFILTERThe filter for this template.
STATEThe filter used by the GUI to display this template.
TARGETGROUPSThe selected groups for this template.
TARGETSThe selected targets for this template.
XIDThe unique identifier of the given object.
XUSERXIDThe unique user id.

Report

In order to retrieve scanning results you need to supply the which targets and/or groups that you would like to receive them for. The targets and group cat either be single or multiple ones with the use of a comma separated list of their unique identification key. How to retrieve these identification keys are described in the Report selection section.

Retrive Report Entries

In order to retrieve scanning resultyou need to supply the following information.

Required keys
ACTIONREPORTTARGETDATA
GROUPSComma separated list of unique group identifiers to be included in the report.
TARGETSComma separated list of unique target identifiers to be included in the report.

Optional Keys

If based on a schedule object you should provide it's unique identification number in the following paramater.

Optional keys
SCANLOGXIDThe unique scan log entry id for the schedule job which you would like to retrieve reports for.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?GROUPS=,-1,&ACTION=REPORTTARGETDATA&TARGETS=-1


Example response:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <XTEMPLATE>2</XTEMPLATE>
         <GLOBALTEMPLATE>1</GLOBALTEMPLATE>
         <VERIFIED>0</VERIFIED>
         <SCHEDULEJOB>Application server</SCHEDULEJOB>
         <CVSSSCORE>0.0</CVSSSCORE>
         <PCICVSSSCORE>0.0</PCICVSSSCORE>
         <DFIRSTSEEN>2009-11-05 12:00</DFIRSTSEEN>
         <DLASTSEEN>2009-11-05 12:00</DLASTSEEN>
         <DATE>2009-11-05 12:00</DATE>
         <XIPXID>87386</XIPXID>
         <VCTARGET>192.168.200.33</VCTARGET>
         <HOSTNAME>www.example.com</HOSTNAME>
         <IPORT>445</IPORT>
         <IPROTOCOL>6</IPROTOCOL>
         <XID>5800689</XID>
         <VCNAME>Port scanner</VCNAME>
         <VCVULNID>101010</VCVULNID>
         <BFALSEPOS>0</BFALSEPOS>
         <BNEW>1</BNEW>
         <BPCI>0</BPCI>
         <TYPE>Port</TYPE>
         <SERVICENAME>netbios-ssn</SERVICENAME>
         <IRISK>0</IRISK>
         <ORIGINALRISKLEVEL>-1</ORIGINALRISKLEVEL>
         <SCANNERNAME>Local</SCANNERNAME>
         <POTENTIALFALSE>0</POTENTIALFALSE>
         <CUSTOM0>SE</CUSTOM0>
         <CUSTOM1>1</CUSTOM1>
         <CUSTOM2>dalskdjlasjd</CUSTOM2>
         <CUSTOM3/>
         <CUSTOM4>London</CUSTOM4>
         <ACCEPTEDLENGTH>0</ACCEPTEDLENGTH>
         <ACCEPTED>0</ACCEPTED>
         <VCVHOST/>
         <TARGETTYPE>0</TARGETTYPE>
         <PLATFORM>ND</PLATFORM>
         <ASSIGNEE>Unassigned</ASSIGNEE>
         <ISADDED>0</ISADDED>
         <FINDINGDATE>2009-11-05 12:00</FINDINGDATE>
         <HASFPCOMMENT>0</HASFPCOMMENT>
         <AGE>1565.0</AGE>
         <HASEXPLOITS>0</HASEXPLOITS>
         <LIMITED>1</LIMITED>
      </REPORT>
   </REPORTLIST>
</RESPONSE>


Response keys
ACCEPTCOMMENTThe comment given when this vulnerability was accepted (Please note that this field may not be present).
ACCEPTEDBoolean value if the vulnerability has been accepted.
ACCEPTEDLENGTHThe number of days the vulnerability has been accepted.
ACCEPTEXPIRESThe date when the vulnerability no longer is accepted.
AGEThe number of days since the first occurrence of this specific finding.
ASSIGNEEThe user who has a ticket assigned to him/her for this entry.
BFALSEPOSBoolean value if this vulnerability is marked as a false positive or not.
BNEWBoolean value if this finding wasn't reported on the previous report for this target.
BPCIBoolean value if this report is a PCI report.
CUSTOM0Custom attributed defined on either an user or a target.
CUSTOM1

Custom attributed defined on either an user or a target.

CUSTOM2Custom attributed defined on either an user or a target.
CUSTOM3Custom attributed defined on either an user or a target.
CUSTOM4Custom attributed defined on either an user or a target.
CVSSSCOREThe CVSS score for this vulnerability.
DATEThe date and time when this scan was performed.
DFIRSTSEENThe date and time when this finding was first detected on this host.
FINDINGDATEThe date and time when this finding was updated.
GLOBALTEMPLATE

The global template that was used if any.

HASEXPLOITSBoolean flag if the vulnerability has a known exploit.
HASFPCOMMENTBoolean flag if the target has false positive comments.
HOSTNAMEThe FQDN of the host.
IPORTThe port where this vulnerability was detected upon.
IPROTOCOLThe protocol used when detecting this vulnerability.
IRISKThe risk level that this vulnerability is graded to. See appendix G.
ISADDEDBoolean value if this vulnerability has been added after the initial scan.
LIMITEDThe presence of this field indicates that the response has been limited by the use of the limit parameter in the request.
ORIGINALRISKLEVELThe original risk level for this vulnerability.
PCICVSSSCOREThe PCI CVSS score for this vulnerability ( Does not reflect DOS ).
PLATFORMThe detected platform for this vulnerability.
POTENTIALFALSEBoolean value if this vulnerability are a potential false positive.
SCANNERNAMEThe name of the scanner where this action takes place.
SCHEDULEJOBThe name of the schedule job which is associated with this entry.
SERVICENAMEThe name of the service listening on this port and protocol.
TARGETTYPEThe available types of targets:
0 : IP
1 : Host name
2 : NetBIOS name.
TYPEThe entry report type.
VCBUGThe Bugtraq ID for this vulnerability.
VCCVEThe CVE reference for this vulnerability.
VCFAMILYThe family name of this vulnerability.
VCNAMEThe name of this vulnerability.
VCTARGETText representation of the target.
VCVHOSTThe virtual host name where this vulnerability was detected.
VCVULNID

The unique script identification number given to this vulnerability.

VERIFIEDBoolean value if this finding has been verified or not.
XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.
XTEMPLATEThe unique identifier of the scan policy utilized by this object.


Export Report

You can also export the report in a predefined format like PDF, Excel spreadsheet or into XML. In order to export a report you need to supply the selection criteria which where used to retrieve the report in the first place along with the next request.

Required keys
ACTIONEXPORTREPORT
FORMATShould be set to either PDF, XLS or XML.
LASTQUERYThe parameters used to retrive the report. This parameter should be URL encoded.

LENGTH

The length of the selected period.

PERIOD

The period that you would like to have the report for:
1 : Week
2 : Month
3 : Year

REPORTTYPEThe report type that you would like to extract. See Appendix F.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?REPORTTYPE=0&FORMAT=PDF&PERIOD=1&ACTION=EXPORTREPORT&LASTQUERY=start%3D0%26SCANLOGXID%3D101%26TARGET%3D101%26GROUPS%3D%252C-1%252C%26limit%3D50%26groupBy%3DVCTARGET%26ACTION%3DREPORTTARGETDATA%26sort%3DVCVULNID%26dir%3DDESC&groupBy=VCTARGET&REPORTTYPE=3&PERIOD=1&LENGTH=1&sort=VCVULNID&dir=DESC&LENGTH=1

The response will be in a binary format. This format is dependent on the given parameters in the request.

Report Actions

This section will describe additional actions that can be taken upon the reports. Accepted risk will allow you to add information on a specific finding where it clearly states that the finding is an accepted risk within your organization and when and for how long the finding is to be considered accepted. The accepted risk functionality can be set up to automatically accept new finding of the same type, so if the specific finding appears in another location it can be automatically accepted. During the accepted period that has been defined (or forever) the finding will automatically be marked as an accepted risk and contain the original comment.

Mark false positive should be used to send back feedback to the support team. It should not be used instead of the accepted risk feature since a false positive is something that has reported upon the wrong circumstances and not something that you don't think apply to your organization. If you think that it doesn't affect your organization or if you added compensating controls, then you should use the accepted risk and provide the reasoning within that comment. This will provide the report readers with the information that compensating controls are put into place and which person that supplied those details when.

Using the Verify functionality allows you to perform a scan against the target just using that single test. The verify function doesn't deduct any scans from your license so you are free to re-test if the remediation has resolved the reported issues.

The Comment vulnerability feature allow you to add information on a specific vulnerability that will also be present in the report.

Each finding can also be assigned to a specific user within the system. There is a built in ticketing system that should be used to track the remediation process.

Accept Risk

You can choose to accept a reported vulnerability by accepting the risk it will expose the company for.

Required keys
ACCEPTCOMMENT

The comment to be included in the report regarding why it has been accepted.

ACCEPTFORALLTARGETSBoolean value if the risk should be accept on all targets which currently have this risk.
ACCEPTFOREEVERBoolean value if the risk is accepted forever.
ACCEPTRISKADDThe number of days you accept the risk.
ACTIONUPDATEREPORTFINDINGDATA
XIDThe unique identifier of the given object


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACCEPTFORALLTARGETS=0&ACCEPTCOMMENT=Test&XID=99&ACCEPTFOREEVER=0&ACCEPTFOREEVER=0&ACCEPTRISKADD=14&ACTION=UPDATEREPORTFINDINGDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Mark False Positives

In order to mark a finding as a false positive you need the unique identifiction number for that specific report entry.

Required keys
ACTIONMARKFALSEPOSITIVE
INFORMATIONText comment which will be available in conjunction with the false positive.
SENDINFOShould be set to 1 if you would like to notify Outpost24 support department regarding this entry.
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?INFORMATION=Test&XID =99&SENDINFO=off&ACTION=MARKFALSEPOSITIVE


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Verify

You can perform a verification scan of a specific finding. This will just perform the check for the specific vulnerability and the result will be present in the report afterwards. This can be done on all types of findings except the following : Port scanning entires and those that are of the family Web Application Scanner (WAS).

Required keys
ACTIONSTARTVERIFYDATA
XIDThe uniq identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=99&ACTION=STARTVERIFYDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Comment Vulnerability

You can add comments to vulerabilities in the report. This is done by suplying the following information.

Required keys
ACTIONUPDATESCRIPTDATA
COMMENTThe comment which should be associated with this vulnerability.
ISCOMMENTMust be set to 1 or true in order to add a comment.
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=99&COMMENT=Test&ACTION=UPDATESCRPTDATA&ISCOMMENT=0

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Removed Marked False Positive

In order to remove the reported false positive you can perform an update on that specific report entry and reset the Boolean value to zero.

Required keys
ACTIONUPDATEREPORTFINDINGDATA
BFALSEPOSBoolean value which should be set to 0 in order to remove the false positive flag from this entry.
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=99&BFALSEPOS=0&ACTION=UPDATEREPORTFINDINGDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Assign Report Entry as Ticket

You can mark findings as a task for any of you sub user s to take action upon. In order to do that you need to supply the following information.

Required keys
ACTIONUPDATETICKETDATA
DUEDATEThe due date for this task.
IDThe task identification number. Should be set to NEW if you would like to create a new entry.
MESSAGEThe message which will be connected to this task.
MULTIPLEBoolean value if the is regarding multiple entries or not.
NAMEThe name of the task.
PRIORITYThe priority of this task. Value 1-5.
STATUSThe current status of the task.
TASKIDThe task identification number. Should be set to -1 if you would like to created a new entry.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?DUEDATE=2013-04-08&MESSAGE=test&NAME=Test&PRIORITY=3&ID=New&TASKID=-1&STATUS=1&ACTION=UPDATETICKETDATA&MULTIPLE=&

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Report Types

This section will describe the other report types that can be extracted from the system.

Delta report:

This report will show you the differences between two selected reports (or previous). This is handy when you would like to see what has changed since the last time of scanning. It will display your changes both on the specific vulnerabilities and also any changes in the number of open ports. The changes are reported on the added or removed basis so it really easy to see what has been resolved (removed) and what needs to be prioritized (added).

Overview report:

The overview report will show you how the findings are distributed over vulnerability family and also upon which port you have the most reported issues.

Solution report:

This report will provide you with the "QUICK WINS", that is the "make me look good" list. It will provide the information where you gain the most risk reduction with least amount of work required. Instead of report based on the vulnerability it will display the findings based on their solution, so if updating to the latest version of a version would resolve multiple issues they will only have one entry in the solution report with the number of vulnerabilities that will be resolved by applying the required solution.

Trend report:

This report will give you a historical representation of how the number of high, medium and low risk has evolved during the selected trend period.


Delta Report

You can get a delta view over how the vunerabilities are changed during different periods.

Required keys
ACTIONREPORTDELTAREPORTS
GROUPSThe unique group identification number which you would like to get the delta for.
LENGTH

The number of periods.

PERIOD

1 = week
2 = month
3 = year

PORTBoolean value if you would like to include delta information on the open/closed port with the response.
SCANLOGXIDThe unique scan log identifier that you would like to get the delta view for.
STARTSCANXIDA scan log id wich you would like to compare the the selected report with.
TARGETSThe unique target identification number which you would like to get the delta for.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?PORT=1&SCANLOGXID=&PERIOD=4&STARTSCANXID=1&GROUPS=,-1,&ACTION=REPORTDELTAREPORTS&LENGTH=30&TARGETS=-1

Example response:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <VCTARGET>192.168.200.2</VCTARGET>
         <IPADDRESS>192.168.200.2</IPADDRESS>
         <FIRSTREPORTDATE>2009-10-09 12:57</FIRSTREPORTDATE>
         <LASTREPORTDATE>2009-11-06 09:38</LASTREPORTDATE>
         <XID>1026608</XID>
         <XIPXID>87384</XIPXID>
         <SCANNERNAME>Local</SCANNERNAME>
         <ADDED>29</ADDED>
         <REMOVED>8</REMOVED>
         <UNCHANGED>20</UNCHANGED>
         <HIGH>0</HIGH>
         <MEDIUM>0</MEDIUM>
         <LOW>0</LOW>
      </REPORT>
   </REPORTLIST>
</RESPONSE>


Response keys
ADDEDThe number of vulnerabilities which where added between the two dates.
FIRSTREPORTDATEThe first report date which is used in the comparison.
HIGHNumber of high risk.
IPADDRESSThe IP address which this delta is for.
LASTREPORTDATEThe last report date which is used in the comparison.
LOWNumber of low risks.
MEDIUMNumber of medium risks.
REMOVEDThe number of vulnerabilities which where removed between the two dates.
SCANNERNAMEThe name of the scanner where this action takes place.
UNCHANGEDThe number of vulnerability which where unchanged between the two dates.
VCTARGET

Text representation of the target.

XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.


Overview Report

You can get an overview over how the vulnerabilities are distributed based on different criteria.

Required keys
ACTIONREPORTFINDINGSTAT
GROUPBYWhich overview you would like to have. Currently the following are available: VCFAMILY | IRISK | IPORT | ACCEPTED
GROUPSThe unique group identification number which you would like to get the oveview for.
TARGETSThe unique target identification number which you would like to get the overview for.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?GROUPS=-1&GROUPBY=VCFAMILY&ACTION=REPORTFINDINGSTAT&TARGETS=-1

Example response:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <VCFAMILY>ubuntu</VCFAMILY>
         <COUNT>41</COUNT>
      </REPORT>
   </REPORTLIST>
</RESPONSE>


Response keys
COUNTThe amount of vulnerabilities found for the selected overview.
VCFAMILYThe family name of the vulnerability.

Solution Report

You can get a solution view of your reported vulnerabilities.

Required keys
ACTIONREPORTSOLUTIONS
GROUPSThe unique group identification number which you would like to get the solutions for.
SCANLOGXIDThe unique scan log identifier that you would like to get the solution view for.
TARGETSThe unique target identification number which you would like to get the solutions for.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?SCANLOGXID=&GROUPS=,-1,&ACTION=REPORTSOLUTIONS&TARGETS=-1

Example response:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <SOLUTIONTYPE>2</SOLUTIONTYPE>
         <SOLUTIONPRODUCT>Microsoft SMB</SOLUTIONPRODUCT>
         <SOLUTIONTITLE>Restrict access to the SMB service</SOLUTIONTITLE>
         <SOLUTION>Restrict access to the SMB service</SOLUTION>
         <ORDERING>217926</ORDERING>
         <COUNT>2</COUNT>
         <TARGETCOUNT>1</TARGETCOUNT>
         <HIGHRISKS>2</HIGHRISKS>
         <MEDIUMRISKS>0</MEDIUMRISKS>
         <LOWRISKS>0</LOWRISKS>
      </REPORT>
   </REPORTLIST>
</RESPONSE>


Response keys
COUNTThe total number of vulnerabilities that has this solution.
HIGHRISKSThe number of high risks that this solution will resolve
LOWRISKS

The number of low risks that this solution will resolve.

MEDIUMRISKSThe number of medium risks that this solution will resolve
ORDERINGInternal use.
SOLUTIONThe solution text that explaines that action needs to be taken to resolve the issue.
SOLUTIONPRODUCTThe product that the solution affects.
SOLUTIONTITLEShort title regarding the solution.
SOLUTIONTYPEThe type of the solution.
TARGETCOUNTThe number of targets that has this solution.

Trend Report

You can get a trend overview over how the vulnerabilities are distributed based on differentperiods.

Required keys
ACTIONREPORTTREND
GROUPSThe unique group identification number which you would like to get the trend for.
LENGTHThe number of the periods
PERIOD1 = Week
2 = Month
3 = Year
TARGETSThe unique target identification number which you would like to get the trend for.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?PERIOD=3&GROUPS=-1&ACTION=REPORTTREND&LENGTH=4&TARGETS=-1

Example response:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <DATE>2013-07-17 00:00</DATE>
         <LOWACCEPTED>0</LOWACCEPTED>
         <MEDIUMACCEPTED>0</MEDIUMACCEPTED>
         <HIGHACCEPTED>0</HIGHACCEPTED>
         <LOW>0</LOW>
         <MEDIUM>0</MEDIUM>
         <HIGH>0</HIGH>
         <ADDED>0</ADDED>
         <REMOVED>0</REMOVED>
         <OPENED>2</OPENED>
         <CLOSED>0</CLOSED>
         <ISCVSS>0.0</ISCVSS>
      </REPORT>
   </REPORTLIST>
</RESPONSE


Response keys
ADDEDThe number of added findings.
CLOSEDThe number of closed findings.
DATEThe date when this information was gathered.
HIGHThe number of high findings.
HIGHACCEPTEDThe number of high findings which are accepted.
ISCVSSThe sum of all calculated CVSS scores added together.
LOWThe number of low findings.
LOWACCEPTEDThe number of low findings which are accepted.
MEDIUMThe number of medium findings.
MEDIUMACCEPTEDThe number of medium findings which are accepted.
OPENEDThe number of opened ports.
REMOVEDThe number of removed findings.

Report schedule

This section will describe how you can schedule reports to be automatically sent out to a defined recipient.

Multiple entries can be defined so different types of reports can be sent to the same recipient. The reports can also be defined to only contain specific host, groups or even using a report template (target selection and filtering combined).

On a HIAB it is also possible to transfer the file out to an external server using either FTP or SCP. Those options will be available once such servers have been defined in the maintenance section.

List Schedule Report

In order to see all the scheduled reports which has been added to the system on your profile you need to supply the details.

Required keys
ACTIONREPORTSCHEDULEDATA
SCANTYPEThe available scan types:
0 : OUTSCAN
1 : PCI
2 : WAS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?SCANTYPE=0&ACTION=REPORTSCHEDULEDATA

Example response:

<RESPONSE>
   <REPORTSCHEDULES>
      <SCHEDULE>
         <XID>1005</XID>
         <XUSERXID>114</XUSERXID>
         <NAME>MySchedule</NAME>
         <FREQUENCY>1</FREQUENCY>
         <LASTDATE>2011-04-30 00:00</LASTDATE>
         <LATESTDATE>2011-10-03 10:00</LATESTDATE>
         <DAYWEEKMONTH>0</DAYWEEKMONTH>
         <REPORTTYPE>3</REPORTTYPE>
         <PERIOD>2</PERIOD>
         <LENGTH>1</LENGTH>
         <FORMAT>7</FORMAT>
         <RECIPIENT>-1</RECIPIENT>
         <RECIPIENTEMAIL>securitygroup@mycompany.com</RECIPIENTEMAIL>
         <ENCRYPTIONKEY>df.key</ENCRYPTIONKEY>
         <TARGETGROUPS>,-1,</TARGETGROUPS>
         <SCANTYPE>0</SCANTYPE>
         <RECIPIENTTYPE>0</RECIPIENTTYPE>
         <OWNER>Daniel Fredriksson</OWNER>
         <INCLUDEHOSTINFO>1</INCLUDEHOSTINFO>
         <REPORTLEVEL>0</REPORTLEVEL>
      </SCHEDULE>
   </REPORTSCHEDULES>
</RESPONSE>
Reponse keys
DAYWEEKMONTHFlag if specific day of week or month should be used (available on monthly scanning).
ENCRYPTIONKEYName of the encryption key which shall be used to encode the report.
FORMATBinary encoding of the format to be include.
FREQUENCYThe frequency of the scheduled time for this job.
INCLUDEHOSTINFOBoolean flag if target information should be included in the exported report.
LASTDATEThe last date and time when the report was generated.
LATESTDATERun schedule until this given date.
LENGTHThe lenght of the given period.
NAMEThe name of the report schedule.
OWNERThe owner of the object.
PERIODThe period of the scheduled report. See Appendix B.
RECIPIENTThe unique idenfication number of the user who should receive the report. Set to -1 if custom email address are used.
RECIPIENTEMAILThe custom email address if no recipient identification number is specified.
RECIPIENTETYPE

The type of reciepient:
0 : Email
1 : FTP - HIAB only
2 : SCP - HIAB only

REPORTLEVEL

The number of sub levels of the groups that will be included in the group report.

REPORTTEMPLATEThe report template to use when generating the report.
REPORTTYPEThe type of report to export. See Appendix F.
SCANTYPEThe available scan types:
0 : OUTSCAN
1 : PCI
2 : WAS
TARGETGROUPSComma separated list of target groups to be included in the report.
XIDThe unique identifier of the given object.
XUSERXID

The unique user id.


Update Scheduled Report

You can schedule reports to be generated at a specific time.

Required keys
ACTIONUPDATEREPORTSCHEDULEDATA
NAMEName of the schedule report.
RECIPIENTThe recipient of the report.
REPORTTYPEThe type of report to receive. See Appendix I.
SCANTYPEThe available scan types:
0 : OUTSCAN
1 : PCI
2 : WAS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?REPORTTYPE=1&NAME=Test&RECIPIENT=0&SCANTYPE=0&ACTION=UPDATEREPORTSCHEDULEDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Remove Schedule Report

In order to remove a scheduled report you need the unique identification number for that specific report schedule. This is retrieved from the list of already defined report schedules ( See section : List Schedule Report).

Required keys
ACTIONREMOVEREPORTSCHEDULEDATA
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=1754&ACTION=REMOVEREPORTSCHEDULEDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Manage Tickets

In the system you can create custom and report specific tickets to be assigned to any of your defined users. The tickets can be defined to automatically become generated and assigned from within the event system. There is also an option to define an escalation rule for each individual user in case a due date has been exceeded.

List Tickets

You can retrieve  a list of tickets by supplying the following information.

Required keys
ACTIONTICKETDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=TICKETDATA

Example response:

<RESPONSE>
   <TICKETLIST>
      <TICKET>
         <XID>1821</XID>
         <TYPE>6</TYPE>
         <DUEDATE>2009-07-01 00:00</DUEDATE>
         <PRIORITY>1</PRIORITY>
         <STATUS>1</STATUS>
         <SCRIPTID>-1</SCRIPTID>
         <SCRIPTNAME/>
         <NAME>My First Ticket</NAME>
         <TASKID>100</TASKID>
         <ASSIGNEE>Daniel Fredriksson</ASSIGNEE>
         <WASFINDING>0</WASFINDING>
         <PCIFINDING>0</PCIFINDING>
         <SCHEDULEOBJECTNAME/>
         <VERIFIED>0</VERIFIED>
      </TICKET>
   </TICKETLIST>
</RESPONSE>


Response key
ASSIGNEEThe assigned user of this task.
DREPORTDATEThe report date and time which this task is regarding.
DUEDATEThe due date of this task.
IPADDRESSThe IP address of the target which this task is concerning.
IPORTThe port of the finding of which this task is concerning.
IPROTOCOL

The protocol of the finding.

NAMEThe name of the task.
PCIFINDINGBoolean value if this is regarding a PCI finding.
PORTA text description of the port of which this task is concerning.
PRIORITYThe task priority (1-5)
PROTOCOLA text decription of the protocol.
REPORTXIDInternal use.
SCHEDULEOBJECTNAMEThe schedule name conerning this task
SCHEDULEOBJECTXIDThe unique schedule id conerning this task
SCRIPTIDThe vulnerability script id which this task is conerning.
SCRIPTNAMEThe vulnerability name.
STATUSCurrent status of this task.
TARGETTYPEThe available types of targets:
0 : IP
1 : Host name
2 : NetBIOS name.
TASKIDThe unique identificatioin number of this task.
TYPEThe type of task:
0 : Single entry
1 : Whole report
VCVULNIDThe vulnerability script id which this task is conerning.
VERIFIEDBoolean value if this finding has been verified or not.
VIRTUALHOSTThe virtual hosts for this target.
WASFINDINGBoolean flag if this task concerns a Web Application Scan.
XIDThe unique identifier of the given object.
XIPXID

The unique identifier of the target object.

XSUBUSERXIDThe unique identifier of sub user which this object is connected to.


Update Ticket

In order to create a ticket you have to supply the following information.

Required keys
ACTIONUPDATETICKETDATA
DUEDATEThe due date for this task.
IDThe task idenfication number. Should be set to NEW if you would like to create a new entry.
MESSAGEThe message which will be connected to this task.
MULTIPLEBoolean value if the task is regarding multiple entries or not.
NAMEThe name of the task.
PRIORITYThe priotity of this task. Value 1-5
STATUSThe current status of this task.
TASKIDThe taskidentification number. Shoiuld be set to -1 if you would like to create a new entry.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?DUEDATE=2019-04-08&MESSAGE=test&NAME=Test&PRIORITY=3&ID=New&TASKID=-1&STATUS=1&ACTION=UPDATETICKETDATA&MULTIPLE=&


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Remove Ticket

If you are the main account holder the you can actually remove a ticket from the system. Please note that this isn't possible by any other user. In order to remove a ticket you need to supply the following information.

Required keys
ACTIONREMOVETICKETDATA
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=9326&ACTION=REMOVETICKETDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.



Manage Audit

Here you can retrieve a list of some actions which has been taken place in the system by the defined users so that you can see who did what and when.

This might be a requirement from your auditor but can come in handy when it comes to tracking changes within the system.

Please note that this information is only retained for 1 year. If longer storage is required, you are required to manually download and store this information in a remote system on an annual basis.

View Audit History

You can retrive a list of some actions which has been taken place in the system by the defined users so that you can see how did what and when.

Required keys
ACTIONAUDITDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=AUDITDATA


Example response:

<RESPONSE>
   <AUDITLIST>
      <AUDIT>
         <XID>1185216</XID>
         <XXID>4710</XXID>
         <NAME>Api Api</NAME>
         <XVCAPP>tSubUserS</XVCAPP>
         <IMODE>1</IMODE>
         <TXCUSTOM/>
         <XTIME>2014-02-18 08:59</XTIME>
         <VCFIRSTNAME>Api</VCFIRSTNAME>
         <VCLASTNAME>Api</VCLASTNAME>
         <LIMITED>1</LIMITED>
      </AUDIT>
   </AUDITLIST>
</RESPONSE>


Response keys
IMODE

0 = Added
1 = Updated
2 = Deleted
3 = Login
4 = Log out

LIMITEDThe presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request.
NAME

The full name on the account that performed the action.

TXCUSTOMAdditional details of the modification.
VCFIRSTNAMEThe first name of the user.
VCLASTNAMEThe surmane of the user.
XIDThe unique identifier of the given object.
XTIMEThe data and time when the action was performed.
XVCAPPThe application which the audit log entry is concerning. See Appendix N.
XXIDThe unique identification number for the entry which this log is about.

Export Audit History

The audit log can also be exported from the system. This request will result in a binary file being provided of the XLS format.

Required keys
ACTIONEXPORTAUDIT


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=EXPORTAUDIT

The response will be in a binary format. This format is dependent on the given parameters in the request.

Manage Events

The event notifications area allows for actions to be performed upon certain events. These actions can be sent out over SNMP, syslog or email.

Please see Appendix N for a complete list of all possible actions.

List Event Notifications

In order to list the defined event notifications which are present in the system you need to supply the following information.

Required keys
ACTIONLOGGINGDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=LOGGINGDATA

Example response:

<RESPONSE>
   <LOGLIST>
      <LOG>
         <XID>19678</XID>
         <XUSERXID>114</XUSERXID>
         <XREFID>20</XREFID>
         <ITYPE>3</ITYPE>
         <RECIPIENT>df@outpost24.com</RECIPIENT>
         <TARGETLIST/>
         <TARGETGROUPLIST/>
         <MYSCANS>1</MYSCANS>
         <NEWFINDINGS>1</NEWFINDINGS>
         <SCANFORMAT>0</SCANFORMAT>
         <ATTACHREPORT>0</ATTACHREPORT>
         <REPORTTYPE>0</REPORTTYPE>
         <SCANTYPE>7</SCANTYPE>
         <TARGETINFORMATION>1</TARGETINFORMATION>
      </LOG>
   </LOGLIST>
</RESPONSE>


Response keys
ASSIGNEEThe user which is assigned the ticket (Please note that this field may not be present).
ATTACHREPORTBoolean value if the report should be attached to the email if selected.
ENCRYPTIONKEYThe encryption key that will be used to encrypt any attached report (Please note that this field may not be present).
EVENTNAMEThe name of the notification event (Please note that this field may not be present).
ITYPEThe event type:
1 : Syslog
2 : SNMP
3 : Email
4 : SMS
5 : Ticket
MYSCANSBoolean value if this should only be for scans which the user has scheduled.
NEWFINDINGSBoolean value if this event is only for new findings.
RECIPIENTEmail address where the event will be sent to (Please note that this field may not be present).
REPORTTYPEThe report type that will be attached to the event notfication. See Appendix F.
SCANFORMATThe additional information format that should be included in the event.
SCANTYPEThe available scan types:
0 : OUTSCAN
1 : PCI
2 : WAS
TARGETGROUPLISTFor which target groups that this notification will take place.
TARGETINFORMATIONBoolean value if additional target information should be included in the notification.
TARGETLISTThe target list as accepted by the graphical user interface.
TICKETPRIORITYThe priority that will be set for the assigned task if defined (Please note that this field may not be present). 
XASSIGNEEThe full name of the user which is assigned task if defined (Please note that this field may not be present). 
XIDThe unique identifier of the given object.
XREFIDSee Appendix N.
XUSERXIDThe unique user id.


Update Event Notification

In order to add an event notification you need to supply the following information.

Required keys
ACTIONUPDATELOGGINGDATA
ITYPE

1 : Syslog
2 : SNMP
3 : Email
4 : SMS
5 : Ticket

RECIPIENTThe recipient of the event
XREFIDSee Appendix N.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XREFID=11&RECIPIENT=test@example.com&ITYPE=3&ACTION=UPDATELOGGINGDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Remove Event Notification

In order to remove any event notification you need to supply the unique identification number for that specific event.

Required keys
ACTIONREMOVELOGGINGDATA
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=26903&ACTION=REMOVELOGGINGDATA


The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Manage Dashboard.

The dash board gives a quick overview of the status of your network. It holds modules that gives information about various aspects of the targets and their risks.

Top Groups

Shows the groups with the most vulnerabilities.

Required keys
ACTIONDASHBOARD_TOPGROUPS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPGROUPS


Example response:

<RESPONSE>
   <TOPGROUPS>
      <STAT>
         <XID>21077</XID>
         <NAME>Risk</NAME>
         <XIPARENTID>19923</XIPARENTID>
         <XPATHUP>21077,19923</XPATHUP>
         <COUNT>104</COUNT>
         <RULEBASED>0</RULEBASED>
         <REPORTBASED>0</REPORTBASED>
         <HASCHILDNODES>1</HASCHILDNODES>
         <PATH>Report Groups / Risk</PATH>
         <POSITION>1</POSITION>
      </STAT>
   </TOPGROUPS>
</RESPONSE>
Response keys
COUNTThe number of vulnerabilities present in this group.
HASCHILDNODESBoolean value if this group has any child nodes.
NAMEThe name of the group.
PATHThe group path.
POSITIONThe position in the path.
REPORTBASEDBoolean value if the group is based on a Reporting group.
RULEBASEDBoolean value if the group is based on a Dynamic group.
XIDThe unique identifier of the given object.
XIPARENTIDThe unique id for anyparent object for this object within the system.
XPATHUPInternal use only.


Top Ports

Shows the ports with most vulnerabilities.

Required keys
ACTIONDASHBOARD_TOPPORTS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPPORTS


Example response:

<RESPONSE>
   <TOPPORTS>
      <STAT>
         <PORT>445</PORT>
         <COUNT>95</COUNT>
      </STAT>
   </TOPPORTS>
</RESPONSE>
Response keys
COUNTThe number of open ports
PORTThe port number


Top Applications

Shows the applications found that has most vulnerabilities in the specified target group.

Required keys
ACTIONDASHBOARD_TOPAPPS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPAPPS


Example response:

<RESPONSE>
  <RESPONSE/>
</RESPONSE>
Response keys


Risk Summary

Display how many targets that have high, medium, and low risk.

Required keys
ACTIONDASHBOARD_RISKSUMMARY


Optional Keys

The risk summary can also be extracted for a specific group.

Optional keys


GROUPXIDThe group that you would like to receive the risk summary for. If omitted it will report all based on all targets.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_RISKSUMMARY


Example response:

<RESPONSE>
   <RISKCOUNT>
      <STAT>
         <HIGH>4</HIGH>
         <LOW>1</LOW>
         <MEDIUM>3</MEDIUM>
         <HIGHTREND>-2</HIGHTREND>
         <LOWTREND>0</LOWTREND>
         <MEDIUMTREND>-2</MEDIUMTREND>
         <TOTAL>9</TOTAL>
      </STAT>
   </RISKCOUNT>
</RESPONSE>>
Response keys
HIGHThe number of high risks.
HIGHTRENDThe trend of high risks.
LOWThe number of low risks.
LOWTRENDThe trend of low risks.
MEDIUMThe number of medium risks.
MEDIUMTRENDThe trend of medium risks.
TOTALThe total number of vulnerabilities on the selected group (or all targets it omitted).


Remediation Statistics

Shows how long it takes on average to re-mediate risks on the targets in the specified target.

Required keys
ACTIONDASHBOARD_REMEDIATIONSTATS
GROUPXIDThe group that you would like to receive the risk summary for. If omitted it will report all based on all target.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?GROUPXID=-1&ACTION=DASHBOARD_REMEDIATIONSTATS


Example response:

<RESPONSE>
   <RISKCOUNT>
      <STAT>
         <DAY>2013-11-19 00:00</DAY>
         <DAYSHIGH>1674</DAYSHIGH>
         <DAYSMEDIUM>1708</DAYSMEDIUM>
         <DAYSLOW>1765</DAYSLOW>
      </STAT>
   </RISKCOUNT>
</RESPONSE>>
Response keys
DAYThe date for this statistics.
DAYSHIGHThe number of days it takes to resolve a high risk vulnerability.
DAYSLOWThe number of days it takes to resolve a low risk vulnerability.
DAYSMEDIUMThe number of days it takes to resolve a medium risk vulnerability.


Top Platforms

Shows the platform distribution found that has most vulnerabilities in the specified target group.

Required keys
ACTIONDASHBOARD_TOPPLATFORMS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPPLATFORMS


Example response:

<RESPONSE>
  <RESPONSE/>
</RESPONSE>
Response keys


Top Targets

Shows the targets with most vulnerabilities in the specified target group.

Required keys
ACTIONDASHBOARD_TOPTARGETS


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPTARGETS


Example response:

<RESPONSE>
   <TOPTARGETS>
      <STAT>
         <XID>87384</XID>
         <NAME>192.168.200.2</NAME>
         <COUNT>88</COUNT>
      </STAT>
   </TOPTARGETS>
</RESPONSE>
Response keys
COUNTThe number of vulnerabilities present on the specific target.
NAMEThe target name or IP.
XIDThe unique identifier of the given object.

Top Vulnerabilities

Shows the platform distribution found that has most vulnerabilities in the specified target group.

Required keys
ACTIONDASHBOARD_TOPVULNERABILITIES


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPVULNERABILITIES


Example response:

<RESPONSE>
   <TOPVULNERABILITIES>
      <STAT>
         <VCVULNID>205390</VCVULNID>
         <VCNAME>Mozilla Firefox file:// Directory Listing XSS Vulnerability</VCNAME>
         <COUNT>1</COUNT>
      </STAT>
   </TOPVULNERABILITIES>
</RESPONSE>
Response keys
COUNTThe number of occurences of this vulnerability.
VCNAMEName of the vulnerability.
VCVULNIDThe script id for the vulnerability.

Vulnerability Database

The vulnerability database lets you look at the vulnerability checks, and also see their descriptions and suggested solutions.

It is also possible to get the number of times a specific vulnerability has been detected within your network..

List Vulnerabilities

In order to list the vulnerabilities you need to supply the following information.

Required keys
ACTIONSCRIPTDATA

Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCRIPTDATA


Example response:

<RESPONSE>
   <SCRIPTLIST>
      <SCRIPT>
         <XID>100018</XID>
         <VCNAME>RPC Portmapper</VCNAME>
         <VCFAM>rpc</VCFAM>
         <IRISK>0</IRISK>
         <ICVSS>0</ICVSS>
         <VCCVE>CVE-1999-0632</VCCVE>
         <VCCVSSVECTOR>(AV:N/AC:L/Au:N/C:N/I:N/A:N)</VCCVSSVECTOR>
         <VCBUG>No bugtraq</VCBUG>
         <SCRIPTCREATED>2007-04-04 00:00</SCRIPTCREATED>
         <CVSS_SCORE>0.0</CVSS_SCORE>
         <HASEXPLOITS>0</HASEXPLOITS>
         <LIMITED>1</LIMITED>
      </SCRIPT>
   </SCRIPTLIST>
</RESPONSE>
Response keys
CVSS_SCOREThe CVSS score for this vulnerability.
HASEXPLOITSBoolean flag if the vulnerability has a known exploit.
ICVSSThe calculated CVSS number for this vulnerability. Divide it by 10 to get the correct number.
IRISK

The risk level that this vulnerability is graded to. See Appendix J.

LIMITEDThe presence of this field indicates that the response has been limited by the use of the limit. parameter in the request.
SCRIPTCREATED

The date when this script was created.

VCBUGThe Bugtraq ID for this vulnerability.
VCCVEThe CVE reference for this vulnerability.
VCCVSSVECTORThe CVE vector for this vulnerability.
VCFAMThe family that this vulnerability belongs to.
VCNAMEThe name of this vulnerability.
XIDThe unique identifier of the given object.


Extended Script Information

If you supply the script identification you can get additional information like description and solutions for a specific vulnerability.

Required keys
ACTIONSCRIPTDATA
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=289428&ACTION=SCRIPTDATA


Example response:

<RESPONSE>
   <SCRIPTLIST>
      <SCRIPT>
         <XID>289428</XID>
         <VCNAME>Sun JRE: TLS / DTLS Protocol CBC-mode Ciphersuite Timing Analysis Plaintext Recovery Cryptanalysis Attack</VCNAME>
         <VCFAM>sun</VCFAM>
         <IRISK>2</IRISK>
         <VCCVE>CVE-2013-0169</VCCVE>
         <VCBUG>No bugtraq</VCBUG>
         <ICVSS>26</ICVSS>
         <VCCVSSVECTOR>(AV:N/AC:H/Au:N/C:P/I:N/A:N)</VCCVSSVECTOR>
         <CDESC>The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJRE, PolarSSL, and other products, do not properly consider timing sidechannel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen"
issue.</CDESC>
         <CSOL>Upgrade to version 1.7.0_45 or later of Sun JRE.</CSOL>
         <CVSS_SCORE>2.6</CVSS_SCORE>
         <SOLUTIONTYPE>6</SOLUTIONTYPE>
         <SOLUTIONPRODUCT>Sun JRE</SOLUTIONPRODUCT>
         <SOLUTIONTITLE>Upgrade to version 1.7.0_45 or later of Sun JRE</SOLUTIONTITLE>
         <HASEXPLOITS>0</HASEXPLOITS>
         <FINDINGCOUNT>0</FINDINGCOUNT>
      </SCRIPT>
   </SCRIPTLIST>
</RESPONSE>
Response keys
CDESCThe description for this vulnerability.
CSOLThe solution for this vulnerability.
CVSS_SCOREThe CVSS score for this vulnerability.
FINDINGCOUNTThe number of occurences of this vulnerability in your system.
HASEXPLOITSBoolean flag if the vulnerability has a known exploit.
ICVSSThe calculated CVSS number for this vulnerability. Divide it by 10 to get the correct number.
IRISK

The risk level that this vulnerability is graded to. See Appendix J.

SOLUTIONPRODUCTThe solution product.
SOLUTIONTITLE

Short title regarding the solution .

SOLUTIONTYPEThe solution type.
VCBUGThe Bugtraq ID for this vulnerability.
VCCVEThe CVE reference for this vulnerability.
VCCVSSVECTORThe CVE vector for this vulnerability.
VCFAMThe family that this vulnerability belongs to.
VCNAMEThe name of this vulnerability.
XIDThe unique identifier of the given object.


Web Application Scanner

The web application scanner is used to detect vulnerabilities on the web server such as cross site scripting and SQL injection.

If you have the full version you can also detect the following vulnerability types:

  • XSS Element
  • XSS Attribute
  • XSS Header
  • SQL Injection
  • Remote File Include
  • Local File Include
  • Code Injection
  • Command Injection
  • Format String
  • CRLF Injection
  • Cross Site Request Forgery

Scope

The web application scanning is defined as a scope which includes the information about which links to follow and which IP:s we are allowed to follow during the crawling phase.

In the scope you can also define white-list, black-list and IP range which are used by the host name (if it's load balanced). There are also possible to define different authentication procedures, required cookies, fixed parameter values, user agent and HTTP refer.

Update Scheduled Scope


In order to add a web application scope you need to supply the following information.

Required keys
ACTIONWASUPDATESCHEDULEDATA
MAXIMUMLINKSThe maximum number of links that the crawler will follow during the detect phase.
NAMEThe name of the Web Application Scanning schedule scope.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?NAME=RemoveMe&ACTION=WASUPDATESCHEDULEDATA&MAXIMUMLINKS=20


The above given request will generate a generic response.

More information about this response type is available in Appendix A.

List Scheduled Scopes

In order to alist the vulnerabilities you need to supply the following information.

Required keys
ACTIONWASSCHEDULEDATA


Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=WASSCHEDULEDATA


Example response:

<RESPONSE>
   <SCHEDULELIST>
      <SCHEDULE>
         <XID>1745084</XID>
         <XUSERXID>114</XUSERXID>
         <XSUBUSERXID>-1</XSUBUSERXID>
         <MAXSCANTIME>6</MAXSCANTIME>
         <NAME>TestSchedule</NAME>
         <SCANWINDOWS>2</SCANWINDOWS>
         <SCANWINDOWDELAY>1</SCANWINDOWDELAY>
         <LATESTSCANSTATUS>24</LATESTSCANSTATUS>
         <LATESTSCANDATE>2012-05-04 08:51</LATESTSCANDATE>
         <URILIST>http://www.outpost24.com/demo</URILIST>
         <URIBLACKLIST>www.outpost24.com/blacklisted</URIBLACKLIST>
         <URIWHITELIST>www.outpost24.com/</URIWHITELIST>
         <MAXIMUMLINKS>2000</MAXIMUMLINKS>
         <REQUESTDELAY>0</REQUESTDELAY>
         <TRANSFERTIMEOUT>20000</TRANSFERTIMEOUT>
         <EVENTTIMEOUT>0</EVENTTIMEOUT>
         <XSSREFLECTED>1</XSSREFLECTED>
         <XSSPERSISTENT>1</XSSPERSISTENT>
         <CONTENTANALYSIS>1</CONTENTANALYSIS>
         <SQLINJECTION>1</SQLINJECTION>
         <TIMESQLINJECTION>0</TIMESQLINJECTION>
         <REMOTEFILEINCLUDE>1</REMOTEFILEINCLUDE>
         <LOCALFILEINCLUDE>1</LOCALFILEINCLUDE>
         <CODEINJECTION>1</CODEINJECTION>
         <COMMANDINJECTION>1</COMMANDINJECTION>
         <FORMATSTRING>1</FORMATSTRING>
         <CRLFINJECTION>1</CRLFINJECTION>
         <UNVALIDATEDREDIRECT>1</UNVALIDATEDREDIRECT>
         <ENABLEAJAX>0</ENABLEAJAX>
         <SCANNERID>0</SCANNERID>
         <SCANNERNAME>Local</SCANNERNAME>
         <ISWAS>1</ISWAS>
         <DISCOVERYMODE>1</DISCOVERYMODE>
         <DAYWEEKMONTH>0</DAYWEEKMONTH>
         <FREQUENCY>10</FREQUENCY>
         <OWNER>Daniel Fredriksson</OWNER>
         <LATESTSCANDURATION>00:01:00</LATESTSCANDURATION>
         <AVERAGESCANDURATION>00:01:00</AVERAGESCANDURATION>
         <DELETED>0</DELETED>
      </SCHEDULE>
   </SCHEDULELIST>
</RESPONSE>
Response keys
AVERAGESCANDURATION

The average scan time.

CODEINJECTIONBoolean value if the test shall include code injection checks.
COMMANDINJECTIONBoolean value if the test shall include command injection checks.
CONTENTANALYSISBoolean value if the test shall include content analysis checks.
CRLFINJECTIONBoolean value if the test shall include CRLF injection checks.
DAYWEEKMONTH

Flag if specific day of week or month should be used (available on monthly scanning).

DELETEDBoolean value if this entry is marked as removed and should not be displayed.
DISCOVERYMODEBoolean value if the scan only shall include the crawler part and not send any spikes to the target host.
ENABLEAJAXBoolean value if the scan shall parse JavaScript and try to enumerate additional links.
EVENTTIMEOUTThe timeout in seconds before the web application scanner no longer waits for an event to be processed.
FORMATSTRINGBoolean value if the scan shall include format string injection checks.
FREQUENCYThe frequency of the scheduled time for this job.
ISWASBoolean flag which specifies that this schedule is a Web Application Scan instead of a normal one.
LATESTSCANDATEWhen this schedule was scanned the latest time.
LATESTSCANDURATIONThe duration of the latest scan.
LATESTSCANSTATUS

The latest scan status of this schedule.

LOCALFILEINCLUDEBoolean value if the test shall include local file include injection chacks.
MAXIMUMLINKSThe maximum number of links that the scanner will follow (please note that on these links it may detect more URI's than the maximum number specified).
MAXSCANTIMEThe maximum amount of time allowed to scan this schedule.
NAMEThe name of the Web Application Scan scope schedule/definition.
OWNER

The owner of the object.

REMOTEFILEINCLUDEBoolean value if the test shall include remote file include injection checks.
REQUESTDELAYThe delay in seconds between each request.
SCANNERIDThe scanner id which this target will be tested from.
SCANNERNAMEThe name of the scanner where this action takes place.
SCANWINDOWDELAYThe delay between scan windows (in days).
SCANWINDOWS

The number of allowed scan windows for this schedule.

SQLINJECTIONBoolean value if the test shall include SQL injection checks.
TIMESQLINJECTIONBoolean value if the test shall include timed SQL injection checks.
TRANSFERTIMEOUTThe transfer timeout before we continue to the next URI.
UNVALIDATEDREDIRECTBoolean value if the test shall include checks for unvalidated URL redirects.
URIBLACKLISTNew line separated list of URI or sections of an URI of locations which the scanning isn't allowed to scan.
URILISTNew line separated list of URI's that the scanner will cover.
URIWHITELISTNew line separated list of the ONLY URI's that the scanner is allowed to cover.
WASCERTIFICATECertificate to use when performing web application scans.
XIDThe unique identifier of the given object.
XSSPERSISTENTBoolean value if the test shall include persistant XSS injection checks.
XSSREFLECTEDBoolean value if the test shall include reflected XSS injection checks.
XSUBUSERXIDThe unique identifier of sub user which this object is connected to.
XUSERXIDThe unique user id.

Delete Scheduled Scope

In order to remove a scope you need to supply the unique identification number for that specific scope.

Required keys
ACTIONWASREMOVESCHEDULEDATA
XIDThe unique identifier of the given object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=174661&ACTION=WASREMOVESCHEDULEDATA

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

List Running Scans

It is possible to see the current status of the currently running scans. These can also be paused, resumed or stopped. When a scan is stopped, please allow some time for it to finish gracefully. The scanner will try to terminate it as quickly as possible.

List Running Scans

In order to see a list of currently running scans you shall supply the following information.

Required keys
ACTIONSCANSTATUSDATA
VCSERVICEShould be set to W in order to only see Web Applications scan status.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?VCSERVICE=W&ACTION=SCANSTATUSDATA


Example response:

<RESPONSE>
   <STATUSLIST>
      <STATUS>
         <XID>2122465</XID>
         <XUSERXID>1000</XUSERXID>
         <XSUBUSERXID>1000</XSUBUSERXID>
         <XSOXID>1003</XSOXID>
         <SCANNERID>-1</SCANNERID>
         <SCANNERNAME>Local</SCANNERNAME>
         <REMOTEXID>6961</REMOTEXID>
         <COMPANY>Outpost24</COMPANY>
         <VCSERVICE>O</VCSERVICE>
         <VCPERCENT>10/15</VCPERCENT>
         <IPERCENTV>66</IPERCENTV>
         <ITHREADID>2122465</ITHREADID>
         <VCSTATUS>running</VCSTATUS>
         <VCSTATE>CAT_SCAN</VCSTATE>
         <BPAUSE>0</BPAUSE>
         <BSTOP>0</BSTOP>
         <VCJOBNAME>Test API</VCJOBNAME>
         <VCGNAME>lpattack15</VCGNAME>
         <IATTACKERID>15</IATTACKERID>
         <VCTARGET>91.216.32.140</VCTARGET>
         <XIPXID>1140</XIPXID>
         <ICOUNT>1</ICOUNT>
         <IVERIFY>0</IVERIFY>
         <DSCANSTARTED>2012-11-16 10:45</DSCANSTARTED>
         <DSCANSTART>2012-11-16 10:45</DSCANSTART>
         <DSCANEND>2012-11-16 22:45</DSCANEND>
         <XTEMPLATE>-2</XTEMPLATE>
         <XSCANJOBXID>7147</XSCANJOBXID>
         <TXSETTINGS/>
         <PROBEID>11fbf171</PROBEID>
         <SCANWINDOWS>1</SCANWINDOWS>
         <SCANWINDOWDELAY>1</SCANWINDOWDELAY>
         <RESUMING>0</RESUMING>
         <SCANSENT>0</SCANSENT>
         <TARGETTYPE>0</TARGETTYPE>
         <ISSTOPPED>0</ISSTOPPED>
         <ISPAUSED>0</ISPAUSED>
         <DBSCHEMA/>
         <SCANLESSREPORTXID>-1</SCANLESSREPORTXID>
         <SMARTFILTERING>1</SMARTFILTERING>
         <HOSTNAME>www.outpost24.com</HOSTNAME>
         <LOOKUP>0</LOOKUP>
         <SCANSCHEMA>scan</SCANSCHEMA>
         <WAKEONLAN/>
         <WAKEONLANDELAY>0</WAKEONLANDELAY>
      </STATUS>
   </STATUSLIST>
</RESPONSE>
Response keys
BPAUSEBoolean flag if the scan is marked as paused.
BSTOPBoolean flag if the scan is marked as stopped.
COMPANYThe name of the comapny for this account.
DBSCHEMAInternal use only.
DSCANENDDate and time information when the scan will terminate if not already finished.
DSCANSTARTDate and time information when the scan shall start.
DSCANSTARTEDDate and time information when the scan started.
HOSTNAMEThe FQDN of the host.
IATTACKERIDThe internal attacker id which this scan is running from .
ICOUNTThe number of targets within this scan scope.
IPERCENTVThe percentage value of the progress of the scan.
ISPAUSEDBoolean flag if the scan is paused.
ISSTOPPEDBoolean flag if the scan is stopped.
ITHREADIDThe thread identification number within the system. Used for performing actions upon specific scans.
IVERIFYBoolean flag if the running scan is a verification scan.
LOOKUPBoolean flag if any discovered targets will perform a lookup upon adding them to the system.
PDETECTTEMPLATEThe scan policy which will be used on scan started by a discovery/scan type of scan.
PROBEIDThe unique probe identification number (Please note that this field may not be present).
REASON

The comment that will be used when adding targets to the system if the are detected (Please note that this field may not be present).

REMOTEXIDInternal use.
RESUMINGBoolean flag if this scan is resumed from a previosly paused scan.
SCANLESSREPORTXIDThe unique identifier of the report which is updated using the SLS feature.
SCANNERIDThe scanner id which this target will be tested from.
SCANNERNAMEThe name of the scanner where this action takes place.
SCANSCHEMAInternal use.
SCANSENTBoolean flag if the scan has been sent to the designated scanner.
SCANWINDOWDELAYThe delay between scan windows (in days).
SCANWINDOWSThe number of allowed scan windows for this schedule.
SMARTFILTERINGBoolean flag if the results will utilize smart filtering.
TARGETTYPEThe available types of targets:
0 : IP
1 : Host name
2 : NetBIOS name.
TEMPLATEThe scan policy utilized by this object (Please note that this field may not be present).
TXREPORTDeprecated (Please note that this field may not be present).
TXSETTINGSText settings for this scan.
VCGNAMEInternal use.
VCJOBNAMEThe name of the schedule job.
VCPERCENTText representation of the percentage value.
VCSERVICEShould be set to W in order to only see Web Applications scan status.
VCSTATECurrent state of the scan.
VCSTATUSCurrent status of the scan.
VCTARGETText representation of the target.
WAKEONLANBoolean flag if targets should woken up by the WOL feature.
WAKEONLANDELAYThe delay before targets will be scanned since the WOL request is sent.
XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.
XSCANJOBXIDThe unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range).
XSOXIDThe unique identifier of the schedule object which contain the schedule preferences.
XSUBUSERXIDThe unique identifier of sub user which this object is connected to.
XTEMPLATE

The unique identifier of the scan policy utilized by this object.

XUSERXIDThe unique user id.


Start a Scan

In order to start a scan you need to supply the unique identification number for a specific schedule. This can be retrieved from the schedule list ( See section : List Schedule ).

Required keys
ACTIONSTARTSCAN
ONLYSCANNOWShould be set to 1
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ONLYSCANNOW=1&ACTION=STARTSCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Pause a Scan

In order to pause a currently running scan you need to supply the unique identification number for that specific scan This can be retrived from the scan list ( See section : List Running Scans ).

Required keys
ACTIONPAUSESCAN
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=PAUSESCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Resume Scan

In order to resume a currently paused scan you need to supply the unique identification number for that specific scan This can be retrived from the scan list ( See section : List Running Scans ).

Required keys
ACTIONRESUMESCAN
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=RESUMESCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.


Stop Scan

In order to stop a currently running scan you need to supply the unique identification number for that specific scan This can be retrived from the scan list ( See section : List Running Scans ).

Required keys
ACTIONSTOPSCAN
XIDThe unique identifier of the given object.


Example request:

https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=STOPSCAN

The above given request will generate a generic response.

More information about this response type is available in Appendix A.

Report Findings

Here you can see the result of a web application scan and also export the results to different formats. .


Retrieve Report Entries

In order to retrieve scanning results you need to supply the the following information.

Required keys
ACTIONREPORTTARGETDATA
GROUPSComma separated list of unique group identifiers to be included in the report.
TARGETSComma separated list of unique target identifiers to be included in the report.


Optional Keys

If based on a schedule object you should provide it's unique identification number in the following parameter.

Optional keys
SCANLOGXIDThe unique scan log entry id for the schedule job which you would like to retrive reports for.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?GROUPS=,-1,&ACTION=REPORTTARGETDATA&TARGETS=-1

Example response:

<RESPONSE>
   <REPORTLIST>
      <REPORT>
         <XTEMPLATE>2</XTEMPLATE>
         <GLOBALTEMPLATE>1</GLOBALTEMPLATE>
         <VERIFIED>0</VERIFIED>
         <SCHEDULEJOB>Application server</SCHEDULEJOB>
         <CVSSSCORE>0.0</CVSSSCORE>
         <PCICVSSSCORE>0.0</PCICVSSSCORE>
         <DFIRSTSEEN>2009-11-05 12:00</DFIRSTSEEN>
         <DLASTSEEN>2009-11-05 12:00</DLASTSEEN>
         <DATE>2009-11-05 12:00</DATE>
         <XIPXID>87386</XIPXID>
         <VCTARGET>192.168.200.33</VCTARGET>
         <HOSTNAME>www.example.com</HOSTNAME>
         <IPORT>445</IPORT>
         <IPROTOCOL>6</IPROTOCOL>
         <XID>5800689</XID>
         <VCNAME>Port scanner</VCNAME>
         <VCVULNID>101010</VCVULNID>
         <BFALSEPOS>0</BFALSEPOS>
         <BNEW>1</BNEW>
         <BPCI>0</BPCI>
         <TYPE>Port</TYPE>
         <SERVICENAME>netbios-ssn</SERVICENAME>
         <IRISK>0</IRISK>
         <ORIGINALRISKLEVEL>-1</ORIGINALRISKLEVEL>
         <SCANNERNAME>Local</SCANNERNAME>
         <POTENTIALFALSE>0</POTENTIALFALSE>
         <CUSTOM0>SE</CUSTOM0>
         <CUSTOM1>1</CUSTOM1>
         <CUSTOM2>dalskdjlasjd</CUSTOM2>
         <CUSTOM3/>
         <CUSTOM4>London</CUSTOM4>
         <ACCEPTEDLENGTH>0</ACCEPTEDLENGTH>
         <ACCEPTED>0</ACCEPTED>
         <VCVHOST/>
         <TARGETTYPE>0</TARGETTYPE>
         <PLATFORM>ND</PLATFORM>
         <ASSIGNEE>Unassigned</ASSIGNEE>
         <ISADDED>0</ISADDED>
         <FINDINGDATE>2009-11-05 12:00</FINDINGDATE>
         <HASFPCOMMENT>0</HASFPCOMMENT>
         <AGE>1565.0</AGE>
         <HASEXPLOITS>0</HASEXPLOITS>
         <LIMITED>1</LIMITED>
      </REPORT>
   </REPORTLIST>
</RESPONSE>
Response keys
ACCEPTCOMMENT

The comment given when this vulnerability was accepted (Please note that this field may not be present).

ACCEPTEDBoolean value if the vulnerability has been accepted.
ACCEPTEDLENGTHThe number of days the vulnerability has been accepted.
AGEThe number of days since the first occurrence of this specific finding.
ASSIGNEEThe user who has a ticket assigned to him/her for this entry.
BFALSEPOSBoolean value if this vulnerability is marked as a false positive or not.
BNEW

Boolean value if this finding wasn't reported on the previous report for this target.

BPCIBoolean value if this report is a PCI report.
CUSTOM0Custom attributed defined on either an user or a target.
CUSTOM1Custom attributed defined on either an user or a target.
CUSTOM2Custom attributed defined on either an user or a target.
CUSTOM3Custom attributed defined on either an user or a target.
CUSTOM4Custom attributed defined on either an user or a target.
CVSSSCOREThe CVSS score for this vulnerability.
DATEThe date and time when this scan was performed.
DFIRSTSEENThe date and time when this finding was first detected on this host.
DLASTSEENThe date and time when this finding was last seen on this host.
FINDINGDATEThe date and time when this finding was updated.
GLOBALTEMPLATE

The global template that was used if any.

HASEXPLOITSBoolean flag if the vulnerability has a known exploit.
HASFPCOMMENTBoolean flag if the target has false positive comments.
HOSTNAMEThe FQDN of the host.
IPORTThe port where this vulnerability was detected upon.
IPROTOCOLThe protocol used when detecting this vulnerability.
IRISKThe risk level that this vulnerability is graded to. See appendix G.
ISADDED

Boolean value if this vulnerability has been added after the initial scan.

LIMITEDThe presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request.
ORIGINALRISKLEVELThe original risk level for this vulnerability.
PCICVSSSCOREThe PCI CVSS score for this vulnerability ( Doesn't reflect DOS ).
PLATFORMThe detected platform for this vulnerability.
POTENTIALFALSEBoolean value if this vulnerability are a potential false positive.
SCANNERNAMEThe name of the scanner where this action takes place.
SCHEDULEJOBThe name of the schedule job which is associated with this entry.
SERVICENAME

The name of the service listening on this port and protocol.

TARGETTYPEThe available types of targets:
0 : IP
1 : Host name
2 : NetBIOS name.
TYPEThe entry report type.
VCNAMEThe Bugtraq ID for this vulnerability.
VCTARGETText representation of the target.
VCVHOSTThe virtual host name where this vulnerability was detected.
VCVULNIDThe unique script identification number given to this vulnerability.
VERIFIEDBoolean value if this finding has been verified or not.
XIDThe unique identifier of the given object.
XIPXID

The unique identifier of the target object.

XTEMPLATEThe unique identifier of the scan policy utilized by this object.

Scan History

The scan history functions are the same as when you are viewing normal OUTSCAN or HIAB history. Please see earlier reference under Manage Schedule.

In order to see what has been executed in the past on your account you can retrieve a scan log which will contain the history of your scannings.

Required keys
ACTIONSCANLOG
WASShould be set to 1 in order to only see Web Application Scan log history

Optional Keys

The following parameters can be supplied in case of you would like to exclude specific entries from being retrieved.

Required keys
EXCLUDEEMPTYBoolean value if empty scan logs should be included in the results.
ITYPEThe type of this entry, see Appendix C.
TEMPLATEThe scan policy utilized by this object.

Example request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCANLOG&WAS=1

Example response:

<RESPONSE>
   <SCANLOGLIST>
      <SCANLOG>
         <XID>1821159</XID>
         <VCHOST>1744737</VCHOST>
         <XIPXID>-1</XIPXID>
         <DSCANSTARTDATE>2011-01-26 14:16</DSCANSTARTDATE>
         <DSCANENDDATE>2011-01-26 14:47</DSCANENDDATE>
         <ITYPE>20</ITYPE>
         <XTEMPLATE>-10</XTEMPLATE>
         <SCANNERID>0</SCANNERID>
         <XSOXID>1744737</XSOXID>
         <SCHEDULEJOB>Was</SCHEDULEJOB>
         <DISCOVERYTEMPLATE/>
         <TARGET>Was</TARGET>
         <XSCANJOBXID>1821159</XSCANJOBXID>
         <SCANNERNAME>Local</SCANNERNAME>
         <CONFIRMED>0</CONFIRMED>
         <COMPLIANT>0</COMPLIANT>
         <FROMHIAB>0</FROMHIAB>
         <SCANTIME>00:31:00</SCANTIME>
         <SUBMITTED>0</SUBMITTED>
         <LAST>0</LAST>
         <CANUPDATE>0</CANUPDATE>
         <SCANLESS>0</SCANLESS>
         <LATESTSCANUPDATE>2011-01-26 14:16</LATESTSCANUPDATE>
         <HASWASSTATS>0</HASWASSTATS>
      </SCANLOG>
   </SCANLOGLIST>
</RESPONSE>
Response keys
CANUPDATE

Boolean flag if this entry can be updated using the SLS feature.

COMPLIANTBoolean flag which shows if the target where compliant according to the PCI guidelines in case the scan refers to such a target.
CONFIRMEDBoolean flag if this target is confirmed within the PCI section.
DISCOVERYTEMPLATEName of the discovery job if it's a discovery
DSCANENDDATEThe date and time when the scan ended.
DSCANSTARTDATE

The date and time when the scan started.

FROMHIABBoolean flag which is set to 1 if the scan originated from a HIAB (only viable on OUTSCAN).
HASWASSTATSBoolean flag if the target has web application scanning statistics.
IIDInternal use only.
ITYPEThe type of this entry, see Appendix C.
LASTBoolean value if this is the latest entry for this target.
LATESTSCANUPDATEDate and time when this scan where last updated using the SLS technology.
LIMITEDThe presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request.
SCANLESSBoolean value if this is an SLS update of the report.
SCANNERIDThe scanner id which this target will be tested from.
SCANNERNAME

The name of the scanner where this action takes place.

SCANTIMEThe total amount of time the scan took.
SCHEDULEJOBThe name of the schedule job which is associated with this entry.
SUBMITTEDBoolean flag if this target is a PCI target and that the report hasn't been submitted yet in this quarter.
TARGETThe target that this entry is about.
TEMPLATEThe scan policy utilized by this object (Please note that this field may not be present).
VCHOSTThe IP or host name of the target which where tested.
XIDThe unique identifier of the given object.
XIPXIDThe unique identifier of the target object.
XSCANJOBXIDThe unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range).
XSOXIDThe unique identifier of the schedule object which contain the schedule preferences.
XTEMPLATEThe unique identifier of the scan policy utilized by this object.






Appendix

In the following appendix we will provide information about additional features that are available through the use of the API. We will also provide look up thables of the meaning of the different field which are ised within the systemon different reqeusts.

Appendix A - Generic Request Response

When you are performing requests you will be presented with a generic status message when you are updating or removing an object. This looks like the following:

<RESPONSE>
   <SUCCESS>true</SUCCESS>
   <MESSAGE/>
</RESPONSE>

The above response will also contain a reference to a DTD. The supplied DTD is NOT valid for the response and should be disregarded when parsing the response. Please set the code to avoid DTD validation.

Note

All responses from the XML API are wrapped in a RESPONSE tag



Appendix B - Schedule Frequency Table

The frequency table is used when you define different scheduled task like for instance scheduled report, scans, or back up tasks. 

Schedule  codeFrequency
1Weekly
2Monthly
3Quarterly
4Fortnightly
5Daily
6Bimonthly
10Once


Appendix C - Scan Status Table

The scan status which is represented by a number is mapped to a type and action. Below you can see what the different codes stands for.

Scan status codeDescription
-1Not scanned
0Completed (Scheduled)
1Completed (Forced)
2Timeout
3Stopped
4Stopped (By user)
5Large report
6Stopped (Large report)
7Failed
8Scan window paused
9Scan window resume


11Discovery - Scan running
12Discovery - Done
13Discovery -Time out
14Discovery -Stopped


18Schedule job not started
19Schedule job currently running
20Schedule job done
22Schedule job failed


30HIAB update
31HIAB script update
32HIAB backup
33HIAB import
34HIAB synchronize



Appendix D - Error Codes

If a request fails or if you have not performed a correct request any of the following errors may be given in response.

Error #MessageExtended explanation
100You are not logged in.The action you have requested require that you are logged into the system.
101Access is denied.You don't have access to perform the requested function.
102Incorrect login.You have supplied the wrong credentials.
103No records where removed.You tried to remove something from the system but no records where removed during the request.
104All required fields are not present.All fields which are required in order to perform the request has not been supplied correctly.
105The account you are trying to update does not exist.The account you tried to update does not exist.
106No targets found to be updated.The target you tried to update does not exist.
107The country code is invalid.The supplied country code is not valid.
108The mobile number is invalid.The format of the mobile number is incorrect.
109Username must be greater then four characters.The minimum length of the user name id four characters.
110The username is taken by another user.The selected user name is not available.
111Password must be greater then five characters.Password must contain at least six characters.
112Too many login attempts. The account is locked.You have given the wrong password credentials to many times and the account has been locked. In order to gain access again you need to perform a Forgot login.
113Old password is incorrect.When you tried to change passwords you supplied the wrong old password.
114<Not used>
115To many entries defined. The maximum is:You are trying to add more than allowed. The error message will state how many entries that are allowed.
116Unsupported value in field.The mentioned field contains unsupported values.
117No test was sent. Failed to find receiver.This occurs if the user tries to send a test message and we are unable to determine the receiver.
118Vaildation of input failed.Something in the request isn't vaild.
119<Not used>
120Invalid email address.The email address isn't valid.
121Parameter to low:The mentioned parameter is to low.
122Parameter to high:The mentioned parameter is to high.
123Importing data. Please try again later.An import is being done, system will be disabled during that period.
124Logged out due to inactivity.The account has been logged out due to inactivity.
500Internal server error.When handling the request somethin unexpected occured which terminated the request.
998Database not in UTF-8. Localization disabled. Contact support.The database is missing a significant patch, please contact support for further assistance.
999Server is not registered.The HIAB appliance is not registered to an account on Outpost24, please contact support for further instructions.


Appendix E - Country Codes


A complete and up to date list of supported country codes by the system can be retrieved from the system by performing the following request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=COUNTRYDATA

Example response:

<COUNTRYLIST>
   <COUNTRY rowid="1">
      <XID>af</XID>
      <VCNAME>Afghanistan</VCNAME>
      <VCAREACODE>93</VCAREACODE>
      <TIMEZONE>Asia/Kabul</TIMEZONE>
   </COUNTRY>
</COUNTRYLIST>


Appendix F - State Codes


A complete and up to date list of supported state codes by the system can be retrieved from the system by performing the following request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=STATEDATA

Example response:

<STATELIST>
   <STATE rowid="1">
      <XID>AL</XID>
      <VCNAME>ALABAMA</VCNAME>
      <TIMEZONE>US/Central</TIMEZONE>
   </STATE>
</STATELIST>


Appendix G - Scanning Policies

A complete and up to date list of supported scanning policies by the system can be retrieved from the system by performing the following request:

https://outscan.outpost24.com/opi/XMLAPI?ACTION=TEMPLATEDATA


Example response :

<TEMPLATELIST>
   <TEMPLATE rowid="1">
      <XID>39</XID>
      <NAME>test</NAME>
      <GLOBAL>0</GLOBAL>
      <ENABLEDFAMILYLIST></ENABLEDFAMILYLIST>
      <DISABLEDFAMILYLIST></DISABLEDFAMILYLIST>
      <ENABLEDSCRIPTLIST></ENABLEDSCRIPTLIST>
      <DISABLEDSCRIPTLIST></DISABLEDSCRIPTLIST>
      <PARTIALLYDISABLEDFAMILYLIST></PARTIALLYDISABLEDFAMILYLIST>
      <UIHINTENABLEDSCRIPTLIST></UIHINTENABLEDSCRIPTLIST>
   </TEMPLATE>
</TEMPLATELIST>


Appendix H - Audit Applications

The audit application will use the following string representations of different parts in the system.

ValueDescription
tHiabHIAB changes
tMonitorHostSMonitor log
tOutscanFileSUploaded files
tPdetectSDiscovery scans
tReportSReport generation
tReportTextSReport text modifications
tReport_DisputeSPCI Disputes
tSavedscanprefSScan policies
tScannerSDistributed scan changes
tScheduleObjectSSchedules
tSubUserSSub account
tUserGroupSGroups
tUserDataSTargets
tWorkflowSTickets



Appendix I - Report Types

When exporting reports you need to specify which type of report you would like to receive.

TypeDescription
0Summary
2Executed scripts
3Detailed
4Trend summary
5Trend detailed
7Group summary
8Delta report
9Solution report
10PCI summary
11PCI detailed



Appendix J - Risk Table

In the reporting section the risk value is mapped to the following risk level.

RiskDescription
0Information
1Low risk
2Medium risk
4High risk


Appendix K - Additional Features

In all requests which will produce some sort of list you can supply additional parameters in order to filter out and sort the results in different manners.

Limit

If no limit is defined it will use a default limit which is set by the system ( often 50 ) but it depends on which request you are doing. If you would like to disable the limit you should set it to -1.

Example :

https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&limit=20

Sort

You can define a field that you would like to sort upon from the response. You can also select which direction with the use of the dir parameter.

Example :

https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&sort=NAME&dir=ASC


GroupBy

You can also group the findings based on a field from the results with the use of the groupBy parameter.

Example :

https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&groupBy=NAME


Filter

You can create multiple filters if that is required but you need to number then with the start from 0.

First you need to define which field this is about and you do that with the use of the following parameter : filter[counter][field].

Then you need to define which comparison you would like it to perform in the filter, the supported ones are eq, lt, gt, and not. The parameter is called filter[counter][comparison].

Once that is done you need to give it a comparison value which is done with the parameter : filter[counter][value].

Now at last you need to define which type this value is in order to perform the correct comparison and this is done with the parameter : filter[counter][data][type]and the supported types are : date, boolean, list, numeric and string.

Example :

https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&filter[0][data][type]=date&filter[0][field]=NAME&filter[0][comparison]=eq&filter[0][value]=Test



Appendix N - Event Type

Whan defining events you need to supply which event you would like to set up. This is a list of the available event types currently present.

TypeDescription
0Finding - Information
1Finding - Low risk
2Finding - Medium risk
4Finding - High risk
5Scan results ready
6Large report detected
7Scan started
8Scan timeout
9Scan stopped
10Scan failed
11Network monitor - Open port
12Network monitor - Closed port
13Network monitor - Answer on ping
14Network monitor - No answer on ping
15HIAB update
16HIAB boot
18HIAB backup
19System restarted
20Discovery - Notification
21Discovery - Alive host
22Discovery - Dead host
23Discovery - Host added to system
24Target added to system
25Target removed from system
26Scan notification
30User login notification
31Scanner missing
32Maintenance plan completed
33Update failed
34Verify done
35Scan - Not reachable
36Scan - Updated
37Backup failed
38Release notes
39Scan: Could not start SLS
40Scan: Schedule started