Notifications Settings
Purpose
This document provides users with an overview of how to setup and use the Event Notifications module in OUTSCAN and HIAB. This document has been elaborated under the assumption that the reader has access to the OUTSCAN /HIAB account and Portal Interface.
Introduction
This document provide a step-by-step configuration setup guide for configuring the OUTSCAN/HIAB solution according to best practice. It consider the size of the organizations and provide information about why different options are taken over other in order to provide justification why the different paths where chosen.
Event Notification
To monitor and maintain the solution, specific events should be defined to keep track of the ongoing progress of the vulnerability management program. This includes knowing when the scanner is updated, when alterations are made, and when scanning occurs unsuccessfully.
Columns
| Object | Description |
|---|---|
| Created | When was it created. |
Created by | Who created the notification setting. |
| ID | Notification setting identifier. |
| Integration ID | Identifier of the connected Integration. See Integrations. |
| Integration type |
|
| Name | The name of the notification. |
| Tags | See Tagsdocument. |
| Trigger | See Trigger. |
| Updated | When was it updated. |
| Updated by | Who updated it. |
| View template ID | Identifier to a saved View template. See View templates. |
Configuring the Event Notification
When configuring the Event Notification, several Triggers, Integrations, View templates, and Variables can be selected.
Trigger
Triggers are automated sets of instructions designed to respond to specific events, executing predefined actions seamlessly. They serve as essential components for real-time monitoring and response. They enable proactive notifications and automated actions based on critical events, enhancing the overall security posture. These dynamic components are integral for user engagement and control, ensuring timely updates and informed decision-making.
Triggers act as proactive agents, eliminating the need for manual intervention in routine tasks and contributing to a smoother user experience. Whether signaling the completion of scans, availability of remaining resources, or crucial alerts, triggers offer real-time insights.
For example:
- Asset created, Modified, or Deleted related triggers ensure immediate awareness of changes in the infrastructure, warning against potential vulnerabilities introduced by alterations in the network.
- Configuration triggers, such as Created or Modified, allow for instant response to changes in system configurations, reducing the window of exposure to security risks.
- Finding triggers, covering events like Created, Modified, or Deleted, alerts about new vulnerabilities or changes in existing ones.
These triggers play a important role in risk management by ensuring that security teams are promptly informed of any alterations in the threat landscape. - Additionally, triggers associated with User events, such as Created, Modified, or Deleted, contribute to user access control and identity management. They help detect any suspicious user activity, unauthorized modifications, or login attempts, thereby fortifying the platform against potential breaches.
The benefit of having these triggers in place lies in their ability to provide real-time insights into the cybersecurity landscape. By automating responses to specific events, security teams can identify and mitigate potential threats, reducing the risk of exploitation. The triggers act as proactive sentinels, bolstering the platform's resilience and responsiveness in the face of evolving cybersecurity challenges.
For detailed compilation of all available triggers, see Appendix A.
Integration
Integrations refer to the seamless incorporation of different software systems, tools, or services to work cohesively within a unified environment. Integrations act as bridges that enable the cybersecurity platform to communicate and share information with external applications or services. They play an important role in streamlining communication, enhancing data visibility, and automating workflows.
Email: Allows the cybersecurity platform to send automated notifications and alerts via email. It serves as a vital communication channel, ensuring that relevant stakeholders are promptly informed about security events or changes in the system. Email integration is valuable for immediate awareness and facilitates a timely response to critical incidents.
Notification: In-app notifications provide real-time alerts directly within the cybersecurity platform. This integration ensures that users are instantly informed about important events, fostering a more responsive and user-friendly experience. It's particularly beneficial for users who prefer to receive notifications within the platform itself and it's configurable on a per-user basis.
SNMP: Simple Network Management Protocol (SNMP) integration enables the platform to communicate with network devices and management systems. This integration is crucial for monitoring and managing network components, allowing the cybersecurity platform to gather information about the network's health and status for comprehensive threat analysis.
Syslog: Syslog integration involves sending event logs and messages to a centralized syslog server. This centralized logging system enhances visibility into system activities and facilitates analysis. It's valuable for auditing, compliance, and forensic purposes, ensuring that a detailed record of security events is maintained.
Webhook: Webhooks allow the platform to send real-time data to external systems or web services. This integration is versatile, enabling the platform to trigger actions in external applications based on specific events. Webhooks enhance automation capabilities and support the integration of the cybersecurity platform with a wide range of third-party tools and services.
For more detailed information, see Appendix B.
View Templates
View templates enables users to preserve and replicate personalized configurations for efficient data analysis. When setting up views by selecting specific filters to tailor the perspective on findings data, these configurations can be saved as View Templates. Essentially, View Templates saves a user's preferred arrangement of data by storing customizable elements such as column order, sorting criteria, column width, and applied filters for each column.
View Templates lets users streamline their workflow and switch between different perspectives without the need to manually reapply individual parameters. This ensures consistency in data analysis across different sessions in an efficient way.
Users can define and refine their preferred data presentation, aligning the system with their specific analytical needs.
These templates is a time-saving tool when users frequently revisit specific analyses. Whether it is organizing notification settings based on type, date, or other criteria, View Templates provide a mechanism to capture and replicate these configurations.
For more details how to use this feature, see View Templates.
Available Variables
Variables in integrations serve as dynamic placeholders for data within templates, akin to other templating engines. Their key benefit lies in the automation of workflows, enabling the seamless insertion of real-time data into messages or configurations. This adaptability ensures that communicated information remains relevant amid changing contexts and environments. Variables enhance customization, allowing users to tailor integration outputs according to their specific preferences. By automating data entry, variables reduce manual effort and mitigate the risk of errors, fostering increased efficiency. For all available variables, see Appendix C. Keep in mind that the available variables depend on the selected event trigger.
Add Notifications Settings
- Go to Configuration > Notification Settings.
- Click the green
icon in the lower right corner to add a new event notification. - Select a name for the setting.
- Select a trigger for the event. See Appendix A.
- Select an integration for the event. See Appendix B.
- Select a View Template. See View Templates.
Select users to receive the notifications.
Users field is only active if E-mail is selected as integration in step 5. If Notification is selected as the setting only apply on current user/sub-user.
- Add a subject. You can add predefined variables from Available Variables drop down. See Appendix C.
Add the content to the notification. You can add predefined variables from Available Variables drop down. See Appendix C.
If the Integration is set to E-mail, then the content can be toggled between Text or HTML format.
- Click the blue ADD button to save the Notification Setting.
Edit Notifications Settings
- Go to Configuration > Notification Settings.
- Select the notification setting you want to edit.
- Edit the content of the Notification Setting.
- Click the blue Save button to save.
Remove Notifications Settings
- Go to Configuration > Notification Settings.
- Right click the Notification Setting you want to remove.
- In the pop-up menu, click Delete.
or
- Select the Notification Setting you want to remove by checking the check box.
- In the toolbar at the bottom, click the bin icon to Delete.
Notification Examples
Following example is for high-risk findings:
This specific example is for a customer who only has SWAT.
HIgh Risk Finding
{{ finding.cvssV3Severity }} risk found - {{finding.assetName}}
<div>
<p>
Dear {{ user.firstName }} on behalf of Outpost24,
</p>
<p>
The following {{ finding.cvssV3Severity }} risk vulnerabilities were found for {{finding.assetName}} as part of the ongoing penetration testing {{finding.activeSubscriptionTypes[0]}} service:
</p>
</div>
<div>
<p>
<b><a href="https://outscan.outpost24.com/portal/en/#/findings/{{finding.id}}/details'">{{ finding.name }}</a></b>
</p>
</div>
<div>
<p>
Best Regards,
</p>
<p>
Outpost24
</p>
</div>Tagging
For more information on tags see Tags document.
Add Tags
- Go to Configuration > Notification Settings.
- Right click the Notification Setting.
- In the pop-up menu select Edit tags.
- Search for a tag and select it from the given suggestions.
- If the tag does not exist click the Create New Tag button.
- Click the Submit button to add the tag.
Edit Tags
- Go to Configuration > Notification Settings.
- Right click the Notification Setting.
- In the pop-up menu select Edit Tags.
Remove Tags
- Go to Configuration > Notification Settings.
- Click on the X on the tag you want to remove.
Appendix A
| Trigger | Description |
|---|---|
Asset created | New asset added |
Asset deleted | Asset removed |
Asset modified | Asset details changed |
Asset not recently seen | Asset not detected recently |
| Compliance created | New compliance created |
| Compliance modified | Compliance status changed |
| Compliance risk exception | Risk associated with compliance marked as exception |
| Compliance risk exception expiration | Risk exception for compliance expired |
Configuration created | New configuration added |
Configuration deleted | Configuration removed |
Configuration done | Configuration completed |
Configuration modified | Configuration details changed |
Configuration started | Configuration process initiated |
Consumption absolute | Absolute consumption limit reached |
Finding created | New security finding identified |
Finding modified | Security finding details changed |
Finding risk accepted | Risk associated with finding accepted |
Finding risk accept expiration | Risk acceptance for finding expired |
HIAB backup done | Backup for HIAB completed |
HIAB backup failed | Backup for HIAB failed |
HIAB disk usage high | High disk usage in HIAB |
HIAB maintenance plan done | Maintenance plan for HIAB completed |
HIAB rebooted | HIAB appliance rebooted |
HIAB remote support | Remote support for HIAB toggled |
HIAB scanner missing | Scanner for HIAB not detected |
HIAB update done | Update for HIAB completed |
HIAB update failed | Update for HIAB failed |
New release notes | New software release notes available |
Outscan consultancy | Consultancy initiated |
Resource group created | New resource group added |
Resource group deleted | Resource group removed |
Resource group modified | Resource group details changed |
Role created | New role added |
Role deleted | Role removed |
Role modified | Role details changed |
Scan done | Scan completed |
Scan started | Scan initiated |
Scan stopped | Scan stopped |
Schedule created | New schedule added |
Schedule deleted | Schedule removed |
Schedule modified | Schedule details changed |
Schedule scheduled | Schedule task initiated |
User created | New user added |
User deleted | User removed |
User login attempt | Attempted user login |
User modified | User details changed |
User password reset | User password reset |
Watched finding updated1 | Watched finding details updated |
Workflow created | New workflow added |
Workflow deleted | Workflow removed |
Workflow done | Workflow completed |
Workflow modified | Workflow details changed |
Workflow started | Workflow process initiated |
1) Watched finding updated
A Watched finding updated trigger setting per user with Notification as the default integration is automatically generated by the system.
A sub-user can always view and manage the content (excluding delete and tag) of their own default notification setting, even without the necessary permissions or resource groups.
However, this exception only applies to the default Watched finding event, meaning this is the only notification setting that the sub-user can view/edit if they are without proper permissions/resource groups.
As a whole, the Watched finding updated trigger setting, when created, is always bound to the user who created it, in other words, even the main user is unable to create a setting with trigger type Watched finding updated for a sub-user.
Appendix B
| Integration | Description |
|---|---|
| Notification | Direct notification integration within the cybersecurity platform ensures that users receive real-time alerts without having to navigate away from the platform. This is particularly advantageous during active monitoring or incident response scenarios. Security analysts can configure in-app notifications to highlight findings with specific risk levels or designate critical system events, streamlining their workflow. Additionally, the per-user configurability empowers team members to tailor their notification preferences based on their role or the urgency of the events, optimizing the platform for individual user needs. |
| Email integration proves instrumental in practical scenarios by delivering timely alerts to cybersecurity stakeholders. For instance, security administrators can receive instant notifications of critical system updates, unauthorized access attempts, or potential security breaches directly in their email inboxes. This immediate notification system allows them to swiftly assess and respond to incidents, minimizing the time between detection and action. Moreover, email integration supports customizable templates, enabling the inclusion of pertinent details such as affected assets, severity levels, and recommended actions, facilitating a more informed response. | |
| SNMP | Simple Network Management Protocol (SNMP) integration allows the cybersecurity platform to actively monitor network devices, servers, and other assets. For instance, it can promptly report the addition, modification, or deletion of assets within the network or report events related to new vulnerabilities. Additionally, SNMP integration allows the platform to capture crucial details about the health and status of the assets, providing real-time insights into potential security threats or changes in the network infrastructure. This functionality enables security teams to respond proactively to events that may impact the cybersecurity landscape, enhancing the overall threat detection and mitigation capabilities of the platform. |
| Syslog | Syslog integration provides tangible benefits for practical cybersecurity operations. For instance, the centralized syslog server serves as a comprehensive log repository, storing information on user logins, system changes, and security events. In the event of a security incident, security teams can conduct forensic investigations by analyzing syslog data to trace the origin and impact of the incident. Furthermore, syslog integration aids in compliance efforts by maintaining an audit trail, supporting organizations in meeting regulatory requirements and demonstrating due diligence in security practices. |
| Webhook | Webhooks are a mechanism for enabling real-time communication between web applications. They allow one application to send automated, event-driven information to another application in the form of HTTP requests. Webhooks are typically used to notify or trigger actions in response to specific events or updates. |
Appendix C
| Variable | Description |
|---|---|
{{ asset.activeSubscriptionTypes|join(', ') }} | The asset's active subscription types |
{{ asset.assetIdentifierIds|join(', ') }} | The asset identifiers (deprecated) |
{{ asset.assetIdentifiers|join(', ') }} | The asset links |
{{ asset.assetIdentifierTypes|join(', ') }} | The asset identifier types (deprecated) |
{{ asset.compliant }} | The asset compliance status |
{{ asset.created }} | The created date |
{{ asset.createdBy }} | The name of who created the object |
{{ asset.createdById }} | The userid of the person that created the object |
{{ asset.customerId }} | The customer id the object belongs to |
{{ asset.cvssV2EnvironmentalVector }} | The CVSS V2 environmental vector |
{{ asset.cvssV3EnvironmentalVector }} | The CVSS V3 environmental vector |
{{ asset.dockerImageOs }} | The docker image operating system name |
{{ asset.dockerImageProperties }} | The asset base properties |
{{ asset.firstScanId }} | The id of the first scan performed on the asset |
| {{ assetGroup.activeSubscriptionTypes|join(', ') }} | The assetgroup's active subscription types |
| {{ assetGroup.assetGroupIds|join(', ') }} | The children asset groups |
| {{ assetGroup.assetIds|join(', ') }} | The component assets |
| {{ assetGroup.created }} | The created date |
| {{ assetGroup.createdBy }} | The name of who created the object |
| {{ assetGroup.createdById }} | The userid of the person that created the object |
| {{ assetGroup.customerId }} | The customer id the object belongs to |
| {{ assetGroup.id }} | The id of the object |
| {{ assetGroup.name }} | The name of the asset group |
| {{ assetGroup.parentId }} | The parent asset group |
| {{ assetGroup.path|join(', ') }} | The path of the asset group tree |
| {{ assetGroup.source|join(', ') }} | The asset group's sources |
| {{ assetGroup.summary }} | The content of the executive summary |
| {{ assetGroup.summaryPublishedAt }} | When the executive summary was published |
| {{ assetGroup.tags|tojson }} | The tags |
| {{ assetGroup.updated }} | The updated date |
| {{ assetGroup.updatedBy }} | The name of who updated the object |
| {{ assetGroup.updatedById }} | The userid of the person that updated the object |
{{ asset.id }} | The asset id |
{{ asset.lastScanId }} | The id of last scan performed on the asset |
{{ asset.name }} | The asset name |
{{ asset.source|join(', ') }} | The asset sources |
{{ asset.tags|join(', ') }} | The tags |
{{ asset.tojson }} | The asset |
{{ asset.updated }} | The updated date |
{{ asset.updatedBy }} | The name of who updated the object |
{{ asset.updatedById }} | The userid of the person that updated the object |
{{ asset.uuid }} | The asset uuid |
| {{ comment.comment }} | The content of the comment |
| {{ comment.created }} | The created date |
| {{ comment.createdBy }} | The name of who created the object |
| {{ comment.createdById }} | The userid of the person that created the object |
| {{ comment.customerId }} | The customer id the object belongs to |
| {{ comment.deleted }} | When the comment was deleted |
| {{ comment.entityId }} | The ID of the object this comment is made for |
| {{ comment.entityType }} | The type of object this comment is made for |
| {{ comment.id }} | The id of the object |
| {{ comment.parentId }} | ID of the parent comment if this comment is a reply |
| {{ comment.supportStatus }} | Current support status of the comment |
| {{ comment.updated }} | The updated date |
| {{ comment.updatedBy }} | The name of who updated the object |
| {{ comment.updatedById }} | The userid of the person that updated the object |
{{ configuration.assetIdentifierIds|join(', ') }} | The asset links |
{{ configuration.assetIds|join(', ') }} | The asset IDs associated with this scan configuration |
{{ configuration.configuration|tojson }} | The scan configuration |
{{ configuration.created }} | The created date |
{{ configuration.createdBy }} | The name of who created the object |
{{ configuration.createdById }} | The userid of the person that created the object |
{{ configuration.customerId }} | The customer id the object belongs to |
{{ configuration.enabled }} | The scan status. Set to true when enabled |
{{ configuration.groupId }} | The scan group id |
{{ configuration.id }} | The id of the object |
{{ configuration.lastScan }} | Last time a scan was performed using this configuration |
{{ configuration.name }} | The scan name |
{{ configuration.nextOccurrence }} | The scan next occurrence date |
{{ configuration.scannerId }} | The scanner id |
{{ configuration.scheduleIds|join(', ') }} | The schedule ids associated with this scan configuration |
{{ configuration.tags|join(', ') }} | The tags |
{{ configuration.template }} | The scan template |
{{ configuration.tojson }} | The configuration |
{{ configuration.updated }} | The updated date |
{{ configuration.updatedBy }} | The name of who updated the object |
{{ configuration.updatedById }} | The userid of the person that updated the object |
{{ consumption.appliancePeriodEnd }} | The appliance consumption period start date |
{{ consumption.cloudDiscoveryApplianceScans }} | The cloud discovery appliance scans |
{{ consumption.cloudDiscoveryScans }} | The cloud discovery scans |
{{ consumption.cloudsecAssets }} | The cloudsec assets |
{{ consumption.cloudsecScans }} | The cloudsec scans |
{{ consumption.complianceApplianceAssets }} | The compliance appliance assets |
{{ consumption.complianceApplianceExternalAssets }} | The compliance appliance external assets |
{{ consumption.complianceApplianceExternalScans }} | The compliance appliance external scans |
{{ consumption.complianceApplianceScans }} | The compliance appliance scans |
{{ consumption.complianceAssets }} | The compliance assets |
{{ consumption.complianceInternalAssets }} | The compliance internal assets |
{{ consumption.complianceInternalScans }} | The compliance internal scans |
{{ consumption.complianceScans }} | The compliance scans |
{{ consumption.created }} | The created date |
{{ consumption.createdBy }} | The name of who created the object |
{{ consumption.createdById }} | The userid of the person that created the object |
{{ consumption.dockerImageApplianceAssets }} | The docker image appliance assets |
{{ consumption.dockerImageApplianceScans }} | The docker image appliance scans |
{{ consumption.dockerImageAssets }} | The docker image assets |
{{ consumption.dockerImageDiscoveryApplianceScans }} | The docker image discovery appliance scans |
{{ consumption.dockerImageDiscoveryScans }} | The docker image discovery scans |
{{ consumption.dockerImageScans }} | The docker image scans |
{{ consumption.id }} | The id of the object |
{{ consumption.netsecApplianceAssets }} | The netsec appliance assets |
{{ consumption.netsecApplianceExternalAssets }} | The netsec appliance external assets |
{{ consumption.netsecApplianceExternalScans }} | The netsec appliance external scans |
{{ consumption.netsecApplianceScans }} | The netsec appliance scans |
{{ consumption.netsecAssets }} | The netsec assets |
{{ consumption.netsecInternalAssets }} | The netsec internal assets |
{{ consumption.netsecInternalScans }} | The netsec internal scans |
{{ consumption.netsecScans }} | The netsec scans |
{{ consumption.networkApplianceAssets }} | The network appliance assets |
{{ consumption.networkApplianceScans }} | The network appliance scans |
{{ consumption.networkAssets }} | The network assets |
{{ consumption.networkDiscoveryApplianceScans }} | The network discovery appliance scans |
{{ consumption.networkDiscoveryScans }} | The network discovery scans |
{{ consumption.networkScans }} | The network scans |
{{ consumption.outscanNXApplianceAssets }} | The outscan NX appliance assets |
{{ consumption.outscanNXAssets }} | The outscan NX assets |
{{ consumption.pciAssets }} | The pci assets |
{{ consumption.pciScans }} | The pci scans |
{{ consumption.periodEnd }} | The consumption period end date |
{{ consumption.periodStart }} | The consumption period start date |
{{ consumption.scaleApplianceAssets }} | The scale appliance assets |
{{ consumption.scaleApplianceExternalAssets }} | The scale appliance external assets |
{{ consumption.scaleApplianceExternalScans }} | The scale appliance external scans |
{{ consumption.scaleApplianceScans }} | The scale appliance scans |
{{ consumption.scaleAssets }} | The scale assets |
{{ consumption.scaleInternalAssets }} | The scale internal assets |
{{ consumption.scaleScans }} | The scale scans |
{{ consumption.tojson }} | The consumption |
{{ consumption.updated }} | The updated date |
{{ consumption.updatedBy }} | The name of who updated the object |
{{ consumption.updatedById }} | The userid of the person that updated the object |
{{ data.releaseVersion }} | The release version |
{{ event.timestamp }} | The event date |
{{ event.trigger }} | The event trigger |
{{ finding.accepted }} | The date when risk marked as accepted |
{{ finding.acceptedComment }} | The accepted comment |
{{ finding.acceptedUntil }} | The date until risk marked as accepted |
{{ finding.activeSubscriptionTypes|join(', ') }} | The finding's active subscription types |
{{ finding.age }} | The finding's age in days since creation |
{{ finding.alternativeRecreation }} | The alternate recreation |
{{ finding.assetId }} | The asset id |
{{ finding.assetName }} | The asset name |
{{ finding.attachmentIds|join(', ') }} | The attachments ids |
{{ finding.bugTraq|join(', ') }} | The bug track |
{{ finding.capec|join(', ') }} | The CAPEC scores |
{{ finding.checkId }} | The check id associated with the finding |
{{ finding.classifications }} | The classifications such as CAPEC, OWASP20XX |
{{ finding.commentPendingSince }} | The date since comment is pending |
{{ finding.commentsCount }} | The number of comments |
{{ finding.created }} | The created date |
{{ finding.createdBy }} | The name of who created the object |
{{ finding.createdById }} | The userid of the person that created the object |
{{ finding.customBugTraq }} | The custom bug track |
{{ finding.customCve }} | The custom CVE |
{{ finding.customCvssV2Vector }} | The custom CVSS V2 vector |
{{ finding.customCvssV3Vector }} | The custom CVSS V3 vector |
{{ finding.customCwe }} | The custom CWE |
{{ finding.customDescription }} | The custom description |
{{ finding.customerId }} | The customer id the object belongs to |
{{ finding.customName }} | The custom name |
{{ finding.customSolution }} | The custom solution |
{{ finding.cve }} | The finding CVE |
{{ finding.cvssScore }} | The CVSS score, take CVSS V3 if available, otherwise CVSS V2 |
{{ finding.cvssV2BaseScore }} | The CVSS V2 base score |
{{ finding.cvssV2EnvironmentalScore }} | The CVSS V2 environmental score |
{{ finding.cvssV2Score }} | The CVSS V2 score |
{{ finding.cvssV2Severity }} | The CVSS V2 severity |
{{ finding.cvssV2TemporalScore }} | The CVSS V2 temporal score |
{{ finding.cvssV2Vector }} | The CVSS V2 vector |
{{ finding.cvssV3BaseScore }} | The CVSS V3 base score |
{{ finding.cvssV3EnvironmentalScore }} | The CVSS V3 environmental score |
{{ finding.cvssV3Score }} | The CVSS V3 score |
{{ finding.cvssV3Severity }} | The CVSS V3 severity |
{{ finding.cvssV3TemporalScore }} | The CVSS V3 temporal score |
{{ finding.cvssV3Vector }} | The CVSS V3 vector |
{{ finding.cwe }} | The finding CWE |
{{ finding.cyrating }} | The cyrating |
{{ finding.cyratingDelta }} | The cyrating delta |
{{ finding.cyratingLastSeen }} | The cyrating last seen date |
{{ finding.cyratingUpdated }} | The cyrating updated date |
{{ finding.description }} | The finding description |
{{ finding.exploitAvailable }} | Set to true when exploits are available |
{{ finding.exploitProbability }} | The exploit probability |
{{ finding.exploitProbabilityDelta }} | The exploit probability delta |
{{ finding.falsePositive }} | The date when marked as false positive |
{{ finding.falsePositiveComment }} | The false positive comment |
{{ finding.farsight }} | The farsight concists in additional information on risk such as likelihood, threat activity |
{{ finding.firstScanId }} | The id of the first scan |
{{ finding.firstSeen }} | The date when first seen |
{{ finding.fixed }} | The date when the risk was fixed |
{{ finding.id }} | The id of the object |
{{ finding.impact }} | The impact |
{{ finding.isAccepted }} | Set to true when the risk is accepted |
{{ finding.lastScanId }} | The id of the last scan |
{{ finding.lastSeen }} | The date when last seen |
{{ finding.matches|join(', ') }} | The match list |
{{ finding.matchIds|join(', ') }} | The match ids |
{{ finding.name }} | The finding name |
{{ finding.owasp2004|join(', ') }} | The OWASP 2004 scores |
{{ finding.owasp2007|join(', ') }} | The OWASP 2007 scores |
{{ finding.owasp2010|join(', ') }} | The OWASP 2010 scores |
{{ finding.owasp2013|join(', ') }} | The OWASP 2013 scores |
{{ finding.owasp2017|join(', ') }} | The OWASP 2017 scores |
{{ finding.owasp2021|join(', ') }} | The OWASP 2021 scores |
{{ finding.potential }} | The finding potential. Set to true when potential false positive |
{{ finding.qualityAssured }} | The quality assured date |
{{ finding.recreation }} | The recreation |
{{ finding.reviewed }} | The finding reviewed date |
{{ finding.sans25 }} | The SANS 25 score |
{{ finding.secureCodeWarrior }} | The secure code warrior information on the vulnerability description and training |
{{ finding.seenLastScan }} | Set to true if finding was seen in last scan |
{{ finding.softwareComponent }} | The software component |
{{ finding.solution }} | The solution |
{{ finding.solutionProduct }} | The solution product |
{{ finding.solutionTitle }} | The solution title |
{{ finding.solutionType }} | The solution type |
{{ finding.solutionUuid }} | The solution uuid |
{{ finding.source|join(', ') }} | The scan sources |
{{ finding.status }} | The finding status |
{{ finding.tags|join(', ') }} | The tags |
{{ finding.tojson }} | The finding |
{{ finding.updated }} | The updated date |
{{ finding.updatedBy }} | The name of who updated the object |
{{ finding.updatedById }} | The userid of the person that updated the object |
{{ finding.watching }} | Whether the current user is watching this finding |
{{ resourceGroup.created }} | The created date |
{{ resourceGroup.createdBy }} | The name of who created the object |
{{ resourceGroup.createdById }} | The userid of the person that created the object |
{{ resourceGroup.customerId }} | The customer id the object belongs to |
{{ resourceGroup.id }} | The id of the object |
{{ resourceGroup.name }} | The resource group name |
{{ resourceGroup.resources|join(', ') }} | The resource group resources |
{{ resourceGroup.system }} | Set to true when resource group is system resource group |
{{ resourceGroup.tojson }} | The resourceGroup |
{{ resourceGroup.updated }} | The updated date |
{{ resourceGroup.updatedBy }} | The name of who updated the object |
{{ resourceGroup.updatedById }} | The userid of the person that updated the object |
{{ role.created }} | The created date |
{{ role.createdBy }} | The name of who created the object |
{{ role.createdById }} | The userid of the person that created the object |
{{ role.customerId }} | The customer id the object belongs to |
{{ role.id }} | The id of the object |
{{ role.name }} | The user role name |
{{ role.permissionIds|join(', ') }} | The user role permission ids |
{{ role.system }} | Set to true when system role |
{{ role.tojson }} | The role |
{{ role.updated }} | The updated date |
{{ role.updatedBy }} | The name of who updated the object |
{{ role.updatedById }} | The userid of the person that updated the object |
{{ scan.assetId }} | The id of asset on which the scan is performed |
{{ scan.assetIdentifierId }} | The link id of asset on which the scan is performed |
{{ scan.assetIdentifierName }} | The name of asset on which the scan is performed |
{{ scan.assetIdentifierType }} | The type of asset on which the scan is performed |
{{ scan.assetName }} | The name of asset on which the scan is performed |
{{ scan.blueprintAvailable }} | Set to true when scan blueprint is available |
{{ scan.created }} | The created date |
{{ scan.createdBy }} | The name of who created the object |
{{ scan.createdById }} | The userid of the person that created the object |
{{ scan.customerId }} | The customer id the object belongs to |
{{ scan.ended }} | The scan ended date |
{{ scan.expectedEnd }} | The scan expected end date |
{{ scan.expectedStart }} | The scan expected start date |
{{ scan.id }} | The id of the object |
{{ scan.jobId }} | The id of the scan job |
{{ scan.latestRuleDate }} | The lastest rule date taken into account to perfom the scan |
{{ scan.parentId }} | The id of the parent scan. |
{{ scan.scanConfigurationId }} | The id of the scan configuration |
{{ scan.scanConfigurationName }} | The name of the scan configuration |
{{ scan.scanless }} | Set to true when scan is scanless (eg only detection performed) |
{{ scan.scheduleId }} | The schedule id when scan triggered by a schedule. |
{{ scan.source }} | The scan source |
{{ scan.started }} | The scan started date |
{{ scan.status }} | The scan status |
{{ scan.statusDetails }} | The scan status details |
{{ scan.tags|join(', ') }} | The tags |
{{ scan.tojson }} | The scan |
{{ scan.updated }} | The updated date |
{{ scan.updatedBy }} | The name of who updated the object |
{{ scan.updatedById }} | The userid of the person that updated the object |
{{ scan.workflowId }} | The id of the workflow |
{{ scan.workflowName }} | The name of the workflow |
{{ schedule.blockedTimeSlots }} | The schedule blocked time slots |
{{ schedule.created }} | The created date |
{{ schedule.createdBy }} | The name of who created the object |
{{ schedule.createdById }} | The userid of the person that created the object |
{{ schedule.customerId }} | The customer id the object belongs to |
{{ schedule.days|join(', ') }} | The schedule days set what days have been selected for recurrence |
{{ schedule.enabled }} | The schedule status. Set to true when enabled |
{{ schedule.frequency }} | The schedule frequency |
{{ schedule.id }} | The id of the object |
{{ schedule.interval }} | The schedule interval |
{{ schedule.months|join(', ') }} | The schedule months set what months have been selected for recurrence |
{{ schedule.name }} | The schedule name |
{{ schedule.nextOccurrence }} | The schedule next occurrence date |
{{ schedule.nthDays|join(', ') }} | The schedule nthDays set what ordinal days have been selected for recurrence |
{{ schedule.remainingOccurrences }} | The schedule remaining occurrences |
{{ schedule.scanConfigurationIds|join(', ') }} | The scan configuration IDs associated with this schedule |
{{ schedule.scanWindowDuration }} | The schedule scan window duration. |
{{ schedule.scheduledReportIds|join(', ') }} | The report IDs associated with this schedule |
{{ schedule.startsFrom }} | The schedule starts from date |
{{ schedule.timezone }} | The schedule time zone |
{{ schedule.tojson }} | The schedule |
{{ schedule.until }} | The schedule until date |
{{ schedule.updated }} | The updated date |
{{ schedule.updatedBy }} | The name of who updated the object |
{{ schedule.updatedById }} | The userid of the person that updated the object |
{{ schedule.weekdays|join(', ') }} | The schedule weekdays set what weekdays have been selected for recurrence |
{{ schedule.weeks|join(', ') }} | The schedule weeks set what weeks have been selected for recurrence |
{{ schedule.workflowIds|join(', ') }} | The workflow IDs associated with this schedule |
| {{ setting.entityType }} | The type of the target on which the comment is made |
{{ setting.from }} | The old/new finding status before/after transitioning, respectively. See {{ setting.to }} |
{{ setting.limit }} | The consumption limit |
{{ setting.metric }} | The consumption metric |
{{ setting.originalTrigger }} | The actual change to the watched finding |
| {{ setting.timeBefore }} | The number of days in advance of acceptance expiration to trigger the event |
| {{ setting.to }} | The old/new finding status before/after transitioning, respectively. See {{ setting.from }} |
{{ user.countryCode }} | The user country code |
{{ user.customerId }} | The user customer id |
{{ user.email }} | The user email address |
{{ user.emailEncryptionKey }} | The user public key for email encryption |
{{ user.firstName }} | The user first name |
{{ user.id }} | The user id |
{{ user.language }} | The user language |
{{ user.lastLogonDate }} | The user last logon date |
{{ user.lastLogonIp }} | The user last logon ip address |
{{ user.lastName }} | The user last name |
{{ user.logons }} | The user logon numbers |
{{ user.mobilePhone }} | The user mobile phone number |
{{ user.portalPreferences }} | The user portal preferences |
{{ user.snapshotSubscriptions }} | The snapshot subscriptions |
{{ user.snapshotSubscriptionsRemaining }} | The remaining snapshot subscriptions |
{{ user.stateCode }} | The user state code |
{{ user.swatSubscriptions }} | The SWAT subscriptions |
{{ user.swatSubscriptionsRemaining }} | The remaining SWAT subscriptions |
{{ user.tags|join(', ') }} | The tags |
{{ user.timezone }} | The user time zone |
{{ user.tojson }} | The user |
{{ user.username }} | The user name |
{{ userAccount.countryCode }} | The user country code |
{{ userAccount.customerId }} | The user customer id |
{{ userAccount.email }} | The user email address |
{{ userAccount.emailEncryptionKey }} | The user public key for email encryption |
{{ userAccount.firstName }} | The user first name |
{{ userAccount.id }} | The user id |
{{ userAccount.language }} | The user language |
{{ userAccount.lastLogonDate }} | The user last logon date |
{{ userAccount.lastLogonIp }} | The user last logon ip address |
{{ userAccount.lastName }} | The user last name |
{{ userAccount.logons }} | The user logon numbers |
{{ userAccount.mobilePhone }} | The user mobile phone number |
{{ userAccount.portalPreferences }} | The user portal preferences |
{{ userAccount.snapshotSubscriptions }} | The snapshot subscriptions |
{{ userAccount.snapshotSubscriptionsRemaining }} | The remaining snapshot subscriptions |
{{ userAccount.stateCode }} | The user state code |
{{ userAccount.swatSubscriptions }} | The SWAT subscriptions |
{{ userAccount.swatSubscriptionsRemaining }} | The remaining SWAT subscriptions |
{{ userAccount.tags|join(', ') }} | The tags |
{{ userAccount.timezone }} | The user time zone |
{{ userAccount.tojson }} | The userAccount |
{{ userAccount.username }} | The user name |
| {{ workflow.configurations|tojson }} | The workflow configurations |
| {{ workflow.created }} | The created date |
| {{ workflow.createdBy }} | The name of who created the object |
| {{ workflow.createdById }} | The userid of the person that created the object |
| {{ workflow.customerId }} | The customer id the object belongs to |
| {{ workflow.enabled }} | The workflow status. Set to true when enabled |
| {{ workflow.id }} | The id of the object |
| {{ workflow.lastScan }} | Last time a scan was performed using this workflow |
| {{ workflow.name }} | The workflow name |
| {{ workflow.nextOccurrence }} | The scan next occurrence date |
| {{ workflow.scannerId }} | The scanner id |
| {{ workflow.scheduleIds|join(', ') }} | The schedule ids associated with this workflow |
| {{ workflow.tags|tojson }} | The tags |
| {{ workflow.tojson }} | The workflow |
| {{ workflow.updated }} | The updated date |
| {{ workflow.updatedBy }} | The name of who updated the object |
| {{ workflow.updatedById }} | The userid of the person that updated the object |
Related Articles
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.