Last updated: 2025-10-21
Purpose
This article provides users with an overview of Ports.
Introduction
This article provides a technical overview of the Ports feature within the context of Informational findings in Outscan. It describes the data and management capabilities available for ports, including attributes such as port name, protocol, associated asset, and additional metadata. The interface supports operational functions such as comment and status management, tag editing, false positive marking, and column customization, enabling users to tailor data presentation to their specific analysis requirements.
Within Outscan, the Ports view displays detailed information about open or previously open network ports identified on monitored assets. Each record includes protocol-layer details, first seen and last seen timestamps, and asset associations, providing actionable visibility into network exposure and service activity.
Ports Overview
Use Case
Informational findings are often used for assessing the risk posed within the infrastructure rather than when detecting specific vulnerabilities which need to be patched or fixed.
Often the information provided here can be used for auditors or insuring there are no specific configurations within the estate.
If it is against company policy to run the SSH service on Port 22, instead running on a customer port. In the Ports menu, filter the Service name for SSH to show all of the Assets running an SSH service. Further filters can then be applied to, for example, the Port column for 22 to then show all of the Assets running SSH on the default port of 22, against company policy. Alternatively, it would also be possible to filter to show !22 of the company policy was to only run SSH on port 22.
Requirements
It is assumed that the reader has basic access to the OUTSCAN™/HIAB account.
The Ports view is visible without an Appsec subscription, but the view will be empty.
Ports
In Findings > Informational > Ports, the ports that are linked to a specific asset are listed.
When clicking on a port, a details view is displayed on the right side of the window.
Details
The Details tab shows more information about the selected port.
This includes fields such as layer, protocol and port.
Ports
A list of all ports and information about them such as port name, port protocol and layer.
Asset
The affected asset, and by clicking the asset name you are redirected to the asset view for more information.
First seen
When the port was first discovered on the specific asset.
Last Seen
When the port was last seen on the specific asset.
Comments
The Comments tab enables you to post comments on ports, as well as sending messages to the Outpost24® Appsec team for review and response about the selected port.
Discussions about a finding are normally customer-internal. Only when eligible (via associated subscription) may a dialog between customer and the Outpost24 AppSec team be initiated.
Starting a Discussion
You can start a discussion about a finding:
-
Select a finding.
-
Click the Comments tab on the right side. The Comments tab shows all your ongoing discussions.
-
Add a new comment and click the blue Start Discussion button.
-
To reply to a discussion, enter your reply on the Reply to conversation line and click the blue Reply button.
Starting a Discussion with the Outpost24 AppSec Team
You can start a discussion about the findings with the Outpost24 AppSec Team for review and response.
-
Select a finding.
-
Click the Comments tab on the right side. The Comments tab shows all your ongoing discussions.
-
Toggle the Start a discussion with Outpost24 switch.
The Start a discussion with Outpost24 toggle is displayed if and when the underlying finding is eligible.
-
Add a new comment and click the blue Start Discussion button.
The comment is sent to the Outpost 24 AppSec team. -
To reply to an ongoing discussion, enter your reply on the Reply to conversation line and click the blue Reply button.
When discussing with an Outpost 24 AppSec representative, the discussion card is marked clearly with a blue sign in the top left corner of the discussion card.
Deleting a Single Comment
To delete a comment in a discussion, click on the delete 
The deleted comment is marked with the text "This message has been deleted".
You can only delete your own comments.
Deleting a Discussion Tree
To delete the entire discussion tree, click on the delete
The deleted discussion and all replies is marked with the text "This message has been deleted".
Removing the top discussion will remove all the following replies in that discussion recursively.
If no comment is given, a default message/comment stating “Transitioned information status from <original status> to <new status> without user's comment." is saved as a activity log to assist with the reviewing of the finding’s history.
The customer can also transition ports from other status like FALSE_POSITIVE or PRESENT.
Example:
Starting discussions with the Outpost24® Appsec team requires an active Appsec subscription.
To access existing comments, enable the comments column and click on the comment 
Manage Ports
Select one or more ports, and choose one of the actions that is displayed on the bottom bar:
Right-clicking a port or a selected group of ports opens a menu where the same tasks can be performed.
The possible user actions are:
-
Edit tags
-
Mark as false positive
-
Unmark false positive
Columns
By clicking the Column 
Select a specific column to know that information about a port. All selected columns are displayed in the Ports tab. The available options are described below.
|
Option |
Format |
Description |
|---|---|---|
|
Age |
|
Shows how old the vulnerability is in regards to when then it was first discovered in a scan. |
|
Asset |
|
Name of the asset associated to the finding. Could consist of among others:
|
|
Asset group IDs |
|
Group IDs attached to Asset that the Finding belongs to. |
|
Asset ID |
|
The unique identifier of the Asset the Finding belongs to. |
|
Banner |
|
The banner is an automatic message from the server when it gets a connection to a port. |
|
Comments |
|
Number of comments associated to the finding. |
|
Created |
|
When the finding object was first created. Counted from when a scan first resulted in this finding or when the Appsec team pushed it. |
|
Created by |
|
Who created it:
|
|
Created by ID |
|
ID of the account that created the port |
|
Customer ID |
|
ID of the customer |
|
Encaps |
|
Shows if the traffic is encapsulated (ssl/tls etc). |
|
Encryption |
|
Encryption supported by the encapsulation, see Encaps. |
|
First scan ID |
|
ID of the scanlog entry this finding was first found in. |
|
First seen |
|
Date shows when the finding was first discovered on a specific asset during recurring scans. When not found in a scan, the first seen date resets. |
|
ID |
|
Unique identifier of the finding. |
|
Last scan ID |
|
This is the last (latest) scan this finding was found in. |
|
Last seen |
|
Date shows when the finding was last seen on a specific asset. Checks if the finding is present in recurring scans. If it is not found in one scan, the last seen date resets. |
|
Layer |
|
|
|
Match IDs |
|
Reference ID to the scanners raw data output that the finding is generated from and contains in depth information such as vhost, port, pattern, url, product versions, and so on. |
|
Port |
|
List of all ports |
|
Ports |
|
Displays ports the finding is found on. Hovering mouse on the port chip displays the port number and protocol as tool-tip. 
Number filter is applicable on the column. |
|
Seen last scan |
|
Boolean value that shows if the finding was detected during the last scan of the linked asset. |
|
Service name |
|
|
|
Source |
|
Which source scanner or product type does the finding originate from. |
|
Status |
|
Indicates the different statuses for a finding. Can be marked as:
|
|
Tags |
|
Displays the available tags associated with the finding. |
|
Type |
PORT |
Type of information (Port) |
|
Updated |
|
Timestamp of when the finding was last updated at all for any reason, system- or user-initiated. |
|
Updated by |
|
Who did the last updating action, system, user, or AppSec team and so on. |
|
Updated by ID |
|
ID of the account that did the last updating cation |
Related Articles
- Reports
- Log In Using LDAP
- Report Library
- Vulnerability Database
- Removing an Agent from Windows
- Delta
- Scan Blueprint
- Technical Specification
- Schedules
- Installing a Linux Agent
- Workflows
- Troubleshooting checklists
- User Management
- Check Connectivity to Agent Server
- Scan Scheduling Errors
- HIAB Deployment Guide
- Managing Tags
- Checking if Agent is Running
- Agent Installation Introduction
- Common Settings Panel
- Scanning Range
- Role Management
- Portal Icon List
- Agent Call Home
- Asset Discovery
- XML API Interface Technical Document
- Using the Agent Info Command
- Scheduled Reports
- Removing an Agent from Linux
- Solutions
- Identity and Access Management (IAM)
- Understanding Scanner and Scheduler
- Licensing Consumption
- Installing a macOS Agent
- Agent Introduction
- Setting Up an Agent Using System Proxy
- DNS Lookup in UI and in Console
- Supported Browsers
- HIAB Console
- Certificates
- Marking as False Positives
- Managing Agents
- Event Notification - Integration
- HIAB Distribution Settings
- Agent Latest Version
- Column Configuration
- PGP on User Accounts
- Event Notification - Use Cases
- Logging in to the Portal
- Firewall Rules
- Account
- Notification Settings
- Products Database
- Log In Using Single Sign-On (SSO)
- Scan Assessment Configuration
- View Templates
- Ports
- Installing a Windows Agent
- Generate Reports
- Basic Credentials
- Scan Stages
- Object Identifiers
- Subscriptions Overview
- Services
- REST API Interface Technical Document
- Getting Started with the Portal
- Scan Configuration Settings
- Scans View
- Retrieving a REST API Token From XMLAPI
- HIAB E-mail Whitelisting
- Scan Credentials
- API Examples
- Tags
- Accepting a Risk
- Importing Tags for AWS Discovery
- Discovery Scan Configuration
- Products
- Vulnerabilities
- Scan Policies
- Resource Group Management
- Download Agents
- Discussions and Commenting
- Filters
- Notifications
- 2FA on User Accounts
- Assets