Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Release Date: 2019-06-25

Version: G4.6-8.0


The following material is proprietary to Outpost24. This material may not be disclosed in any manner to anyone other than the addressee and employees or authorized representatives of Outpost24.

Important Notice

As our business grows, and with more customers joining us, it has been necessary to grow our infrastructure accordingly to ensure we can continue to offer an ever-improving level of service to our customers.

To meet these needs, it has been necessary to extend the IP range from which scanning may originate.

The additional IPv4 range from which scans may originate is:

80.254.228.0/22

This is in addition to our existing network range of:

IPv4:

91.216.32.0/24

IPv6:

2001:67c:1084::/48

These IP ranges are exclusive to Outpost24, and any IPS whitelisting for PCI ASV scans should include these new ranges.

This information will also be available in the Support > Resources area of Outscan.


New Features

Appsec

Appsec has gone through a major redesign preparing it for a full-stack assessment platform.

Findings

Findings are now asset centric instead of scan schedules/configurations. They are recorded for each asset and deduplicated against the tracked findings based on the output from each scan. This allows correlation between different asset types and unifies the way of tracking risks for assets. We recommend reading through the Appsec user guides to get familiar with the new features.

Vulnerability Classifications

Vulnerability checks and findings are now associated with CWE allowing extending the classifications to both web application and infrastructure based findings.

The CWE mapped classifications are:

  • SANS25 (extended to all findings)
  • WASC (extended to all findings)
  • OWASP Top 10 2004 (extended to all findings)
  • OWASP Top 10 2007 (extended to all findings)
  • OWASP Top 10 2010 (extended to all findings)
  • OWASP Top 10 2013 (extended to all findings)
  • OWASP Top 10 2017 (extended to all findings)
  • CAPEC (new classification)

The classifications for the already existing checks will be populated retroactively in the future releases.

More Granular CVSS Score

Both CVSSv2 and CVSSv3 score has been split into base, temporal, and environmental score providing a more granular risk level metrics. These attributes are now available in the REST API and as columns in the Findings view.
 
Additional fixes:

  • Information about known public exploits for the reported vulnerability is now presented on a separate Exploits tab.
  • Comments have been moved out to a separate Comments tab and presented in a threaded manner. There is a visual indication when a finding has comments associated with it by an icon on the Comments tab header, with a number representing the number of new comments.

Scan Configurations

Flexible schedules: The schedules is updated to provide more flexible scheduling possibilities.
 
Additionally:

  • Schedules can be configured to end after n occurrences.
  • Schedules can be reused between configurations.
  • Each configuration is allowed to have one or more schedules.

Note

As part of this release, all historical scan schedules will be migrated to the new scheduling system. Because this is a new scheduling system, all schedules show a start date set to the date of this release.  This does not impact these historic schedule in any other capacity.

Scans

Scans are now displayed in the Scans view as soon as they are started.

Authentication

[Beta] Support for Selenium .side scripts making it possible to now record a login using the Selenium browser plugin and upload the .side script to use for authentication.

If you wish to help us test support for .side scripts, please raise a support request from the Outpost24 Support Portal to have the option available in the Scale platform.

Note

In HIABs running Appsec, the Selenium browser runs in a restricted container on the scanner. To communicate with it, a network local has been set up on the host using the IP range (10.88.0.0/16).

If this range is used for something else together with the side scripts feature, it can cause issues when scanning those targets.

Downloads

New specific Download section to download Outpost24 appliances.

SWAT

Comments are now presented in a threaded manner.

Datasec

  • Datasec continues to improve from MVP adding more capabilities and analytics concerning Windows shares and Windows users. Datasec has reached beta now and are available to selected customers.

Netsec

  • Splunk integration now supports the Splunk CIM model as a new Event Notification type.
  • Authentication for VMWare vSphere has been added to the Scan Policy for use with Compliance scanning.
  • Appliance downloads have been moved to the new UI. A link has been provided in the existing Download location.
  • As previously announced, the HIAB Scanner name has been removed from the reporting grid. This information is still available, and filterable, in the Target Selection grid.

Vulnerability Detection

  • Improved detection for MariaDB.
  • Improved detection for fallback kernel on Ubuntu 18.
  • Added detection for IBM i over DNS.
  • Added detection of Docker on macOS.
  • Added detection for Calibre on macOS.
  • Improved detection for Speculative Execution.
  • Improved detection for Sharepoint Server.
  • Improved detection for Bluekeep.
  • Improved Command Injection payloads.
  • Improved php.ini detection.
  • Improved ILO4 detection.
  • Improved vBulletin detection.
  • Added detection for Full path disclosure on web payloads.
  • Improved detection for path traversal vulnerabilities.
  • More code execution samples to Appsec Scale.

Compliance

  • VMware CIS ESXi 5.5 and 6.0 benchmarks now available.

Bug Fixes and Minor Improvements

  • Fixed status of Appsec scans and filtering by asset.
  • Fixed an 'Access Denied' issue occasionally caused by comments on a vulnerability.
Netsec
  • Fixed an issue which could cause a finding to be reported twice with multiple install paths.
  • Fixed an issue with automatically adding hosts to groups from discovery scans when more than 65536 hosts are discovered.
  • Fixed an issue where it may not be possible to save SMTP Relay host settings on HIAB.
  • Fixed a memory issue with large Excel reports which may not display in the Download Manager.
  • Fixed an issue where retrieving IDP Metadata may cause an error.
Cloudsec
  • Fixed License consumption while Automatically Monitoring instance using Auto-Discovery in some specific case.
  • Improve Hardening Microsoft Azure Benchmark for Networking and Identity and Access Management.

End of Life Announcement

Elastic Detector (ED)

Elastic Detector assessment features will be merged into Outscan and HIAB products. We are now formally announcing both the end of life and end of support dates for Elastic Detector.

  • Official End of Life date: 31th December 2018
  • Official End of Support date: 30th June 2019

We recommend all remaining Elastic Detector customers to contact their account managers to discuss upgrading to Outscan and HIAB as soon as possible and no longer than the formal end of life date.

Appsec Swat UI EOL

The SWAT Classic UI will continue to be available for an additional three months before it will be deprecated. Currently we expect this to happen in September 2019.