Skip to main content
Skip table of contents

Scan Assessment Configuration



Purpose

This document serves to improve understanding of the role that assessment scans play in enhancing the security and resilience of an organization's digital infrastructure. Its aim is to provide a overview of the objectives and configurations of various assessments, including Application Assessment, Docker Image Assessment, Cloud Assessment, Network Host Assessment, and Agent Assessment.

Technical Preview

This document contains parts that are technical previews of features that is currently under development. These features may be hidden behind a feature flag.


Scan Assessment

Vulnerability and Compliance assessments target a set of assets and identify findings that is presented and tied to the scanned assets.

Application Assessment

The Application Assessment evaluates the security risks and vulnerabilities in an organization's software applications, and it is an important part of any vulnerability management program because vulnerabilities in applications can be exploited by attackers to gain unauthorized access to sensitive data or systems.

Application Assessments identify vulnerabilities and consider the security of an application throughout its lifecycle, including design, development, testing, deployment, and maintenance when scanned in multiple stages of its Software Development Life Cycle.

The assessment also considers the application's dependencies, including third-party libraries and frameworks, as these can introduce additional security risks and vulnerabilities.

The results of the assessment can be used to resolve vulnerabilities for remediation in the organization. Remediation may include implementing patches, code changes, or additional security controls such as web application firewalls or intrusion detection systems.

It is strongly recommended that Application Assessments are executed regularly, as new vulnerabilities can be introduced when applications are updated or new features are added.


The targets can be added as:

  • URL
  • IPv4
  • IPv6
  • IPv4:port
  • IPv6:port
  • Hostname


https://outpost24.com 
203.0.113.1 
198.51.100.5:5291 
[2001:db8:1:2:3:4:5:6] 
[2001:db8:2fa:bba:dd3:f3c:11:2b]:928
outpost24.com

When adding more than one target, separate them using a newline.

  1. After adding the targets, click the ADD button in the lower right corner.

    Entries not starting with https protocol are prefixed with https://.

A configuration name is extracted from the host, optional port and path to build a unique and user friendly representation of the added configuration. URL fragments and queries are not used for configuration names.

Example inputs and generated configuration names:

  • https://outpost24.com/ > outpost24.com
  • https://outpost24.com:8080/admin/login/ > outpost24.com:8080/admin/login
  • https://outpost24.com:8080/admin/#/login > outpost24.com:8080/admin
  • https://outpost24.com:8080/admin?relogin=true > outpost24.com:8080/admin
  • http://91.216.32.99:8081 > 91.216.32.99:8081

The Choose scanner (HIAB only) option is visible if at least one Appsec scanner is available.

  • The first scanner in the list is selected by default.
  • The selected scanner can be changed in the Edit view.

To add scans in HIAB Appsec, one of the regular HIAB scanners must be turned into Appsec scanner.
See Setting up a HIAB as an Appsec Scale Scanner for more information.

Docker Image Assessment

The Docker image assessment evaluates the security risks and vulnerabilities associated with the Docker images used by an organization. Docker images are pre-configured software packages that contain all the necessary components to run an application and can be easily distributed and deployed in a container environment.

A Docker Image Assessment involves tools to identify the contents of the image and assess the security of the software components, including the operating system and any applications or services included in the image. Configuration errors or misconfigurations can create security vulnerabilities that can be exploited by attackers.

The results of Docker Image Assessments are used to prioritize vulnerabilities and develop a remediation plan. It may include updating the image with the latest security patches or configurations.

It is essential that Docker Image Assessments should be conducted regularly, as new vulnerabilities can be introduced as software is updated or new images are created.

HIAB and OUTSCAN RC supports a Docker image scan. You can scan a Docker image if you have done a Docker discovery to retrieve the images available on your private Docker Registries.

Currently, it is only possible to scan image that are less than 1GB and type of Linux and with a 64 bit architecture.

  1. Create a Docker image assessment scan configuration. Select Docker image assessment under Assessment then select the Docker credential you want to scan.
  2. On Docker credentials selection, a table is displayed with all the discovered images and the details of an image such as name, OS, architecture and size.
  3. Select one or more images and click on ADD to save the scan configuration. The name of the scan configuration can be changed by editing it.
  4. Click on Scan Now to run the Docker image assessment scan.


See Scan a Docker Image for more information.

Cloud Assessment

Cloud environments can introduce new risks and vulnerabilities that may not exist in traditional on-premises environments, making cloud assessments an important part of any Vulnerability Management program. The Cloud Assessment evaluates compliance against a policy in a Boolean way regarding an organization's use of cloud services.

A Cloud Assessment evaluates the customer's use of the cloud service provider, as well as assessing the configuration and security of the organization's own cloud environment. This can include evaluating the security of the network architecture, access controls, and data encryption.

The assessment considers the unique security challenges associated with different types of public cloud deployments, such as AWS, Google Cloud, and Azure. For example, a public cloud environment may require additional controls to protect against data breaches and unauthorized access, while a private cloud environment may require more focus on access controls and network segmentation.

The assessment identifies potential vulnerabilities and risks and is used to develop plans for remediation, which includes implementing additional security controls or practices, such as multi-factor authentication, network segmentation, or regular vulnerability scanning and testing.

In summary, a cloud assessment is a critical component of maintaining a secure cloud environment and should be conducted on a regular basis to ensure ongoing protection against emerging threats and vulnerabilities.

  1. Select which assessment to use, for this example Cloud assessment is chosen.
  2. Select Credentials from the drop down menu. See Scan Credentials for more information on how to set up scan credentials.
  3. Select Policy from the drop down menu.

  4. Select which Regions to scan. For further information about AWS regions see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html.

    Depending on the credentials, there are different kinds of cloud configurations. For example, for AWS credentials, it is required to select Region, but for Azure/GCP credentials, it is not. Moreover, the policy drop-down menu also differs between AWS/Azure/GCP.

  5. Click on the blue Add button in the lower right corner to add the configuration.


If multiple regions are selected, each time the scan configuration runs, the number of scans queued/started will match the number of regions selected.


See Cloudsec Scan Configurationfor more information.

Adding new configurations also populate the Assets. The assets are deducted from the submitted target information. If an asset already exists, the created configuration is linked to it. Else, it is created upon creation of the configuration and linked.


Network Host Assessment

The Network Host Assessment is the process of identifying and evaluating the security risks and vulnerabilities within individual network hosts, such as servers, workstations, or network devices. The goal of a network host assessment is to identify potential security weaknesses and remediate them before they can be exploited by attackers.

A Network Host Assessment identifies the operating system and software applications installed on the host and assesses their vulnerability to known exploits and attacks. 

The assessment also evaluates the configuration of the host, including the security of network services, access controls, and patch levels. Configuration errors or misconfigurations can create security vulnerabilities that can be exploited by attackers.

The results of the assessment can be used to prioritize vulnerabilities and develop a plan for remediation that includes applying security patches, reconfiguring access controls or network services, or implementing additional security controls such as intrusion detection or prevention systems.

It is important that network host assessments should be performed regularly, as new vulnerabilities can be introduced as software is updated or new applications are installed.

Before initiating the Network Host Assessment, it is recommended to perform a discovery scan to gain an overview of the organization's IT assets. For additional information, please refer to: NetworkDiscovery.



  1. Select Network host assessment.
  2. Fill in the Name input field with a descriptive name for the intended assessment. 
  3. Select Policy from the drop-down menu. To create a new scan policy, please refer to: Scan Policies.
  4. Optionally, select an Override scan policy from drop-down menu. For a more detailed description of this parameter, please refer to: Scan Policies#PolicySettings.
  5. Toggle the Scanning-Less Scanning switch button to enable or disable this option. For a comprehensive understanding of this feature, please refer toScanning-Less Scanning.
  6. Click on the blue Add button in the lower right corner to add the configuration.

Agent Assessment

  1. Select Agent assessment.
  2. Fill in the Name input field with a descriptive name for the intended assessment. 
  3. Enter a value in the Scan Recurrence field to specify the scan recurrence in hours. The minimum frequency is 24 hours, and the maximum is 30 days.
  4. Click on the blue Add button in the lower right corner to add the configuration.





References

  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.





JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close