Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

Thycotic provides a privileged account security solution and password vault. It is required to have the Thycotic Secret Server account to use the integration.

Note

Thycotic authentication can be configured on the scan policy, on the target or on the target group.

Set Up Thycotic Integration in OUTSCAN or HIAB

To set up Thycotic in OUTSCAN or HIAB:

  1. Go to Main Menu > Settings > Integrations.
  2. Select the Thycotic tab.



  3. Configure Thycotic Sever:

    OptionDescription
    EnabledClick on this field to enable Thycotic.
    NameProvide a name for this configuration. 
    URI

    Provide your Thycotic Secret server URI.

    UserProvide your Thycotic user name.
    PasswordProvide your Thycotic password.
    Organization (optional)Provide the name of the organization that should be queried in a Thycotic Cloud setup. 
    Tenant (optional)Provide the tenant for Thycotic Cloud setup.
    Ignore certificate validationIt is recommended to leave this box unchecked. Check this box only when there is no trusted certificate available.
    Test AuthenticationClick on this button to test the authentication status.
    AddClick to add the configuration settings.
  4. Click Save.

After enabling Thycotic, the authentication can be configured on a target, target group, or a scan policy.

Target / Target Group

  1. Go to Main Menu > Netsec > Manage Targets.
    1. Target: Edit a target to setup the Authentication
    2. Target Group: Right-click on a group and select Set Target Authentication
  2. Select Thycotic SMB or Thycotic SSH from the drop-down list, to use the respective authentication.

                                                                                                                                                                                                                                                                                                                                                                                            
  3. Fill in the Credentials:

    OptionDescription
    Thycotic Config

    Select the config from the drop-down list.

    Secret name

    Provide the name of the Secret. 

    Note

    When the user provides a phrase, it searches for the name matching the given phrase. The first name matched is used. ${IP} will get replaced by the target IP.  ${HOSTNAME} will get replaced by the host name of the target.

    Override path

    Provide a new path to cancel using the existing path.

    SSH substitute user command

    The use of the following commands is to execute commands with a different user/privilege escalation.

    1. sudo: This command is found in most of the Linux based systems (or can be installed). Used to execute commands as a different user (other than the one used to log in). From the tools perspective, it uses root account to perform the commands.
    2. doas: It is an OpenBSD based command. 95% of its features are like sudo. https://man.openbsd.org/doas
    3. sesu: It is an IBM implementation of su.
    4. dzdo: Used in Linux/Unix (can be installed at will). An alternative to sudo.
    5. pfexec: Mostly used in Solaris.
    6. custom: It gives a flexibility to use a custom defined privilege escalation command. 
    SSH custom user commandThis field is available when the user selects custom in the SSH substitute user command field. Add a custom command for escalating privilege.
    SMB allow NTLMv1Check this box to enable the authentication using NTLMv1.
    Enable remote registryIf enabled, the scanner initiates the Remote Registry service with the given details. Disable the service when the scan is finished.
  4. Click Test to start a verification.
  5. Click Save to enable the current settings.

Scan Policy

  1. Go to Main Menu > Netsec > Scan Scheduling > Scan Policy.
  2. Edit a scan policy to setup the Authentication. Under SMB and SSH tabs, Thycotic SSH and Thycotic SMB are now visible as new options.
  3. Click on any of the options to use the respective authentication.

      

  4. Provide your Credentials:

    OptionDescription
    Thycotic Config

    Select the config from the drop-down list.

    Secret name

    Provide the name of the Secret. 

    Note

    When the user provides a phrase, it searches for the name matching the given phrase. The first name matched is used. ${IP} will get replaced by the target IP.  ${HOSTNAME} will get replaced by the host name of the target.

    Override pathProvide a new path to cancel using the existing path. 
    SSH substitute user command

    The use of the following commands is to execute commands with a different user/privilege escalation.

    1. sudo: This command is found in most of the Linux based systems (or can be installed). Used to execute commands as a different user (other than the one used to log in). From the tools perspective, it uses root account to perform the commands.
    2. doas: It is an OpenBSD based command. 95% of its features are like sudo. https://man.openbsd.org/doas
    3. sesu: It is an IBM implementation of su.
    4. dzdo: Used in Linux/Unix (can be installed at will). An alternative to sudo.
    5. pfexec: Mostly used in Solaris.
    6. custom: It gives a flexibility to use a custom defined privilege escalation command. 
    SSH custom user commandThis field is available when the user selects custom in the SSH substitute user command field. Add a custom command for escalating privilege.
    SMB allow NTLMv1Check this box to enable the authentication using NTLMv1.
    Enable remote registryIf enabled, the scanner initiates the Remote Registry service with the given details. Disable the service when the scan is finished.
  5. To start verification, provide the target IP or Hostname and click on Test Credentials.

  6. Click Save to enable the current settings.


Reference

Netsec Integrations