Document Version: 3.0

Date: 2020-02-25


Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.



Purpose

This document provides information to the appliance administrator/network technician on how to install and configure multiple HIAB appliances when setting it up for the first time in the organization’s environment. This document assumes that the reader has access to the HIAB. 

Introduction

The HIAB solution can be set up in a distributed scanning system, which allows you to scale and place multiple HIABs in different off-site locations to perform local scanning of your subdivisions. 

Prerequisites

Make sure that the HIABs can communicate over TCP port 443 with each other to use them in a distributed model. 

Pairing Scheduler and Scanner

From Scheduler

Step 1: Add Scanners 

Log in to the Scheduler appliance.

Go to Main Menu > Settings > Distribution.

In the Scanners tab,

  1. A HIAB to be used as a scanner is added. 
  2. The available HIABs to use as scanners are displayed.

After a scanner node has been approved, the HIAB is ready for distributed scanning.

Note

To scan on different HIABs, you must define targets to execute on different scanner nodes. 


HIABDistScan01

Note

OUTSCAN can be set as a scanner, only if the HIAB External license is available. This allows scans to be performed using OUTSCAN, and the reports are stored on the HIAB.

New is used to add a scanner appliance for the scheduler to communicate.

OptionDescription
NameProvide a name to use for this scanner.
Name on scannerProvide a name to use for this HIAB on the scanner.
HostThe IP address or host name of HIAB to be added as a scanner.
Auth. method

Choose between authentication methods.

  • Username and password
  • Token
UsernameUsername of the main user on the HIAB to be added as a scanner.
PasswordPassword of the main user on the HIAB to be added as a scanner.
TokenProvide the token from the appliance that you want to add. See Access Tokens.
Notify on MissingIf enabled, sends a notification whenever communication to the scanner is not possible or in other words, if the scanner goes missing.

Fill the required fields and click Save.

Note

Unless an error message is shown, you have now registered the scanner on the scheduler HIAB.

Delete: Deletes the scanner from this HIAB. The deleted scanner is marked as inactive to allow it to re-register when required.

Approve/Deny: When a HIAB requests to be added as a scanner, that scanner must be approved or denied on the scheduler. Click Approve to allow, otherwise click Deny.

Step 2: Configure the Scanner

Any scanner under Pending status has two additional options when right-clicked, Approve and Deny.

Right-click on an entry to configure that scanner. Options vary depending on the type of the scanner. 


Distributed HIABs 

Option

Icon

Description

Enable Pushing/ Disable Pushing

To change the pushing mode, right-click the appliance and select Enable pushing or Disable pushing. Communication can be performed in either way. It is not recommended to enable polling/pushing in both directions. See Additional Information.

Set as Default

Sets the appliance as default scanner.

Set as Normal/APPSEC SCALE scanner

Toggle between a normal or APPSEC SCALE scanner.

Assign to Group

Assign to Group allows you to cluster scanners and select the group instead of an individual node when scanning.

Update Now

This option forces the scanner to perform an update immediately.

Debug

Debug will execute a tcpdump while trying to communicate with the selected server. All communication during that period will be dumped and displayed.

Renew signature key

Click to clear cache and refresh the signature key for the HIAB. 

New

Used to create a new scanner appliance where the scheduler will communicate to the scanner.

Delete

Deletes the scanner from this HIAB. The scanner will be marked as inactive to allow it to re-register again.

Edit

Select Edit to change the name of the scanner.

Audit Log

Opens the audit log of the scanner.

Export 


HTML: Exports the currently visible data as HTML.

CSV: Exports the currently visible data to a .CSV file.


OUTSCAN 

Option

Icon

Description

Approve

Approves the appliance as scanner.
Deny

By clicking, implies that the selected appliance cannot be used as a scanner.

Set as Default

Sets the appliance as default scanner.

New

Used to create a new scanner appliance where the scheduler will communicate to the scanner.

Delete

Deletes the scanner from this HIAB. The scanner will be marked as inactive to allow it to re-register again.

Edit

You can also change the name of the scanner by selecting Edit.

Audit Log

Opens the scanners Audit Log.

Export


HTML: Exports the currently visible data as HTML.

CSV: Exports the currently visible data to a .CSV file.


Local Host 

Option

Icon

Description

Set as Normal/APPSEC SCALE scanner

Allows to toggle between a normal or APPSEC SCALE scanner.

Note

This option is available only if it is external device. It is not possible to turn a single HIAB into a scale scanner.

Assign to Group

Assign to Group allows you to cluster scanners and select the group instead of an individual node when scanning.

New

Used to create a new scanner appliance where the scheduler will communicate to the scanner.

Delete

Deletes the scanner from this HIAB. The scanner will be marked as inactive to allow it to re-register again.

Audit Log

Opens the audit log of the scanner.

Export


HTML: Exports the currently visible data as HTML.

CSV: Exports the currently visible data to a .CSV file.

View

Clicking on the arrow next to the name of any column allows you to customize the columns to be displayed. The available options are:

Column

Description

Active

Displays if the scanner is active or not.

AWS Scanner

Displays if the scanner is an Amazon Web Services scanner or not.

Host

Displays  the IP address or host name of the scanner.

Information

Displays the additional information about the status.

Last Sync

Displays the timestamp when the scanner last reported to the Scheduler.

Last Updated

Displays when the scanner was last updated.

MAC Address

Displays the MAC address of the scanner.

Name

Displays the name of the scanner.

Pushing

Determines if the scheduler should connect to the scanner.

Rules Version

Displays the current version of the rules on the connected device.

Scanner Type

Displays if the scanner is set up as a normal or APPSEC SCALE scanner.

Scanning Disabled

Displays if Scanning is disabled or not.

Scanning Engine Version

Displays the current Scanning Engine Version on the connected device.

Status

Displays if the scanner is approved or not.

UI Application Version

Displays the current UI Application version on the connected device.

Use Proxy

Enable, if this connection should communicate over the defined proxy server.  It should be configured in the Server Settings

XML Application Version

Displays the current XML Application version on the connected device.

Step 3: Approve / Deny Scheduler

To approve or deny the request sent by Scheduler, log in to the Scanner appliance.

Go to Main Menu > Settings > Distribution.

In the Schedulers tab, available schedulers are displayed. 

  1. Scheduler status displays pending until it is approved. 
  2. Select the scheduler and right-click to approve the communication. 

Reregister Scanner

If a scanner has been deleted from a single instance in the distributed setup, the status is marked as No under Active column. 

To re-register a deleted scanner:

  1. Right-click on that entry.
  2. Select Reregister scanner.
  3. It opens the maintaining scanner window with the predefined data. Update the required fields and click Save.
  4. The appliance needs to be approved to enable it as a scanner. 

From Scanner

To initiate the communication between scheduler and scanner from the scanner, 

Log in to the Scanner appliance.

Step 1: Add Scheduler

Go to Main Menu > Settings > Distribution.

In the Schedulers tab, 

New sends a request to a scheduler HIAB. 

Option

Description

Name

Provide a name to use for this scheduler.

Name on Scheduler 

Provide the name of the HIAB displayed on the scheduler.

Host

Displays the IP address or hostname of the scheduler.

Auth. method

Choose between authentication methods.

• Username and password
• Token

Username

Provide the user name of the main user on HIAB scheduler.

Password

Provide the password of the main user on HIAB scheduler.

TokenProvide the token from the appliance that you want to add. See Access Tokens.

Delete: Deletes the scheduler from this HIAB. By doing this, the scheduler is not allowed to run distributed scans on this HIAB any longer.

Approve is used to approve a scheduler when the scheduler adds the scanner.

Deny is used to deny the request. 

Step 2: Configure the Scheduler

Right-clicking on any Scheduler name provides you with a drop-down menu for that specific scheduler.


Option

Icon

Description

Debug

Debug will execute a tcpdump while trying to communicate with the selected server. All communication during that period will be dumped and displayed.

New

Used to create a new scanner appliance where the scheduler will communicate to the scanner.

Audit Log

 Opens the Schedulers Audit log.

Export

HTML: Exports the currently visible data as HTML.

CSV: Exports the currently visible data to a .CSV file.

View

Clicking on the arrow next to the name of any column allows you to customize what columns will be shown out of the following:


Column

Description

Active

Displays if the scanner is active or not.

Host

Displays the IP address or hostname of the scanner.

Information

Displays the additional information about the status.

Last Sync

Displays the timestamp when the scanner last reported to the HIAB.

Last Updated

Displays when the scanner was last updated.

MAC Address

Displays the MAC address of the scanner.

Name

Displays the name of the scanner.

Polling

Determines if the scanner will connect to the scheduler.

Status

Displays if the scanner is approved or not.

Use Proxy

Enable, if this connection should communicate over the defined proxy server.

Version

Displays the current version on the connected device.

Step 3: Approve / Deny Scanner

To approve or deny the request sent by Scheduler, log in to the Scheduler appliance.

Go to Main Menu > Settings > Distribution.

In the Scanners tab, requested scanners list is displayed. 

To pair the scheduler to the scanner:

  1. Click on the row that has the previously supplied scanner name.
  2. Click on the Approve button.

The two appliances are now paired and distributed scanning is available.

Additional information


Communication Direction

To change the communication direction, first disable the active mode on relevant appliance, and then enable the desired mode . If the communication is set up so it communicates in both directions, it reverts to the Scanner polling the Scheduler by default.

Example: When pushing mode is enabled, disable pushing for relevant scanner in the Scanner tab on the Scheduler, then enable polling in the Scheduler tab on the Scanner. 

Pairing

Once the appliances are paired, re-pairing is not required even if the IP changes. Update the information on the scanner where it can locate the scheduler.