Manage Targets
Purpose
The purpose of this document is to provide an overview of the Manage Targets feature for OUTSCAN and HIAB, and has been elaborated under the assumption that the reader has access to the OUTSCAN/HIAB account and Portal Interface with Netsec subscription.
Introduction
Targets are the assets that are managed by the system, usually a web site, web application, server, or network device that you would like to scan for security vulnerabilities.
The amount of targets can be hard to maintain, therefor it's good practice to manage all targets in target groups. See Target Groups and Dynamic Target Groups.
Getting Started
There are two ways of launching your applications.
- From OUTSCAN
- From a HIAB
OUTSCAN
To launch the OUTSCAN application, navigate to https://outscan.outpost24.com.
Log in using your credentials.
HIAB
To connect to a HIAB, use the assigned network address.
Log in using your credentials.
To access the Manage Targets module, go to Main Menu > Netsec > Manage Targets.
Targets
Targets are added under the Manage Target section, which is accessible either using the icon on the desktop of from the menu at the bottom left of the GUI.
First time when you enter this section it does not contain any targets groups and only state, All Targets and Ungrouped. Multiple groups can be created, and the targets can be in multiple groups. Arrangement can either be done automatically in Dynamic Target Groups or by manually using drag-n-drop functionality of added target.
There are three generic ways to add targets to the system. Two of those can be performed from this section and the third is to conduct a Discovery Scan and thus that functionality is tied to the scheduling section discussed later in this document.
Once the targets are in place these are the best practices.
- If the number of targets justifies groups of targets, then consider adding targets that matches your organizations requirements. For example, create groups so that you can compare targets and/or teams in order to see how the vulnerability management is progressing over time.
- If you have complex requirements regarding scanning time and restrictions, consider managing those rules from groups instead of having to manually edit schedule objects but simply use drag-n-drop when moving/changing scanning periods.
- If you have additional information that would help in the day to day operation if that information was present in vulnerability management reports, add those detains to the target using custom fields. Read the user guide for more information about custom fields.
- If the number of users having access to the tool is large along with the network, consider adding target groups per role (or even per user). This will allow you to re-assign assets between users and grant access to systems without having to re-configure users.
- Use dynamic groups to always have updated information about the targets so that the information does not become obsolete over time.
For example: system owners can be defined as a separate customer field and be used as a dynamic filter to organize the targets. See the Dynamic Target Groups for information on how to add Dynamic Groups.
The grouping system provided by the tool can be used in many ways and allows you to have a better control of what is currently going on within your organization.
On the left side you have an overview of some of the things that has been discussed above (the number to the right of the group name represents the number of targets present in the group).
The Business Function group contains two subgroups that are used for reporting those systems separately even though they share the same database cluster for instance.
In the Event system you can see that groups have been created for different types of notifications and this allows you to simply re-configure notifications and likewise tasks without going over the notification event list trying to figure out which object to edit. Same thing applies to the Scan Window group.
The Target Assignment group contains both By Role and By User and both can be used simultaneous giving you the possibility to have individual targets assign to users and belong to a group of administrators.
Note
Best practice is also to not use the groups for anything else without updating the name to reflect their usage.
Example:
Do not perform scheduling on system owner groups without specifically adding that information to the group name.
Cheat Sheet
Best practice
| Goal | In place? | ||
|---|---|---|---|---|
Yes | No | N/A | ||
Add details on targets | Add custom fields on the targets and populate them with adequate information. Chose information that will be useful to have access to when reading the report or managing the targets and/or risks. For example: System Owner, Datacenter, Rack slot, Geographical location or likewise. | |||
Add groups to match you reporting requirements | Add group that matches what you are required to report upon.
Note Optional in smaller organizations. | |||
Add groups for scheduling purpose | If you have many restrictions on when you can perform your scanning, consider adding target groups for the scheduling since that provides you with a tree structured overview instead of a list of schedules.
Note Optional in smaller organizations. | |||
Target assignment | Should there be a high number of users added to the tool, consider using the grouping system to have the same tree as overview of why can see and have access to what within the system.
Note Optional in smaller organizations. | |||
Dynamic groups | If possible, create Dynamic Target Groups that assign targets to their respective group automatically instead of relying on manual updates that may be performed or not on a regular basis. With the use of this type of groups their content will not become obsolete over time causing you to use time to re-organize them over and over. | |||
The Manage Targets Interface
The figure shows the Manage Targets main page which displays all the defined IP’s and target groups. The Manage Targets window consists of two areas, Target Groups and Targets.
Icon List
| Icon | Name | Description |
|---|---|---|
| New | Clicking New opens the Add New Targets window. The newly created targets will belong to the currently selected target group. |
| Show Groups | Show all target groups in which this target has been added to. |
| Audit Log | To see the changes made to a certain entry, right click on it and select Audit log. This show a dialog with all the changes made to the object that were made by you or one of the users that you administrate. |
| Lookup | Filter the target group grid. |
| Delete | Clicking Delete while having any targets selected deletes them from the system. Multiple targets can be selected for deletion by holding shift while selecting the targets.
Note Reports for the selected targets are not deleted. |
| Edit | To edit a target, right-click on it and select Edit. This allows you to set the Hostname, MAC Address, label the systems importance which is used to calculate CVSS scores, and set Virtual host, hidden URLs. It also includes settings to set target to override scan policy. |
| Export | To export data from the grid, right click on any entry and select either to export it as HTML or CSV (comma separated values) in the sub menu. This gives you either a HTML page or a CSV file with data that you can save or copy data from. |
| Settings | Global settings for Target Management |
| Scan | Create a scan schedule for the target group. |
| Label Target, Update from ServiceNow, Set Policies on Target | By right-clicking on a target you can choose to update specific labels or attributes on the target. |
| Show Scanner, Set Scanners on Targets | Lists or set scanners on targets groups. |
| Refresh | Refresh the grid |
| Label Targets,Update from ServiceNow, Set Policies on Targets | By right-clicking on a target group you can choose to update specific labels or attributes on the targets in that group. |
| Set Target Authentication | Select available authentication from a drop down menu |
| Column Menu | To add or remove columns, hover the mouse over any column name and click the down pointing arrow. |
Global Settings
Click on the Settings icon located in the top right corner to customize Manage Targets.
Target Settings
| Option | Description |
|---|---|
| Allow Target In Multiple Groups | Select this option to allow the targets to be placed in multiple groups |
| Calculate Next Scandate | Select this option if the system should calculate the next scan date for the schedules. Calculating the next scan date is resource-heavy so if you experience performance issues with the schedules view, disable this option. |
Inactive Targets Event Notification
| Option | Description |
|---|---|
| Consecutive Discovery Scans | Sets the number of event notifications sent on inactive targets. |
Adding Targets
The Target Groups grid is used to organize targets. Targets are the assets that can be managed in the system.
Create Target
To create a target:
- Open the Manage Targets module in Main Menu > Netsec > Manage Targets.
Click on + New in the Targets field to display the Add New Targets window.
Format Description fc00::23 IPv6 192.168.200.23|virtualhost,virtualhost IPv4 192.168.200.1/24 CIDR 192.168.200.3-192.168.200.15 IP range host.domain.com FQDN \\netbios_host netBIOS hostname Fill in the required information in the form fields and click Save.
Targets can also be imported from a Comma Separated Values (csv) file, LDAP/AD, or ServiceNow by clicking on respective Import/Upload button.
| Option | Description |
|---|---|
| New Target List | Add one or multiple targets using the presented help text.
Note Private IP addresses cannot be added when using OUTSCAN. |
| DNS Lookup | Select if a DNS look-up should be performed when adding the IP addresses to the system to get the host name in the system. |
| NetBIOS Lookup (HIAB only) | Select if a NetBIOS look-up should be performed when adding the IP addresses to the system to get the host name in the system. |
Scanner (HIAB only) | Set which scanner that should scan the defined targets. Default is set to local and that is referring to the machine that you are logged on to. If you have a distributed network with multiple scanners that is accepted by the scheduler, you will be able to choose which scanner to use in the drop-down menu. If you have a HIAB External license, the OUTSCAN scanner is also available in the drop-down and should be used if public IPs are to be scanned from the OUTSCAN SaaS solution. |
| Attributes | This option is used to add additional information about the target. This is displayed as a column with the given field name in the Managed Targets grid. |
| Upload From File | Import a previously exported target group file or custom Comma Separated Values (csv) file. |
| Import from LDAP/AD | Import targets from LDAP/AD. |
| Import From ServiceNow | Import targets from ServiceNow. |
Important
Certain tasks like adding a large/multiple networks can take a long time. When it takes more than 90 seconds, the progress can be viewed in the Task Viewer tab located at the bottom right of the task bar. Task Viewer appears for a user only if there is at least one task in the list. The three possible states for a task appearing in Task Viewer are:
- In Progress
- Done
- Error
Import from LDAP/AD
The Import from LDAP/AD button displays a window where you can select which targets to import into the HIAB.
| Option | Description |
|---|---|
| Search Filter | Standard LDAP search filter. See Search Filter Syntax on Windows Dev Center for more information. |
Import From ServiceNow
The Import from ServiceNow button displays a window where you can select which targets to import into the HIAB from ServiceNow.
| Option | Description |
|---|---|
| Table | Table name containing the targets in ServiceNow. |
| Tag | Tags are text labels in ServiceNow associated with items such as records and pages. |
| Asset Tag | The Asset tag refers to assets in ServiceNow Asset Management system. |
| Query | Search query to retrieve the ServiceNow targets. |
Upload From File
Adding targets from a CSV-file.
- Click the + New button in the Targets view.
- Click the Upload From File button.
Import the exported target group file or custom Comma Separated Values (csv) file by clicking the + button to select a file.
Option Description Upload From File Select a file to import. Separator Define what separator is used in the file.
- Tab
- Comma ( , )
- Semicolon ( ; )
- Colon ( : )
Text Delimiter Define what text delimiter is used in the file.
- Single Quote ( ' )
- Double Quote ( " )
Skip First Line Select this to skip the first line.
Ex. for a header line.- Click Next to continue.
- Once uploaded, continue with mapping the files information to the target by selecting the appropriate subject in the drop-down menus.
- Finish by clicking the Save button.
Inspecting and Editing Targets
Once targets have been added into a group it will look like this.
Note
Some of the columns does not get populated until the target has been scanned.
To add or remove columns, hover the mouse over any column name and click the down pointing arrow. Click Columns and select the columns you wish to add to the grid:
Options | Description |
| Agent ID | The Agent universally unique identifier (UUID). If blank, the agent has passed its end of life and should be updated. |
| Agent Last Synchronized | The last date when agent called home. |
| Agent Last Version | Agent Last Version column shows a boolean Yes or No when an O24 agent is installed on the target and respectively matches or does not match the last available agent version. |
| Agent Version | Current version of the agent. If blank, the agent has passed its end of life and should be updated. |
ARN | The Amazon Resource Name, used to find Amazon Web Services targets during scanning. |
Authentication | Flag if authentication is defined on this target. |
Authentication Result | The last results of when the authentication where used. |
Availability | The targets availability, used for CVSS score calculation. |
| Business Criticality | This attribute describes how important the target is.
|
| Call home frequency (minutes) | Agent call home frequency. The agent call home frequency depends on the amount of agents that is deployed. When setting up an agent for the first time, the agent call home frequency is set to one hour, but is recalculated after enrollment to avoid overloading the agent server when deploying large amounts of agents. |
CD Potential | The targets collateral damage potential, used for CVSS score calculation. |
Confidentiality | The targets confidentiality, used for CVSS score calculation. |
| Exposed | This attribute can be set to determine if the target is exposed to the internet or not. It is automatically set for certain IP ranges but can be changed later. |
Hidden URLs | A list of hidden URLs for the web app scanner to crawl. Hidden URLs are URLs that cannot be reached by crawling the default address. |
Host Name | The targets host name. |
Instance ID | Instance ID for Amazon Web Service targets. |
Integrity | The targets integrity, used for CVSS score calculation. |
IP Address | The IP address of the target. |
Last Discovery Date | The last date the IP was detected in a discovery scan. |
Latest Scan Date | The most recent date that a scan was run. |
Latest Scan Status | Status of the most recent scan. |
Latest Successful Scan Date | The date when the last successful scan was executed against this target. |
MAC Address | The targets MAC address. |
NetBIOS | The targets NetBIOS name. |
Next Scan Date | The next date and time when this target will be scanned. |
Override Scan Policy | Shows if the settings for the targets overrides the scan policy. This can be done by editing the target and setting specific scan settings for that target only. |
Platform | The detected OS platform of the target. |
Request Body Blacklist | Shows the request body blacklist for the target. |
Scan Update Signature Available | Shows if there is a scan update signature available for the target. |
Scanner (HIAB only) | Scans against the target will be executed by this scanner. Only visible when at least one scanner is registered. |
Target Distribution | The targets distribution, used for CVSS score calculation. |
URL Blacklist | Shows the URL Blacklist for the target. |
Uses License | Shows if this target is using your license or not. |
Virtual Host Names | Shows the hostnames of any virtual hosts. |
Edit Target
When right clicking on any target in the Target section the following menu are displayed:
Options | Description |
Show Groups | Show all target groups in which this target has been added to. |
| Perform DNS lookup | To perform a DNS lookup on an individual target, right-click on the target and select Perform DNS lookup. This tries to determine the targets host name and store that information in the system. |
Perform MAC Lookup | To perform a MAC lookup on the selected target, right-click on the target and select Perform MAC Lookup. |
| Perform NetBIOS lookup (HIAB only) | To perform a NetBIOS lookup on the selected target, right-click on the target and select Perform NetBIOS Lookup. |
| Label Targets | By right-clicking on a target you can choose to update specific labels or attributes on the target(s). |
| Update from ServiceNow | Update the target with information from ServiceNow. |
| Set Policies on Targets | Select policies for the target. |
| Scan | Create Scan Schedule for the selected target. |
| New | Add a new target. See Create_Target. |
| Delete | Clicking Delete while having any targets selected deletes them from the system. Multiple targets can be selected for deletion by holding shift while selecting the targets.
Note Reports for the selected targets are not deleted. |
Edit | To edit a target, right-click on it and select Edit. This allows you to set the Hostname, MAC Address, label the systems importance which is used to calculate CVSS scores, toggle the Exposed flag, and set Virtual host, hidden URLs. It also includes settings to set target to override scan policy. |
Audit log | To see the changes made to a certain entry, right click on it and select Audit log. This show a dialog with all the changes made to the object that were made by you or one of the users that you administrate. |
Export | To export data from the grid, right click on any entry and select either to export it as HTML or CSV (comma separated values) in the sub menu. This gives you either a HTML page or a CSV file with data that you can save or copy data from.
Note The CSV export function in the grid has a limit of 100k rows. |
Show Scan Results | Shows latest scan results for this target in the Reporting Tools. |
| Remove from group | Clicking on Remove from group while one or more targets have been selected, removes them from the group. |
To edit a target:
Right click on the specific target and select Edit.
The Maintaining Target window is displayed.
In the top of the window you find the general information about the target that you are editing such as:
| Options | Description |
|---|---|
| IP Address | The targets IP adress |
| Hostname | The targets hostname |
| MAC Address | The targets MAC adress
Note The field MAC-Address does not get populated until the target has been scanned. |
| Business criticality | The targets business criticality select from Low, Medium, High, or Criticality |
| Exposed | Toggle if the target is exposed on internet or not. |
| Scanner | Select scanner. Local or available scanners. |
The following tabs are present in the Maintaining Target window:
WEB Settings
Options | Description |
Virtual Hosts | If there are one or multiple virtual hosts on the target, you can add them here.
Note Up to 10 virtual hosts can be defined per target. |
Hidden URLs | Add URLs that cannot be crawled from the default site. URLs that are added here will be crawled separately. |
URL Blacklist | Add URLs that you would like the scanner NOT to scan. Most common blacklisted URL is the site’s logout URL to prevent the scanner from logging itself out. |
Request Body Blacklist | Add body blacklists. |
CVSS Score
Use the drop-down menus in this tab to evaluate the impact of a security breach on the target. Grade the availability, integrity, confidentiality, along with the Collateral Damage Potential and this will be considered when the CVSS score is being set. This is done to personalize the CVSS scores as some targets are more valuable than other.
Attributes
This tab is only displayed if the user has one or more custom attributes configured to be shown in Targets. This is to add the ability to add additional information about the target.
Note
Target attributes can be set in Main Menu > Settings > Account > Attributes tab.
See Attributes for information on how to add personal attributes columns.
Override Scan Policy
This tab will give you the ability to set what vulnerabilities will be searched/not searched for on this target. This will override the scan policy used for the scan of this target.
Note
For more information about scan policies, see Scan Scheduling document.
Authentication
Use this tab to fill in information that will help the scanner to authenticate against the target every time it gets scanned. Authentication allows the scanner to access registry keys and perform sudo-commands which greatly increases the scan accuracy.
SSH
See Authenticated Scanning using SSH for more information.
SMB
Contains the authentication settings and credentials used to enable Authenticated Scanning using SMB.
Note
For more information, see Authenticated Scanning using SMB.
Option | Description |
SMB domain | The SMB domain to use when scanning the remote host. |
SMB allow NTLMv1 | Whether to allow authentication using NTLMv1. |
SMB username | The username to use when attempting to log on to the remote host via SMB. |
SMB password | The password to use when attempting to log on to the remote host via SMB. |
Enable remote registry | If this option is checked, the scanner starts the Remote Registry Service using the provided user details and once finished, disable the service again. |
vSphere
Note
vSphere credentials are only used if a compliance scan is running. In addition, the target must have a ESXI compliance policy enabled.
Contains the authentication/configuration settings for the VMware vSphere. If configured, they are used when scanning targets running this service.
| Option | Description |
|---|---|
| vSphere username | The username to use when attempting to log on to vSphere. |
| vSphere password | The password to use when attempting to log on to vSphere. |
| Ignore certificate validation | Allows the authentication and operations to continue even if the vSphere certificate is not valid. |
CyberArk SSH
Contains the authentication settings and credentials used to enable Authenticated Scanning using CyberArk SSH.
Note
See Integrations for more information.
| Option | Description |
|---|---|
| Username | Provide your username to authenticate against CyberArk Server. |
| Object name | Check your CyberArk Vault administrator and provide the object name. |
| Override safe | Provide a different safe name in case you wish to override the existing safe name. |
| Override folder | Provide a different folder name in case you wish to override the existing folder names. |
CyberArk SMB
Contains the authentication settings and credentials used to enable Authenticated Scanning using CyberArk SMB.
Note
See Integrations for more information.
| Option | Description |
|---|---|
| Username | Provide your username to authenticate against CyberArk Server. |
| Object name | Check your CyberArk Vault administrator and provide the object name. |
| Override safe | Provide a different safe name in case you wish to override the existing safe name. |
| Override folder | Provide a different folder name in case you wish to override the existing folder names. |
| SMB domain | The SMB domain to use when scanning the remote host. |
| SMB allow NTLMv1 | Whether to allow authentication using NTLMv1. |
| Enable remote regestry | If this option is checked, the scanner starts the Remote Registry Service using the provided user details and once finished, disable the service again. |
Thycotic SSH /SMB
Contains the authentication settings and credentials used to enable Authenticated Scanning using Thycotic SSH or Thycotic SMB.
Note
See Integrations for more information.
| Option | Description |
|---|---|
| Thycotic Config | Select the config from the drop-down list. |
| Secret name | Provide the name of the Secret.
Note When the user provides a phrase, it searches for the name matching the given phrase. The first name matched is used. ${IP} will get replaced by the target IP. ${HOSTNAME} will get replaced by the host name of the target. |
| Override path | Provide a new path to cancel using the existing path. |
| SSH substitute user command | The use of the following commands is to execute commands with a different user/privilege escalation.
|
| SSH custom user command | This field is available when the user selects custom in the SSH substitute user command field. Add a custom command for escalating privilege. |
| SMB allow NTLMv1 | Check this box to enable the authentication using NTLMv1. |
| Enable remote registry | If enabled, the scanner initiates the Remote Registry service with the given details. Disable the service when the scan is finished. |
Compliance Scanning
The Compliance Scanning tab is available if you have a Compliance Scanning license.
Caution
The policies for the Compliance Scanning can be set only through Maintaining Scan Schedule window. Refer to Scan Scheduling guide for detailed information.
Databases
Use this tab to fill in information that will help the scanner to authenticate against a database on the target. This is only used when running a compliance scan and if a SQL database has been defined.
The settings for the database targets can be edited by right-click a database and and select edit in the menu.
Label Targets
- Right click the target.
- Select Label targets in list.
Select labels from drop-down menus.
Note that the checkbox to the left of the drop-down must be checked for the value to be set.
Option Description Exposed Yes/No Business criticality Low, Medium, High , Critical Collateral Damage Potential Not Defined, None, Low, Low-Medium, Medium-High, High Security Requirements - Availability Not Defined, Low, Medium, High Security Requirements - Integrity Not Defined, Low, Medium, High Security Requirements - Confidentiality Not Defined, Low, Medium, High Target distribution Not Defined, None, Low, Medium, High - Click Save.
Target Groups
The Target Groups area is used to organize targets. A target group can contain any number of targets and subgroups. This allows for organization of the targets to make them easy to navigate. A target can exist in more than one target group. The number next to the target group name represents the number of targets present in that group.
Built In Target Groups
A couple of special target groups are already built in the system by default:
All Targets: This group contains all the targets that have been added to the system.
Ungrouped contains all targets that are not in another group.
Populate the new groups with targets from these groups.
Create Target Group
To create a target group:
- Go to Main Menu > Netsec > Manage Targets.
- Click on + New in the Target Groups field and name the group.
Populate a Target Group
To populate a new group with already existing targets within another group:
- Select the Targets field to add to the new group, either by ctrl + select or shift + select multiple entries, then drag them to the group and release.
Edit a Target Group
Select a target group to edit and right click on the groups.
Targets
The edit menu allows you to:
Label Targets: By right-clicking on a target group you can choose to label all your targets. The labels are used to calculate CVSS scores. In the Label Targets window you can define exactly which fields that will be updated. See Label Targets section for more information.
Update from ServiceNow: If you have a ServiceNow license, The ServiceNow window displays the Username and URI that is used when updating an asset.
Set Policies on Target: Select policies for the group.
Set Target Authentication: This option allows you to define authentication on all targets currently present in the selected group. Choose from:
- None
- SSH
- SMB
- CyberArc SSH
- CyberArc SMB
- Thycotic SSH
- Thycotic SMB
Fill in the credentials and click the Test button to verify the credentials against the target.
SSH
| Option | Description |
|---|---|
| SSH username | Enter your SSH user name. |
| SSH password | Enter your SSH password. |
| SSH substitute user command |
|
| SSH custom user command | If custom is selected in SSH substitute user command then add it here. |
| SSH public key | Add or select public key. |
| SSH private key | Add or select private key. |
| SSH private key passphrase | Set a private key password. |
Test Credentials
Verify your credentials by selecting port and press the Test button
SMB
Option | Description |
|---|---|
| SMB Domain | SMB Domain which will authenticate the user. |
SMB allow NTLMv1 | Allow NTLM authentication over SMB. |
| SMB username | SMB username to be authenticated with. |
| SMB password | SMB password to be authenticated with. |
| Enable remote registry | Enable to be able to scan target registry. |
Test Credentials
Verify your credentials by pressing the Test button
CyberArk SSH
| Option | Description |
|---|---|
| Username | Username to be authenticated with. |
| Object name | The name of the object that stores the credentials. |
| Override safe | Override the CyberArk safe that contains the credentials. |
| Override folder | Override the CyberArk folder that contains the credentials. |
Test Credentials
Verify your credentials by pressing the Test button
CyberArk SMB
| Option | Description |
|---|---|
| Username | Username to be authenticated with. |
| Object name | The name of the object that stores the credentials. |
| Override safe | Override the CyberArk safe that contains the credentials. |
| Override folder | Override the CyberArk folder that contains the credentials. |
| SMB Domain | SMB Domain which will authenticate the user |
| SMB allow NTLMv1 | Allow NTLM authentication over SMB |
| Enable remote registry | Enable to be able to scan target registry |
Thycotic SSH /SMB
Refer to Thycotic for information about setting up Thycotic SSH or Thycotic SMB authentication.
Test Credentials
Verify your credentials by pressing the Test button.
Set Scanner on targets: This option sets the scanner for selected targets. Select available scanners from the drop-down menu.
Show Scanners: Displays a list of scanners that has been set for this group.
Delete Targets: Deletes the targets in the group.
Note
The targets will be deleted and not just removed from the group.
Perform DNS lookup: To perform a DNS lookup on all targets in a group, right click on the group and select Perform DNS lookup, this does a DNS lookup to get the targets host names in the system.
Perform MAC lookup: To perform a MAC address lookup on all targets in a group, right click on the group and select this option.
Perform NetBIOS lookup: To perform a NetBIOS lookup on all targets in a group, right click on the group and select Perform NetBIOS lookup, this does a NetBIOS lookup to get the targets NetBIOS names in the system.
Export target list: This option will display the targets within this group and any sub groups in a pop up window.
New dynamic group: This option will create a new dynamic group. A dynamic group is managed by the system so all targets that match the criteria for the group will automatically be added to the group. Targets that no longer matches the criteria will be removed. To create a group, first select a set of filters matching the criteria that the group should have.
Target Group
New: Allows you to add a new target group, as a subgroup to the currently selected target group. To move a target group in the hierarchy, use the drag and drop functionality.
Delete: Allows you to delete the group you have currently selected.
Edit: Lets you add a description to the selected group.
Scan: A scan can be started on a target group by right clicking on it and select Scan. From here you can set a Name, Scan Mode, Scan Policy, Scanning Frequency, and the start of the next scan.
| Option | Description |
|---|---|
| Name | Name the Scan Schedule. |
| Scan Mode | Select scan mode
|
| Scan Policy | Select scan policy from drop down menu. |
| Scanning Frequency |
|
| Next Scan | Set date and time for next scan. |
Audit Log: It is possible to right click on a group and check the audit entries related to that group.
Dynamic Target Groups
A dynamic group is managed by the system so all targets that match the criteria for the group will automatically be added to the group. Targets that no longer matches the criteria will be removed.
Example
Adding a filter on an IP-range makes sure that all targets within that range is part of the group. New targets being added within the same IP-range is automatically added to the group. Any number of filters can be applied when creating the group.
To create a dynamic group complete the following steps.
Creating a View From Filters
The first step is to create a filter in your view.
- Go to Main Menu > Netsec > Manage Targets.
- Select All targets in the Target Groups list on the left side of the Manage Targets window.
Open the Filters menu by hovering the mouse pointer over the heading of a column and click on the little down pointing arrow to open the Column menu.
Note
Different columns gives different filter options depending on the content of the columns.
- Select Filters and create a filter by writing a string or number in the All: field.
- After you have created a filter open the Column menu again and select Views.
- Select Save View.
- Enter a name for the view and click the Save button.
- Your new view is now created.
Create a Dynamic Group
Once a view has been created you can proceed to create a dynamic group from that view.
- Go to Main Menu > Netsec > Manage Targets.
- Select your view.
- Right click the group and select New dynamic group.
- Name the new target group.
When the new dynamic group is ready, all new targets that are added and covered by the filter will be displayed in this group.
You can create different dynamic groups based on different filters and sorting.
Update Dynamic Group
The Update dynamic group updates a dynamic group with a new set of filters, disregarding the old ones.
Copyright
© 2023 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.