XML API Interface Technical Document
This document is released as legacy documentation and is no longer updated.
Introduction
Using the Outpost24 XML API will allow your company or third parties to integrate the OUTSCAN or HIAB solution into your own applications using an extensible XML interface. This guide is intended for those who are going to use the Outpost24 XML API. Read the Getting Started section before you start developing your application.
Getting Started
This manual provides the technical guidance required to integrate to the Outpost24 platform using a proprietary, XML-based interface. This interface is designed to provide clients with a straightforward way of how to create a connection to Outpost24. It is easy to integrate into applications and requires skills and knowledge that are familiar to most web developers.
The Outpost24 XML API features a rich set of functions, which will allow you to customize the output and request different types of information from within the system. As you can see in the illustration below, all the things that you can do from the graphical user interface can be performed from the XML API.
Processing API Requests:
The server will allow you to do either GET or POST request but if you have a request which might transfer a larger amount of data in the parameters then it's wise to use the POST request instead since that is capable of handling larger requests.
The default date and time format used by the system is yyyy-MM-dd HH:mm (Java formatting style). The time format is 24 hours so the following is an example, which refers to last day of the year right before midnight: 2012-12-31 23:59
The time zone used in the system is GMT. If you need it in another time zone you need to convert it by yourself.
The character encoding used by the system is UTF-8.
All URI parameters that are used when requesting information are case sensitive.
Basic Information
The request for the API is done against either the OUTSCAN system or the HIAB appliance/instance.
If done against the against the OUTSCAN system the URI is the following:
https://outscan.outpost24.com/opi/XMLAPI
On the HIAB the XML API is located at the following URI:
https://hiab-ip/opi/XMLAPI
When connecting to the API you should use something that is referred to as an application token called APPTOKEN. This makes it possible for you to perform a single request with a predefined users access right.
Note that the token generated should be carefully protected since it will allow direct access with out the requirement of authentication. Should you test the request in a browser, regenerate the token afterwards when the solution is put into production since the old version has been stored in the browser history.
The token can be generated under Main Menu > Settings > Account > Security Policy. In the bottom of that screen you will have a selection called Application Access Token and this is the one that will provide you access to the API without performing multiple requests.
Once the token is generated, add it to any request that you would like to perform using the parameter APPTOKEN.
For example:
https://hiab-ip/opi/XMLAPI?ACTION=SCANLOG&APPTOKEN=xxxx
Note
Read the Appendix A to see how the responses are encapsulated in XML.Country Codes
A complete and up to date list of supported country codes by system can be retrieved from the system. Whenever the country field is given to the system it will be validated against these values. See Appendix E.
| Required Keys | |
|---|---|
| ACTION | COUNTRYDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=COUNTRYDATA
Example response:
<RESPONSE>
<RESPONSE/>
</RESPONSE>
| Response Keys | |
|---|---|
| TIMEZONE | The time zone used by this country. |
| VCAREACODE | The area code used for this country. |
| VCNAME | The name of the country. |
| XID | The unique identifier of the given object. |
Information In Session (License Information)
This Request will give you information regarding your license and other settings. The output below is a reflection of our test account and therefore some of these fields may not be present on your account.
| Required Keys | |
|---|---|
| ACTION | LOGINDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=LOGINDATA
Example response:
<RESPONSE>
<USERLIST>
<USER>
<NAME>Api Api</NAME>
<USERNAME>APIUSER</USERNAME>
<COMPANY>Outpost24.com</COMPANY>
<EMAIL>df@outpost24.com</EMAIL>
<MOBILE/>
<LASTLOGONDATE>2014-02-18 08:53</LASTLOGONDATE>
<NUMBER_LOGON>1113</NUMBER_LOGON>
<LASTLOGONIP>91.216.32.3</LASTLOGONIP>
<COUNTRYCODE>gb</COUNTRYCODE>
<COUNTRY>Sweden</COUNTRY>
<STATE>--</STATE>
<IS_SUBUSER>1</IS_SUBUSER>
<ALL_TARGETGROUPS>1</ALL_TARGETGROUPS>
<GMTOFFSET>0.00</GMTOFFSET>
<DATEFORMAT>Y-m-d</DATEFORMAT>
<TIMEFORMAT>H:i</TIMEFORMAT>
<SERVERTIME>2014-02-18 08:59</SERVERTIME>
<SHOWGUIDE>0</SHOWGUIDE>
<SHOWPCIINFO>1</SHOWPCIINFO>
<STARTDAYOFWEEK>1</STARTDAYOFWEEK>
<LANGUAGE>en</LANGUAGE>
<STARTPAGE>/js/plugins-4.1.129.12.js.gzip,/js/desktop-
4.1.129.12.js.gzip,/js/init-4.1.129.12.js.gzip,/js/pci_addon-4.1.129.12.js.gzip</STARTPAGE>
<SHOWMONITOR>0</SHOWMONITOR>
<MAXIP>8</MAXIP>
<MAXPCIIP>5</MAXPCIIP>
<SESSIONTIMEOUT>0</SESSIONTIMEOUT>
<AUDITTARGETMANAGEMENT>1</AUDITTARGETMANAGEMENT>
<AUDITSCHEDULEMANAGEMENT>0</AUDITSCHEDULEMANAGEMENT>
<AUDITSCANPOLICYMANAGEMENT>0</AUDITSCANPOLICYMANAGEMENT>
<AUDITRISKACCEPTANCE>0</AUDITRISKACCEPTANCE>
<AUDITCHANGERISKLEVEL>0</AUDITCHANGERISKLEVEL>
<CSRFVALIDATION>0</CSRFVALIDATION>
<MAXWEBAPPS>5</MAXWEBAPPS>
<P3DAYS>60</P3DAYS>
<P4DAYS>14</P4DAYS>
<P5DAYS>7</P5DAYS>
<PACTIVE>7</PACTIVE>
<P3LABEL>P3</P3LABEL>
<P4LABEL>P2</P4LABEL>
<P5LABEL>P1</P5LABEL>
<FORCEGROUPSCHEDULING>1</FORCEGROUPSCHEDULING>
<SCANPOLICYOWNERSHIP>0</SCANPOLICYOWNERSHIP>
<SERVICES>1</SERVICES>
<STRATEGY>1</STRATEGY>
<MANAGEDSERVICESLIMITED>0</MANAGEDSERVICESLIMITED>
<ACCEPTEDLENGTH>30</ACCEPTEDLENGTH>
<ACCEPTTARGETS>0</ACCEPTTARGETS>
<TWOFACTORAUTHENTICATIONMETHOD>0</TWOFACTORAUTHENTICATIONMETHOD>
<SHOWVALIDATIONRECOMMENDATION>0</SHOWVALIDATIONRECOMMENDATION>
<SUPERUSER>1</SUPERUSER>
<SCAN_SETTINGS>0</SCAN_SETTINGS>
<SCAN_REPORTS>0</SCAN_REPORTS>
<SCAN_SCHEDULING>0</SCAN_SCHEDULING>
<TARGET_ADD>0</TARGET_ADD>
<TARGET_DELETE>0</TARGET_DELETE>
<REPORT_DISABLE>0</REPORT_DISABLE>
<REPORT_DELETE>0</REPORT_DELETE>
<USERROLES_ADMIN>0</USERROLES_ADMIN>
<TARGETGROUP_ADMIN>0</TARGETGROUP_ADMIN>
<FINDING_ADMIN>0</FINDING_ADMIN>
<RECEIVE_EMAIL>0</RECEIVE_EMAIL>
<ACCEPT_RISKS>0</ACCEPT_RISKS>
<SCAN_VERIFY>0</SCAN_VERIFY>
<WEBAPPADMIN>0</WEBAPPADMIN>
<WEBAPPREPORTING>0</WEBAPPREPORTING>
<WEBAPPDELETEREPORT>0</WEBAPPDELETEREPORT>
<STOPSCAN>0</STOPSCAN>
<DASHBOARD>0</DASHBOARD>
<RECEIVE_SMS>0</RECEIVE_SMS>
<PCI_SUBUSER>0</PCI_SUBUSER>
<PCISCOPING>0</PCISCOPING>
<PCISCHEDULING>0</PCISCHEDULING>
<PCIREPORTING>0</PCIREPORTING>
<PCIDISPUTING>0</PCIDISPUTING>
<PCIEMAILADDRESS>df@outpost24.com</PCIEMAILADDRESS>
<SUBUSERXID>4710</SUBUSERXID>
<USERROLE>Super User</USERROLE>
<PRODUCT>OUTSCAN PCI OUTSCAN WAS HIAB SERVICES STRATEGY ,AGENT</PRODUCT>
<IS_ADMIN>1</IS_ADMIN>
<XID>114</XID>
<XIPARENTID>101</XIPARENTID>
<IS_SALES>1</IS_SALES>
<ISSERVICES>1</ISSERVICES>
<SYSTEM>OUTSCAN</SYSTEM>
<VERSION>4.1.129.39</VERSION>
</USER>
</USERLIST>
</RESPONSE>
| Response Keys | |
|---|---|
| ACCEPT_RISKS | Is the account allowed to accept risks. |
| ACCEPTEDLENGTH | The number of days the vulnerability has been accepted. |
| ACCEPTTARGETS | Boolean value if the user is allowed to accept. |
| ALL_TARGETGROUPS | Set to 1 if not all targets are available. |
| AUDITCHANGERISKLEVEL | Boolean flag if the user is required to supply an audit comment when changing a risk level for a report finding. |
| AUDITRISKACCEPTANCE | Boolean flag if the user is required to supply an audit comment when accepting a risk. |
| AUDITSCANPOLICYMANAGEMENT | Boolean flag if the user is required to supply an audit comment when doing a scan policy management. |
| AUDITSCHEDULEMANAGEMENT | Boolean flag if the user is required to supply an audit comment when doing a schedule management. |
| AUDITTARGETMANAGEMENT | Boolean flag if the user is required to supply an audit comment when doing a target management. |
| COMPANY | The name of the company for this account. |
| COUNTRY | The country for this account, See Country Codes section. |
| COUNTRYCODE | The country code for this account, See Country Codes section. |
| CSRFVALIDATION | Boolean flag if the Cross Site Request Forgery function should be enabled. |
| DASHBOARD | Can this account view the dashboard. |
| DATEFORMAT | The format that should be used when presenting dates. |
| Email address for this account. | |
| FINDING_ADMIN | Deprecated |
| FORCEGROUPSCHEDULING | Boolean flag which will enforce only use of groups if set. |
| GMTOFFSET | The offset from GMT used when displaying time information in this account. |
| ISSERVICES | Boolean flag whether this account can supply reports in the service. |
| IS_ADMIN | Boolean flag whether the account has administration rights. |
| IS_SALES | Boolean flag if this account is a sales organization. |
| IS_SUBUSER | Boolean flag whether account is a sub account. |
| LANGUAGE | The language for this account. See Country Codes section. |
| LASTLOGONDATE | The last date this account was logged on to. |
| LASTLOGONIP | From which IP the login occurred. |
| MANAGEDSERVICESLIMITED | Boolean flag if the service reports access can bi limited per sub user. |
| MAXIP | The maximum number of targets the account is allowed to use in the OUTSCAN system. |
| MAXPCIIP | The maximum number of targets the account is allowed to add to the PCI system. |
| MAXWEBAPPS | The maximum number of WEB applications this account is allowed to use. |
| MOBILE | Mobile/Cellphone number associated with this account. |
| NAME | The user name which was used during log in. |
| NUMBER_LOGON | The number of log in that this account has done since it was created. |
| P3DAYS | The Number of days before a task of priority level 3 is escalated. |
| P4DAYS | The Number of days before a task of priority level 4 is escalated. |
| P5DAYS | The Number of days before a task of priority level 5 is escalated. |
| P3LABEL | Text label for priority level 3. |
| P4LABEL | Text label for priority level 4. |
| P5LABEL | Text label for priority level 5. |
| PACTIVE | Boolean flag whether this account is active or not. |
| PCIDISPUTING | Can this account dispute PCI findings. |
| PCIEMAILADDRESS | The primary email address used for contact when doing PCI disputes. |
| PCIREPORTING | Can this account access PCI reports. |
| PCISCHEDULING | Can this account schedule PCI scans. |
| PCISCOPING | Can this account change PCI scope. |
| PCI_SUBUSER | Is this account a sub user in the PCI solution. |
| PRODUCT | A list of products which is associated with this account. |
| RECEIVE_EMAIL | Can this account receive report email. |
| RECEIVE_SMS | Can this account receive SMS notifications. |
| REPORT_DELETE | Can this account delete reports. |
| REPORT_DISABLE | Can the user mark findings as false positives. |
| SCANPOLICYOWNERSHIP | Boolean flag if newly created scan policies should be visible to all users. |
| SCAN_REPORTS | Can the user see reports. |
| SCAN_SCHEDULING | Can this account modify scan schedulings. |
| SCAN_SETTINGS | Can this account modify scan settings. |
| SCAN_VERIFY | Can this account perform verify scans. |
| SERVERTIME | The local time of the server. |
| SERVICES | Boolean flag whether this account has the service product. |
| SESSIONTIMEOUT | The session timeout in minutes. |
| SHOWGUIDE | Boolean value which tells if the guide should be showed upon login. |
| SHOWMONITOR | Boolean flag whether to display the monitor application in the menu. |
| SHOWPCIINFO | Boolean flag whether the PCI information window should be displayed. |
| SHOWRELEASENOTES | Boolean flag if release notes should be presented when you log in (Please note that this field may not be present). |
| SHOWVALIDATIONRECOMMENDATION | Boolean flag if the two factor tip should be displayed after log in. |
| STARTDAYOFWEEK | First day of week. |
| STARTPAGE | Internal value. Used by the GUI. |
| STATE | The state for this account. |
| STOPSCAN | Can this account stop running scans. |
| STRATEGY | Boolean flag whether this account has the strategy product. |
| SUBUSERXID | The unique id for this sub user. |
| SUPERUSER | Does this account have the same rights as the main account. |
| SYSTEM | The name of the system you have connected to. |
| TARGETGROUP_ADMIN | Can this account change target groups. |
| TARGET_ADD | Can this account add target. |
| TARGET_DELETE | Can this account remove target. |
| TIMEFORMAT | The format that should be used when presenting time. |
| TWOFACTORAUTHENTICATIONMETHOD | Method used for two factor authentication. |
| USERNAME | The user name which was used during login. |
| USERROLE | The roles the user is granted. |
| USERROLES_ADMIN | Can this account change the user roles. |
| VERSION | The version of the system you are connected to. |
| WEBAPPADMIN | Can this account manage web application settings. |
| WEBAPPDELETEREPORT | Can this account remove web application reports. |
| WEBAPPREPORTING | Can this account view application reports. |
| XID | The unique identifier of the given object. |
| XIPARENTID | The unique id for any parent object for this object within the system. |
State Codes
A complete and up to date list of supported state codes by the system can be retrieved from the system. Whenever the state field is given to the system it will be validated against these values. See Appendix F.
| Required Keys | |
|---|---|
| ACTION | STATEDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=STATEDATA
Example response:
<RESPONSE>
<RESPONSE/>
</RESPONSE>
| Response Keys | |
|---|---|
| COUNTRXID | The country id. |
| TIMEZONE | The time zone used by this state. |
| VCNAME | The name of the state. |
| XID | The short form of the name for this state. |
Account
This section describes how to change user name, password, and any account details.
See the List Account section for information about the meaning of the different fields that can be changed.
It also reports any restraints that may be present on your account, for example if you do not have access to all targets.
Update Account
This section describes how you can change user name, password, and other account details.
| Required Keys | |
|---|---|
| ACTION | UPDATEACCOUNTDATA |
Optional Keys
Along with the above required key you can also submit any of the additional keys in case you would like to update them.
| Optional Keys | |
|---|---|
| LANGUAGE | The language set on the user profile. |
| PASSWD1 | Change password, you are required to submit PASSWD1, PASSWD2, and VCOLDPASSWORD in order to update it. |
| PASSWD2 | Change password, you are required to submit PASSWD1, PASSWD2, and VCOLDPASSWORD in order to update it. |
| SESSIONTIMEOUT | The timeout value used when determine if the users session should be considered invalid. |
| VCCOUNTRY | The country the user is located in. |
| VCEMAIL | The users email address within the system. |
| VCFIRSTNAME | The first name (spoken name) of the user. |
| VCLASTNAME | The last name (surname) of the user. |
| VCOLDPASSWORD | Change password, you are required to submit PASSWD1, PASSWD2, and VCOLDPASSWORD in order to update it. |
| VCPHONEDAY | The phone number of the user. |
| VCPHONEMOBILE | The mobile phone number of the user. |
| VCUSERNAME | The name of the user which we would like to log in to. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=UPDATEACCOUNTDATA
Note
The above given request generates a generic response.
More information about this response type is available in Appendix A.
List Account
This function allows you to see the settings on your account along with any restrictions that may be present.
| Required Keys | |
|---|---|
| ACTION | ACCOUNTDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XDI=-1&ACTION=ACCOUNTDATA
Example response:
<RESPONSE>
<USERLIST>
<USER>
<XID>4710</XID>
<VCFIRSTNAME>Api</VCFIRSTNAME>
<VCLASTNAME>Api</VCLASTNAME>
<VCFULLNAME>Api Api</VCFULLNAME>
<PARENT>Top Level</PARENT>
<VCEMAIL>df@outpost24.com</VCEMAIL>
<BACTIVE>1</BACTIVE>
<VCUSERNAME>APIUSER</VCUSERNAME>
<DLASTLOGON>2014-02-18 08:59</DLASTLOGON>
<ILOGON>1114</ILOGON>
<XISUBPARENTID>-1</XISUBPARENTID>
<ITEST>-1</ITEST>
<IFAILEDLOGON>0</IFAILEDLOGON>
<BSUBUSER>1</BSUBUSER>
<VCPASSWORD>$2a$10$8RTdaJZ0NIz/ne8GEKkAWO.RYCyw/.Uw0Mn3xTHheFN95u4LS/e0u</VCPASSWORD>
<IEMAILTYPE>1</IEMAILTYPE>
<BSECURITYEMAIL>1</BSECURITYEMAIL>
<BREPORTTYPE>0</BREPORTTYPE>
<BDISCOVERYEMAIL>1</BDISCOVERYEMAIL>
<XVCIP>91.216.32.3</XVCIP>
<DEMAIL>2012-10-30 12:58</DEMAIL>
<BREMOVEREPORT>0</BREMOVEREPORT>
<BOALLHOSTS>1</BOALLHOSTS>
<BSMSREPORT>0</BSMSREPORT>
<IDATASOURCE>0</IDATASOURCE>
<STATE>--</STATE>
<VCCOUNTRY>gb</VCCOUNTRY>
<COUNTRY>United Kingdom</COUNTRY>
<VCSTATE>--</VCSTATE>
<STATE>--</STATE>
<GROUPLIST/>
<TARGETLIST/>
<USERGROUPLIST/>
<SCANNERLIST/>
<ALLSCANNERS>1</ALLSCANNERS>
<VCCOMPANY>Outpost24.com</VCCOMPANY>
<GMTOFFSET>0.00</GMTOFFSET>
<LANGUAGE>en</LANGUAGE>
<DATEFORMAT>Y-m-d</DATEFORMAT>
<TIMEFORMAT>H:i</TIMEFORMAT>
<AUTHENTICATIONMETHOD>0</AUTHENTICATIONMETHOD>
<SHOWGUIDE>0</SHOWGUIDE>
<STARTDAYOFWEEK>1</STARTDAYOFWEEK>
<XPATHUP>,4710,</XPATHUP>
<XOSIP>8</XOSIP>
<XOSSCAN>1</XOSSCAN>
<XPCIIP>5</XPCIIP>
<XPCISCAN>0</XPCISCAN>
<XHIABEXTERNALIP>0</XHIABEXTERNALIP>
<XHIABIP>-1</XHIABIP>
<XHIABSCHEDULE>-1</XHIABSCHEDULE>
<XHIABSCHEDULEADD>0</XHIABSCHEDULEADD>
<XHIABMERGE>0</XHIABMERGE>
<XHIABCLOSED>0</XHIABCLOSED>
<MAXWEBAPPS>5</MAXWEBAPPS>
<WEBAPPSCANS>0</WEBAPPSCANS>
<WEBAPPSCANSLEFT>4</WEBAPPSCANSLEFT>
<WEBAPPTRIAL>0</WEBAPPTRIAL>
<EXTERNALWEBAPPSCANSLEFT>0</EXTERNALWEBAPPSCANSLEFT>
<HIABEXTERNALWEBAPPS>0</HIABEXTERNALWEBAPPS>
<XOOSIP>0</XOOSIP>
<XOOSSCHEDULE>0</XOOSSCHEDULE>
<XOOSSCHEDULEADD>0</XOOSSCHEDULEADD>
<XOOSCLOSED>0</XOOSCLOSED>
<ISECURITYLEFT>2</ISECURITYLEFT>
<IPCISCANSLEFT>5</IPCISCANSLEFT>
<IEXTERNALSCANSLEFT>0</IEXTERNALSCANSLEFT>
<SUPERUSER>1</SUPERUSER>
<RISKAGE>60</RISKAGE>
<CUSTOMCOMPANYNAME>My company</CUSTOMCOMPANYNAME>
<CUSTOMREPORTHEADER>Custom header text</CUSTOMREPORTHEADER>
<CUSTOMREPORTFOOTER>Custom footer text</CUSTOMREPORTFOOTER>
<WASMAXIMUMLINKS>2000</WASMAXIMUMLINKS>
<PASSWORDAGE>356</PASSWORDAGE>
<TICKETPARENT>-1</TICKETPARENT>
<PACTIVE>31</PACTIVE>
<ALLWEB>1</ALLWEB>
<AUTOMATICGMT>1</AUTOMATICGMT>
<CHANGEPASSWORDONLOGON>0</CHANGEPASSWORDONLOGON>
<SYSTEMNOTIFICATIONS>0</SYSTEMNOTIFICATIONS>
<TWOFACTORAUTHENTICATION>0</TWOFACTORAUTHENTICATION>
<MAXIP>8</MAXIP>
<MAXSCAN>1</MAXSCAN>
<MAXPCIIP>5</MAXPCIIP>
<MAXPCISCAN>0</MAXPCISCAN>
<BOEMAIL>1</BOEMAIL>
<BOSETTINGS>1</BOSETTINGS>
<BOREPORTS>1</BOREPORTS>
<BOSCHEDULES>1</BOSCHEDULES>
<BSUBADMIN>1</BSUBADMIN>
<BOADMINGROUPS>1</BOADMINGROUPS>
<BHADMIN>1</BHADMIN>
<BOWAIVER>1</BOWAIVER>
<BOSMS>1</BOSMS>
<BODISABLE>1</BODISABLE>
<BHMONITOR>1</BHMONITOR>
<BOVULTEXT>1</BOVULTEXT>
<BODELETEIP>1</BODELETEIP>
<BODELETEREPORT>1</BODELETEREPORT>
<BADMINUSERGROUP>1</BADMINUSERGROUP>
<BACCEPTRISK>1</BACCEPTRISK>
<PCISCOPING>1</PCISCOPING>
<PCISCHEDULING>1</PCISCHEDULING>
<PCIREPORTING>1</PCIREPORTING>
<PCIDISPUTING>1</PCIDISPUTING>
<WEBAPPADMIN>1</WEBAPPADMIN>
<WEBAPPREPORTING>1</WEBAPPREPORTING>
<WEBAPPDELETEREPORT>1</WEBAPPDELETEREPORT>
<FORCEGROUPSCHEDULING>1</FORCEGROUPSCHEDULING>
<MANAGEDSERVICES>1</MANAGEDSERVICES>
<MANAGEDSERVICESCOMMENT>1</MANAGEDSERVICESCOMMENT>
<VERIFYSCAN>1</VERIFYSCAN>
<STOPSCAN>1</STOPSCAN>
<DASHBOARD>1</DASHBOARD>
</USER>
</USERLIST>
</RESPONSE>
| Response Keys | |
|---|---|
| ALLSCANNERS | Boolean flag which determines if the account has access to all scanners (only valid in a distributed HIAB environment). |
| ALLWEB | Boolean flag if the account has access to all web application scanning scopes. |
| AUTHENTICATIONMETHOD | Flag for determining if the user is authenticated via the internal system or a LDAP/AD solution. |
| AUTOMATICGMT | Boolean flag which will automatically set the GMT offset if true (will use the country details for this). |
| BACCEPTRISK | Set if the account is allowed to accept risks in the report section. |
| BACTIVE | Set if the account is enabled. |
| BADMINUSERGROUP | Set if the account is able to administer user roles. |
| BDISCOVERYEMAIL | Set if the account is allowed to receive discovery results e-mails. |
| BHADMIN | Set if the account is allowed to perform HIAB administrative tasks. |
| BHMONITOR | Set if the account is allowed to use the monitor utility. |
| BOADMINGROUPS | Set if the account is allowed to administer groups. |
| BOALLHOSTS | Set if the account has access to all targets. |
| BODELETEIP | Set if the account is able to delete targets from the system. |
| BODELETEREPORT | Set if the account is able to remove report from the system. |
| BODISABLE | Set if the account is able to disable scripts. |
| BOEMAIL | Set if the account is allowed to receive email notifications. |
| BOREPORTS | Set if the account is allowed to read reports. |
| BOSCHEDULES | Set if the account is allowed to schedule scans. |
| BOSETTINGS | Set if the account is allowed to change scan settings on schedules (scan policies). |
| BOSMS | Set if the account is allowed to receive SMS notifications. |
| BOVULTEXT | Set if the account is allowed to comment vulnerabilities. |
| BOWAIVER | Set if the account has accepted the waiver. |
| BREMOVEREPORT | Set if the report should be removed after it has been sent out via e-mail. |
| BREPORTTYPE | The report type that should be included in the e-mail. |
| BSECURITYEMAIL | Set if the report should be sent out in a e-mail. |
| BSMSREPORT | Set if the account is allowed to receive SMS notifications on reports. |
| BSUBADMIN | Set if the account is allowed to administer sub users. |
| BSUBUSER | Set if the account is a sub user. |
| CHANGEPASSWORDONLOGON | Set if the password is required to be updated upon the initial log in. |
| COUNTRY | The country for this account. |
| CUSTOMCOMPANYNAME | The defined custom company name for this account. |
| CUSTOMREPORTFOOTER | Custom text which will be available in the footer of the exported PDF report. |
| CUSTOMREPORTHEADER | Custom text which will be available in the header of the exported PDF report. |
| DASHBOARD | Boolean flag if the user have access to the dashboard. |
| DATEFORMAT | The date format which will be used when presenting date information within the system. |
| DEMAIL | The date when the initial e-mail was sent out. |
| DLASTLOGON | The date when the account last logged on to the system. |
| EXTERNALWEBAPPSCANSLEFT | The number of external web applications scans that are left on this account. |
| FORCEGROUPSCHEDULING | Flag if you are forced to use the groups instead of free text target definition in the schedule section. |
| GMTOFFSET | The offset from GMT where this user is located (used to display the correct local time in the system). |
| GROUPLIST/ | Comma separated list of granted groups for this account. |
| HIABEXTERNALWEBAPPS | The total number of external web application scans for this account. |
| IDATASOURCE | Deprecated |
| IEMAILTYPE | The type of to send out (HTML/text). |
| IEXTERNALSCANSLEFT | The number of external scan left on this account. |
| IFAILEDLOGON | The number of failed login on this account. |
| ILOGON | The total number of login on this account. |
| IPCISCANSLEFT | The number of PCI scans left on this account. |
| ISECURITYLEFT | The number of scans left on this account . |
| ITEST | The number of scans on this account. |
| LANGUAGE | The language for this account. |
| MANAGEDSERVICES | Boolean flag if the user has managed service. |
| MANAGEDSERVICESCOMMENT | Comment on the manager service. |
| MAXIP | The maximum number of IPs allowed to be defined on this account. |
| MAXPCIIP | The maximum number of PCI IPs allowed to be defined on this account. |
| MAXPCISCAN | The maximum number of PCI scans allowed to be defined on this account. |
| MAXSCAN | The maximum number of scans allowed to be defined on this account. |
| MAXWEBAPPS | The maximum number of web application scans allowed to be defined on this account. |
| PACTIVE | Set if parent account is enabled. |
| PARENT | The parent id. |
| PASSWORDAGE | The maximum age of a password before you are required to change it. |
| PCIDISPUTING | Set if the account is allowed to dispute PCI findings. |
| PCIREPORTING | Set if the account is allowed to see PCI reports. |
| PCISCHEDULING | Set if the account is allowed to schedule PCI scans. |
| PCISCOPING | Set if the account is allowed to change PCI scoping. |
| RISKAGE | The maximum age of a risk before it violates the company policy. |
| SCANNERLIST | List of granted scanners for this account. |
| SHOWGUIDE | Set if the initial guide will be displayed upon log in. |
| STARTDAYOFWEEK | Value for determining which is the first date of the week. |
| STATE | The state which the user is located within. |
| STOPSCAN | Boolean flag if the user is allowed to stop scans. |
| SUPERUSER | Set if the user has the same access rights as the main account holder. |
| SYSTEMNOTIFICATIONS | Boolean flag if system notifications should be sent out to this user. |
| TARGETLIST | The target list as accepted by the graphical user interface. |
| TICKETPARENT | The parent account which will receive any tickets assigned to this user if they haven't been resolved within the defined due date. |
| TIMEFORMAT | The time format to use when displaying time throughout the system. |
| TWOFACTORAUTHENTICATION | Boolean value if two factor authentication is required. |
| USERGROUPLIST | List of assigned user roles for this account. |
| VCCOMPANY | The company name for this account. |
| VCCOUNTRY | The country for this account. |
| VCEMAIL | The e-mail address associated with this account. |
| VCFIRSTNAME | The first name of the user. |
| VCFULLNAME | The full name (both first and last name) of the user. |
| VCLASTNAME | The surname of the user. |
| VCPASSWORD | The password for the user which we try to log in with. |
| VCSTATE | Current state of the scan. |
| VCUSERNAME | The name of the user which we would like to log in to. |
| VERIFYSCAN | Boolean flag if the user can perform verify scan. |
| WASMAXIMUMLINKS | The maximum number of WAS links that this user can scan. |
| WEBAPPADMIN | Set if the account can administer the WAS module. |
| WEBAPPDELETEREPORT | Set if the account is allowed to delete WAS reports. |
| WEBAPPREPORTING | Set if the account is allowed to see WAS reports. |
| WEBAPPSCANS | Number of WAS scans in total. |
| WEBAPPSCANSLEFT | Number of WAS scans left on this account. |
| WEBAPPTRIAL | Set if the accounthas a trial account for the WAS module. |
| XHIABCLOSED | Set if the accountHIAB has been disabled. |
| XHIABEXTERNALIP | The number of external IPsthat the HIAB can have defined. |
| XHIABIP | The number of IPs allowed on this HIAB. |
| XHIABMERGE | Deprecated |
| XHIABSCHEDULE | The number of scans for this account. |
| XHIABSCHEDULEADD | The number of scans to add for this account. |
| XID | The unique identifier of the given object. |
| XISUBPARENTID | The unique id for any parent object for this object within the system. |
| XOOSCLOSED | Deprecated |
| XOOSIP | Deprecated |
| XOOSSCHEDULE | Deprecated |
| XOOSSCHEDULEADD | Deprecated |
| XOSIP | Deprecated |
| XOSSCAN | Deprecated |
| XPATHUP | Internal use only. |
| XPCIIP | The number of PCI targets that this account is allowed to have. |
| XPCISCAN | The number of PCI scans that this account is allowed to perform. |
| XVCIP | The IP number which this account logged on from the last time. |
Attributes
In the system you can create additional attributes which can be made available in different sections.
You can for instance add a Business function field so that this information can be defined and visible in the exported reports if required. It is also possible to define these attributes on users so that you for instance can add his/her role within the company.
The combo type allows you to define a drop down menu which contains static values (this can be used to prevent input errors due to spelling errors).
Update Attribute
This request will allow you to redefine the attribute (and also disable it since it cannot be removed). Within the system you can have 10 attributes defined at the same time
| Required Keys | |
|---|---|
| ACCEPTABLEVALUES | This field allows you to define which values are accepted for this specific attribute. |
| ACTION | UPDATEATTRIBUTEDATA |
| BACTIVE | Boolean flag if this attribute is active. |
| COLUMNID | The unique column identifier for this attribute. Up to 10 are allowed to be defined. |
| EXPORTREPORT | Boolean flag if this attribute is available in exported reports. |
| FIELDTYPE | The field type defines what type this field has. |
| NAME | The name of the attribute. |
| ONUSER | Boolean flag if this attribute is available on users. |
| REPORTING | Boolean flag if this attribute is available in reporting. |
| REQUIRED | Boolean flag if this attribute is required to have a value. |
| TARGET | The target that this entry is about. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?NAME=Test&COLUMNID=1&FIELDTYPE=3&REPORTING=1&TARGET=1&ACCEPTABLEVALUES=1-10&REQUIRED=1&BACTIVE=1&ACTION=UPDATEATTRIBUTEDATA&ONUSER=1&EXPORTREPORT=3
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Attributes
Additional attributes are possible to define in the system. These can for instance be defined as additional values which can be made availble in the target, user or report section.
| Required Keys | |
|---|---|
| ACTION | ATTRIBUTEDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=ATTRIBUTEDATA
Example response:
<RESPONSE>
<USERLIST>
<USER>
<XID>7884</XID>
<COLUMNID>0</COLUMNID>
<XUSERXID>114</XUSERXID>
<NAME>Geographic location</NAME>
<BACTIVE>1</BACTIVE>
<ONUSER>0</ONUSER>
<TARGET>1</TARGET>
<REPORTING>1</REPORTING>
<SCHEDULING>0</SCHEDULING>
<REQUIRED>0</REQUIRED>
<FIELDTYPE>0</FIELDTYPE>
<EXPORTREPORT>1</EXPORTREPORT>
</USER>
</USERLIST>
</RESPONSE>
| Required Keys | |
|---|---|
| ACCEPTABLEVALUES | This field allows you to define which values are accepted for this specific attribute. |
| BACTIVE | Boolean flag if this attribute is active. |
| COLUMNID | The unique column identifier for this attribute. Up to 10 are allowed to be defined. |
| EXPORTREPORT | Boolean flag if this attribute is available in exported reports. |
| FIELDTYPE | The field type defines what type this field has. |
| NAME | The name of the attribute. |
| ONUSER | Boolean flag if this attribute is available on users. |
| REPORTING | Boolean flag if this attribute is available in reporting. |
| REQUIRED | Boolean flag if this attribute is required to have a value. |
| SCHEDULING | Should this attribute be available in the schedule section. |
| TARGET | The target that this entry is about. |
| XID | The unique identifier of the given object. |
| XUSERXID | The unique user id. |
Manage User Accounts
This section describes how to add sub users and define their access rights and roles. An unlimited amount of sub users can be added to the system and they can also be added in an hierarchy so that you can define users that will manage and maintain other users.
The user roles will give you the possibility to create roles within the system that will fit your organization. For example, if you have managers that only should be able to receive reports, they can simply be added and restricted to only perform such action within the system.
User Roles
The user roles are predefined roles which can be assigned to multiple users which will help you when managing the access to the different actions which can be performed within the system.
You can for example create user roles like the following:
Manager
SOC - Team
System owner
Vulnerability Manager - User
Vulnerability Manager - Manager
DBA
Developer
Network administrator
It is of course also possible to make them user specific if you have a smaller organization:
Jane Doe
John Smith
Update User Roles
In order to add or update an user role you need to supply the following parameter.
| Required Keys | |
|---|---|
| ACTION | UPDATEUSERGROUPDATA |
| VCNAME | Name of the user role. |
Optional Keys
If you would like to create a new role you would enter "-1" (or not supply it at all) as the value for the XID parameter but if you would like to update an already present role you need to supply the unique identification number for that role in that field instead.
| Optional Keys | |
|---|---|
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?VCNAME=RemovemeAPI&ACTION=UPDATEUSERGROUPDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List User Roles
The user roles are predefined roles which can be assigned to multiple users which will help you when managing the access to the different actions which can be performed within the system.
| Required Keys | |
|---|---|
| ACTION | UPDATEUSERGROUPDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=USERGROUPDATA
Example response:
<RESPONSE>
<USERGROUPLIST>
<USERGROUP>
<XID>54</XID>
<VCNAME>My User Role</VCNAME>
<BOSETTINGS>1</BOSETTINGS>
<BOREPORTS>0</BOREPORTS>
<BOSCHEDULES>1</BOSCHEDULES>
<BSUBADMIN>0</BSUBADMIN>
<BOEMAIL>0</BOEMAIL>
<BOADMINGROUPS>1</BOADMINGROUPS>
<BHADMIN>0</BHADMIN>
<BOWAIVER>1</BOWAIVER>
<BOSMS>0</BOSMS>
<BODISABLE>0</BODISABLE>
<BHMONITOR>0</BHMONITOR>
<BOVULTEXT>0</BOVULTEXT>
<BODELETEIP>1</BODELETEIP>
<BODELETEREPORT>0</BODELETEREPORT>
<BADMINUSERGROUP>1</BADMINUSERGROUP>
<BACCEPTRISK>0</BACCEPTRISK>
<PCISCOPING>0</PCISCOPING>
<PCIREPORTING>0</PCIREPORTING>
<PCISCHEDULING>0</PCISCHEDULING>
<PCIDISPUTING>0</PCIDISPUTING>
<WEBAPPADMIN>0</WEBAPPADMIN>
<FORCEGROUPSCHEDULING>0</FORCEGROUPSCHEDULING>
<WEBAPPREPORTING>0</WEBAPPREPORTING>
<WEBAPPDELETEREPORT>0</WEBAPPDELETEREPORT>
<MANAGEDSERVICES>0</MANAGEDSERVICES>
<MANAGEDSERVICESCOMMENT>0</MANAGEDSERVICESCOMMENT>
<VERIFYSCAN>0</VERIFYSCAN>
<DASHBOARD>0</DASHBOARD>
<STOPSCAN>1</STOPSCAN>
</USERGROUP>
</USERGROUPLIST>
</RESPONSE>
| Response Keys | |
|---|---|
| BACCEPTRISK | Can the user mark a risk as accepted. |
| BADMINUSERGROUP | Can the user administer user roles. |
| BHADMIN | Can the user restart the HIAB and setup the HIAB settings, such as backup and networking. |
| BHMONITOR | Can the user access the network monitor module. |
| BOADMINGROUPS | Can the user administer targets and target groups. |
| BODELETEIP | Can the user delete targets. |
| BODELETEREPORT | Can the user delete scans. |
| BODISABLE | Can the user mark a vulnerability as false positive. |
| BOEMAIL | Can the user receive scan report e-mails. |
| BOREPORTS | Can the user show scan reports. |
| BOSCHEDULES | Can the user administer scan schedules. |
| BOSETTINGS | Can the user administer scanning policies. |
| BOSMS | Is the user allowed to receive SMS notifications. |
| BOVULTEXT | Can the user change vulnerability comments. |
| BOWAIVER | Should the waiver be displayed to the user. |
| BSUBADMIN | Set if the account is allowed to administer sub users. |
| DASHBOARD | Boolean flag if the user have access to the dashboard. |
| FORCEGROUPSCHEDULING | If enabled then no Target List section will be available in the Scheduling section. |
| MANAGEDSERVICES | Can the user access the managed report section. |
| MANAGEDSERVICESCOMMENT | Can the user add comments to managed reports. |
| PCIDISPUTING | Can the user dispute findings in the PCI reports. |
| PCIREPORTING | Can the user access the PCI reporting section. |
| PCISCHEDULING | Can the user change the PCI scheduling. |
| PCISCOPING | Can the user change the PCI scoping. |
| STOPSCAN | Can the user stop running scans. |
| VCNAME | Name of the user role. |
| VERIFYSCAN | Can the user perform verify scans. |
| WEBAPPADMIN | Can the user administer the web application scanner. |
| WEBAPPDELETEREPORT | Can the user remove the web application scans. |
| WEBAPPREPORTING | Can the user access the web application scan reports. |
| XID | The unique identifier of the given object. |
Remove User Role
In order to remove an already defined user role you need the unique identification number for that specific role. This is received from the list of already defined user roles ( See section: List User Roles).
| Required Keys | |
|---|---|
| ACTION | REMOVEUSERGROUPDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=4020&ACTION=REMOVEUSERGROUPDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Users Accounts
The user account section contains information regarding how your account or sub accounts are defined.
This is also the location where you can change the password on you account. The account details will also provide you with any limitations that may be present on the defined sub accounts within the system.
Update Account
In order to add or update an user account you need to supply the following parameters. If you would like to create a new account you would enter "-1" as the value for the XID parameter but if you would like to update an already present account you need to supply the unique identification number for that role in that field instead.
| Required Keys | |
|---|---|
| ACTION | UPDATESUBACCOUNTDATA |
| VCCOUNTRY | The country for this account. |
| VCEMAIL | The e-mail address associated with this account. |
| VCFIRSTNAME | The first name of the user. |
| VCLASTNAME | The surname of the user. |
| VCUSERNAME | The name of the user which we would like to log in to. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?VCUSERNAME=removemeapi&VCLASTNAME=removemeapi&XID=-1&VCCOUNTRY=se&VCFIRSTNAME=removemeapi&VCEMAIL=removemeapi@outpost24.com@ACTION=UPDATESUBACCOUNTDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Accounts
In order to see the available defined user roles which you can assign to your sub users you need to retrieve a list of them where you will get the unique identification number of it (XID).
The request has the following parameters:
| Required Keys | |
|---|---|
| ACTION | SUBACCOUNTDATA |
Example Request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=SUBACCOUNTDATA
Example Response:
<RESPONSE>
<USERLIST>
<USER>
<XID>2138</XID>
<VCFIRSTNAME>Jane</VCFIRSTNAME>
<VCLASTNAME>Doe</VCLASTNAME>
<VCFULLNAME>Jane Doe</VCFULLNAME>
<PARENT>Top Level</PARENT>
<VCEMAIL>df@outpost24.com</VCEMAIL>
<BACTIVE>1</BACTIVE>
<VCUSERNAME>OUPOST24SUBUSER</VCUSERNAME>
<BSUBADMIN>0</BSUBADMIN>
<DLASTLOGON>2012-05-25 12:54</DLASTLOGON>
<DCREATED>2009-06-25 11:54</DCREATED>
<ILOGON>11</ILOGON>
<XISUBPARENTID>-1</XISUBPARENTID>
<IEMAILTYPE>1</IEMAILTYPE>
<COUNTRY>Sweden</COUNTRY>
<AUTHENTICATIONMETHOD>0</AUTHENTICATIONMETHOD>
<SHOWGUIDE>1</SHOWGUIDE>
<STARTDAYOFWEEK>1</STARTDAYOFWEEK>
<USERGROUPLIST>2996,</USERGROUPLIST>
<SUPERUSER>0</SUPERUSER>
<GROUPLIST>21666,21671,</GROUPLIST>
<SCANNERLIST/>
<ALLSCANNERS>1</ALLSCANNERS>
<WASMAXIMUMLINKS>2000</WASMAXIMUMLINKS>
<TICKETPARENT>0</TICKETPARENT>
<XPATHUP>,2138,</XPATHUP>
<USERGROUPNAMES>DBA</USERGROUPNAMES>
<TARGETLIST/>
<BOALLHOSTS>0</BOALLHOSTS>
<SYSTEMNOTIFICATIONS>0</SYSTEMNOTIFICATIONS>
<TWOFACTORAUTHENTICATION>0</TWOFACTORAUTHENTICATION>
</USER>
</USERLIST>
</RESPONSE>
| Response Keys | |
|---|---|
| ALLSCANNERS | Boolean flag which determines if the account has access to all scanners (only valid in a distributed HIAB environment). |
| AUTHENTICATIONMETHOD | Flag for determining if the user is authenticated via the internal system or a LDAP/AD solution. |
| BACTIVE | Set if your account is enabled. |
| BOALLHOSTS | Boolean value if the user has access to all OUTSCAN hosts. |
| BSUBADMIN | Set if the account is allowed to administer sub users. (Please note that this field may not be present). |
| COUNTRY | The country for this account. |
| CUSTOM1 | Custom attributed defined on either an user or a target. (Please note that this field may not be present). |
| DCREATED | The date when this account was created. |
| DEMAIL | The date when the initial eamil was sent out. |
| DLASTLOGON | The date when the account last logged on to the system. |
| GROUPLIST | Comma separated list of granted groups for this account. |
| IEMAILTYPE | The type of email to send out (HTML/text). |
| ILOGON | The total number of logins on this account. |
| PARENT | The parent account for this account. |
| SCANNERLIST | List of granted scanners for this account. |
| SHOWGUIDE | Set if the initial guide will be displayed upon log in. |
| STARTDAYOFWEEK | Value for determining which is the first date of the week. |
| SUPERUSER | Set if the user has the same access rights as the main account holder. |
| SYSTEMNOTIFICATIONS | Boolean flag if system notifications should be sent out to this user. |
| TARGETLIST | The target list as accepted by the graphical user interface. |
| TICKETPARENT | The parent account which will receive any tickets assigned to this user if they haven't been resolved within the defined due date. |
| TWOFACTORAUTHENTICATION | Boolean value if two factor authentication is required. |
| USERGROUPLIST | List of assigned user roles for this account. |
| USERGROUPNAMES | List of user roles that is assigned to this account (Please note that this field may not be present). |
| VCEMAIL | The e-mail address associated with this account. |
| VCFIRSTNAME | The first name of the user. |
| VCFULLNAME | The full name (both first and last name) of the user. |
| VCLASTNAME | The surname of the user. |
| VCUSERNAME | The name of the user which we would like to log in to. |
| WASMAXIMUMLINKS | The maximum number of WAS links that this user can scan. |
| XID | The unique identifier of the given object. |
| XISUBPARENTID | The parent id of this sub user. |
| XPATHUP | Internal use only. |
Remove Account
In order to remove an already defined account you need the unique identification number for that specific account. This is retrieved from the list of already defined user account (See section: List Accounts).
| Required Keys | |
|---|---|
| ACTION | REMOVESUBACCOUNTDATA |
| DELETENOTE | Audit note which may be required. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?DELETENOTE=AutoDelete&XID=6203&ACTION=REMOVESUBACCOUNTDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Manage Targets
This section will describe how you can manage your assets within the system. The grouping system will allow you to store the same target in multiple groups which will allow you to define for example groups based on the following:
Geographical location:
North America
NY
LA
South America
BR
Europe
DE
UK
Asia
CH
JP
Business function
Billing
Ordering
Support
Monitoring
Or even based on asset type:
Web servers
Routers
Firewalls
Mail servers
DNS servers
Database servers
Targets
The targets are either IP addresses or host names of system that you would like to perform vulnerability management against. The targets can be added automatically to the system by performing a discovery scan.
On the targets you can also define multiple attributes and also partial scan policies that should only apply to a single host.
Insert Targets
In order to add a target you need to supply the following parameters.
| Required Keys | |
|---|---|
| ACTION | INSERTTARGETDATA |
| ADDNOTE | Audit note that may be required. |
| GROUP | The group id to add this target into. Set the value to -1 for none. |
| TARGETLIST | The target list as accepted by the graphical user interface. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?GROUP=-1&TARGETLIST=91.216.32.100&ACTION=INSERTTARGETDATA&ADDNOTE=Test
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Update Targets
Inordet to update a target you need to supply the following parameters.
| Required Keys | |
|---|---|
| ACTION | UPDATETARGETDATA |
| ADDNOTE | Audit note that may be required. |
| CUSTOM0 | Custom attributed defined on either an user or a target. |
| CUSTOM1 | Custom attributed defined on either an user or a target. |
| CVSS_CDP | CVSS Collateral Damage Potential. |
| CVSS_SR_AVAIL | CVSS Security Requirements - Availability. |
| CVSS_SR_CONF | CVSS Security Requirements - Confidentiality. |
| CVSS_SR_INTEG | CVSS Security Requirements - Integrity. |
| CVSS_TD | CVSS - Target Distribution. |
| HIDDENURLS | Hidden URI that are present on this target that you would like to include in the scan. |
| HOSTNAME | The FQDN of the host. |
| MACADDRESS | The targets MAC address |
| VIRTUALHOSTS | The virtual hosts for this target. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?MACADDRESS=&CUSTOM0=&CVSS_CDP=ND&VIRTUALHOSTS=&CUSTOM1=1&HOSTNAME=&CVSS_SR_INTEG=ND&CVSS_SR_AVAIL=ND&XID=509319&HIDDENURLS=&CVSS_TD=ND&CVSS_SR_CONF=ND&ACTION=UPDATETARGETDATA&ADDNOTE=Test
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Targets
In order to see all targets which has been added to the system on your profile you need to supply the following details.
| Required keys | |
|---|---|
| ACTION | TARGETDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=TARGETDATA
Example response:
<RESPONSE>
<TARGETLIST>
<TARGET>
<XID>87382</XID>
<IPADDRESS>192.168.200.75</IPADDRESS>
<SCANNERID>0</SCANNERID>
<SCANNERNAME>Undefined</SCANNERNAME>
<VIRTUALHOSTS>myserver.company.com</VIRTUALHOSTS>
<MACADDRESS>00:23:76:a5:b4:df</MACADDRESS>
<LATESTSCANSTATUS>-1</LATESTSCANSTATUS>
<CVSS_SR_AVAIL>ND</CVSS_SR_AVAIL>
<CVSS_SR_INTEG>ND</CVSS_SR_INTEG>
<CVSS_SR_CONF>ND</CVSS_SR_CONF>
<CVSS_CDP>ND</CVSS_CDP>
<CVSS_TD>ND</CVSS_TD>
<PCI>0</PCI>
<CONFIRMED>0</CONFIRMED>
<SYNC>0</SYNC>
<PLATFORM>ND</PLATFORM>
<PCICOMPLIANCE>0</PCICOMPLIANCE>
<AUTHENTICATIONTYPE>0</AUTHENTICATIONTYPE>
<USESLICENSE>0</USESLICENSE>
<LIMITED>1</LIMITED>
</TARGET>
</TARGETLIST>
</RESPONSE>
| Response keys | |
|---|---|
| AUTHENTICATIONTYPE | Authentication type used: |
| CONFIRMED | Boolean flag if this target is confirmed within the PCI section. |
| CUSTOM0 | Custom attributed defined on either an user or a target. |
| CUSTOM1 | Custom attributed defined on either an user or a target. |
| CUSTOM2 | Custom attributed defined on either an user or a target. |
| CUSTOM3 | Custom attributed defined on either an user or a target. |
| CUSTOM4 | Custom attributed defined on either an user or a target. |
| CUSTOM5 | Custom attributed defined on either an user or a target. |
| CUSTOM6 | Custom attributed defined on either an user or a target. |
| CUSTOM7 | Custom attributed defined on either an user or a target. |
| CUSTOM8 | Custom attributed defined on either an user or a target. |
| CUSTOM9 | Custom attributed defined on either an user or a target. |
| CVSS_CDP | CVSS Collateral Damage Potential. |
| CVSS_SR_AVAIL | CVSS Security Requirements - Availability. |
| CVSS_SR_CONF | CVSS Security Requirements - Confidentiality. |
| CVSS_SR_INTEG | CVSS Security Requirements - Integrity. |
| CVSS_TD | CVSS - Target Distribution. |
| HOSTNAME | The FQDN of the host. |
| IPADDRESS | The IP address of the target. |
| LASTDISCOVERYDATE | The last date when the discovery scan was executed (Please note that this field may not be present). |
| LATESTSCANDATE | The latest scan date of this target (Please note that this field may not be present). |
| LATESTSCANSTATUS | The latest scan status of this target. |
| LATESTSUCCESSFULSCANDATE | The last date whena scan was successfully done against this target (Please note that this field may not be present). |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request. |
| MACADDRESS | The targets MAC address |
| PCI | Boolean flag if this target is part of the PCI product. |
| PCICOMPLIANCE | Boolean flag if this target is PCI compliant. |
| PLATFORM | The detected platform for this target. |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANNERNAME | The scanner name of the above scanner id. |
| SYNC | Internal use only. |
| USESLICENSE | Boolean value if this target utilize any license. |
| VIRTUALHOSTS | The virtual hosts for this target. |
| XID | The unique identifier of the given object. |
Remove Targets
In order to remove a target you need the unique identification number for that specific target. This is retrieved from the list of already defined targets (See section: List Targets).
| Required keys | |
|---|---|
| ACTION | REMOVETARGETDATA |
| DELETENOTE | Audit note which may be required. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?DELETENOTE=AutoDelete&XID=509319&ACTION=REMOVETARGETDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Groups
A couple of special target groups are in the system by default (these can not be removed or updated):
All Targets: This group contains all the targets that have been added to the system.
Ungrouped: contains all targets that are not present in another group defined within the system.
The group system will allow you to store the same target in multiple groups. This opens up for the possibility to create groups specifically for reporting, scheduling, target assignment and event notifications.
Update Group
In order to update a group you need to supply the following parameters.
| Required keys | |
|---|---|
| ACTION | UPDATETARGETGROUDATA |
| NAME | Name of the group |
| XID | The unique identifier of the object that you would like to update. Omit or set to -1 if you would like to add a new group to the system. |
Optional Keys
This function is not only for adding a group which the example shows you. You can of course also add or remove targets with the use of that function. In order to do that you should supply either of the following parameters to the request. You would need to know the unique id values of the targets in order to add them but they can be extracted from the system, please see the List Target section.
| Optional keys | |
|---|---|
| ADDTARGETLIST | Comma separeted list of unique targets id which you would like to add to the group. |
| REMOVETARGETLIST | Comma separeted list of unique targets id which you would like to remove from the group. |
Example Request:
https://outscan.outpost24.com/opi/XMLAPI?NAME=TESTAPI&XID=-1&ACTION=UPDATETARGETGROUDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Target Group
In order to see all the groups which has been added to the system on your profile you need to supply the following details.
| Required keys | |
|---|---|
| ACTION | TARGETGROUPDATA |
Example Request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=UPDATETARGETGROUDATA
Example Response:
<RESPONSE>
<GROUPLIST>
<GROUP>
<XID>-1</XID>
<XIPARENTID>-3</XIPARENTID>
<NAME>All targets</NAME>
<ICOUNT>9</ICOUNT>
<RULEBASED>0</RULEBASED>
<REPORTBASED>0</REPORTBASED>
<DESCRIPTION/>
<LIMITED>1</LIMITED>
</GROUP>
</GROUPLIST>
</RESPONSE>
| Response keys | |
|---|---|
| DESCRIPTION | Description of the object. |
| ICOUNT | The number of targets within this scan scope. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the limit parameter in the request. |
| NAME | The name of the attribute. |
| REPORTBASED | Boolean flag if this group is based on a report filter. |
| RULEBASED | Boolean flag if this group is based on a target filter. |
| XID | The unique identifier of the given object. |
| XIPARENTID | The unique id for any parent object for this object within the system. |
Remove Group
In order to remove a target you need the unique identification number for that specific group. This is retrieved from the list of already defined groups (See section: List Groups).
| Required keys | |
|---|---|
| ACTION | REMOVETARGETGROUPDATA |
| XID | The unique identifier of the given object. |
Example Request:
https://outscan.outpost24.com/opi/XMLAPI?XID=30381&ACTION=REMOVETARGETGROUDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Manage Schedule
This is the section where you perform the scheduling of the target scans, creates scanning policies and see the status of the scans.
The scan history section will allow you to see when a scan started, ended, duration and any errors that might have occurred during the scan.
Scan policies will allow you to change the settings for the scan so that you can either go deeper into the targets (with the use of authenticated scan) or change the selection of test to be utilized during the scan. The system comes with a predefined set of scanning policies which will allow you to perform simplified, normal or extend scans.
There is an unsafe scanning policy defined. Please note that this is NOT supposed to be used against a live production environment. The intention with this scan policy is to use it prior to putting a server into production as a form of acceptance test. Please make sure that you have a working backup just in case when performing such a scan.
The scan schedules section will allow you to set up simple or complex scanning rules with scan windows and against already defined targets or groups as for dynamic network ranges.
In the running scans part you will be able to extract the currently running scans along with their status. These can then either be paused or stopped depending on your requirements.
Scan History
In order to see what has been executed in the past on your account you can retrive a scan log which will contain the history of your scanning.
| Required keys | |
|---|---|
| ACTION | SCANLOG |
Optional Keys
The following parameters can be supplied in case you would like to exclude specific entries from being retrieved.
| Required keys | |
|---|---|
| EXCLUDEEMPTY | Boolean value if empty scan logs should be included in the results. |
| ITYPE | The type of this entry, see Appendix C. |
Example Request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCANLOG
Example Response:
<RESPONSE>
<SCANLOGLIST>
<SCANLOG>
<XID>155468</XID>
<VCHOST>83.233.57.212</VCHOST>
<XIPXID>-1</XIPXID>
<DSCANSTARTDATE>2006-05-31 06:57</DSCANSTARTDATE>
<DSCANENDDATE>2006-05-31 06:59</DSCANENDDATE>
<ITYPE>1</ITYPE>
<XTEMPLATE>0</XTEMPLATE>
<SCANNERID>0</SCANNERID>
<XSOXID>1723400</XSOXID>
<SCHEDULEJOB>Recovered</SCHEDULEJOB>
<DISCOVERYTEMPLATE/>
<TARGET>83.233.57.212</TARGET>
<XSCANJOBXID>900067</XSCANJOBXID>
<IID>0</IID>
<SCANNERNAME>Local</SCANNERNAME>
<CONFIRMED>0</CONFIRMED>
<COMPLIANT>0</COMPLIANT>
<FROMHIAB>0</FROMHIAB>
<SCANTIME>00:02:00</SCANTIME>
<SUBMITTED>0</SUBMITTED>
<LAST>0</LAST>
<CANUPDATE>0</CANUPDATE>
<SCANLESS>0</SCANLESS>
<LATESTSCANUPDATE>2006-05-31 06:57</LATESTSCANUPDATE>
<HASWASSTATS>0</HASWASSTATS>
<LIMITED>1</LIMITED>
</SCANLOG>
</SCANLOGLIST>
</RESPONSE>
| Response key | |
|---|---|
| CANUPDATE | Boolean flag if this entry can be updated using the SLS feature. |
| COMPLIANT | Boolean flag which shows if the target where compliant according to the PCI guidelines in case the scan refers to such a target. |
| CONFIRMED | Boolean flag if this target is confirmed within the PCI section. |
| DISCOVERYTEMPLATE | Name of the discovery job if it's a discovery. |
| DSCANENDDATE | The date and time when the scan ended. |
| DSCANSTARTDATE | The date and time when the scan started. |
| FROMHIAB | Boolean flag which is set to 1 if the scan originated from a HIAB (only viable on OUTSCAN). |
| HASWASSTATS | Boolean flag if the target has web application scanning statistics. |
| IID | Internal use only. |
| ITYPE | The type of this entry, see Appendix C. |
| LAST | Boolean value if this is the latest entry for this target. |
| LASTSCANUPDATE | Date and time when this scan where last updated using the SLS thechnology. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the limit parameter in the request. |
| SCANLESS | Boolean value if this is an SLS update of the report. |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCANTIME | The total amount of time the scan took. |
| SCHEDULEJOB | The name of the schedule job which is associated with this entry. |
| SUBMITTED | Boolean flag if this target is a PCI target and that the report has not been submitted yet in this quarter. |
| TARGET | The target that this entry is about. |
| TEMPLATE | The scan policy utilized by this object. |
| VCHOST | The IP or host name of the target which where tested. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XSCANJOBXID | The unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range). |
| XSOXID | The unique identifier of the schedule object which contain the schedule preferences. |
| XTEMPLATE | The unique identifier of the scan policy utilized by this object. |
Scan Policy
The scan policy is used to define rules and settings for the scan to use when it is executed.
These scan policies allows you to specify what test to execute and also provide specific settings for different services.
Update Scan Policy
In order to add or uppdate scan policy you need to supply the following parameters. If you would like to create a scan policy you would enter "-1" as the value for the XID parameter but if you would like to update an already present role you need to supply the unique identification number for that scan policy in that field instead.
| Required keys | |
|---|---|
| ACTION | UPDATETEMPLATEDATA |
| NAME | The name of the scan policy. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?NAME=PemoveMeAPI&XID=-1&ACTION=UPDATETEMPLATEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Scan Policy
In order to see a list of available scanning policies you shall supply the following information. The scanning policies allows you to define credentials for different services that may be available. This may allow the scanner to log in and retrieve additional information like which patches are installed on the tested server and hence produce a more accurate report.
| Required keys | |
|---|---|
| ACTION | TEMPLATEDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=TEMPLATEDATA
Example reponse:
<RESPONSE>
<TEMPLATELIST>
<TEMPLATE>
<XID>1</XID>
<NAME>Port scan</NAME>
<DESCRIPTION>This scan policy will only perform a port scan on the defined TCP and UDP ports within the policy.</DESCRIPTION>
<GLOBAL>1</GLOBAL>
<ENABLEDFAMILYLIST/>
<DISABLEDFAMILYLIST/>
<ENABLEDSCRIPTLIST/>
<DISABLEDSCRIPTLIST>-1,</DISABLEDSCRIPTLIST>
<OWNER>OUTPOST24 ADMINISTRATOR</OWNER>
<LIMITED>1</LIMITED>
</TEMPLATE>
</TEMPLATELIST>
</RESPONSE>
| Response key | |
|---|---|
| DESCRIPTION | Short description of the scan policy. |
| DISABLEFAMILYLIST | A comma separated list of families that has been disabled in this scan policy. |
| DISABLESCRIPTLIST | A comma separated list of script ids that has been disabled in this scan policy. |
| ENABLEFAMILYLIST | A comma separated list of families that has been enabled in this scan policy. |
| ENABLESCRIPTLIST | A comma separated list of script ids that has been enabled in this scan policy |
| GLOBAL | Boolean flag if the template is avialable to other users within your company. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the limit parameter in the request. |
| NAME | The name of the template. |
| OWNER | The owner of the object. |
| XID | The unique identifier of the given object. |
Remove Scan Policy
In order to remove a scan policy job you need the unique identification number for that specific scan policy. This is retrieved from the list of already defined scanning policies (See section: List Scan Policies).
| Required keys | |
|---|---|
| ACTION | REMOVETEMPLATEDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=3451&ACTION=REMOVETEMPLATEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Scan Schedule
The schedules are groups of targets on which you would like to execute scans against at specific times. A schedule can be set to repeat at a certain interval but also be set to only run once or started manually.
Update Scan Schedule
In order to add or update an user role you need to supply the following parameters. If you would like to create a new role you would enter "-1" as the value for the XID parameter but if you would like to update an already present role you need to supply the unique identifier for that role in that field instead.
| Required keys | |
|---|---|
| ACTION | UPDATESCHEDULEDATA |
| NAME | The name of the schedule job that you would like to add/update |
| XID | MUST be set to "-1" if you do not update an already existing schedule. |
| XUSERXID | MUST be supplied, this value can be retrieved from the LOGINDATA function. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XUSERXID=114&NAME=RemoveMeAPI&XID=-1&ACTION=UPDATESCHEDULEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Scan Schedule
In order to see all the scheduled jobs which has been added to the system on your profile you need to supply the following details.
| Required keys | |
|---|---|
| ACTION | SCHEDULEDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCHEDULEDATA
Example Response:
<RESPONSE>
<SCHEDULELIST>
<SCHEDULE>
<XID>1731319</XID>
<TARGETLIST/>
<GROUPLIST>4523,</GROUPLIST>
<TEMPLATEID>2</TEMPLATEID>
<SCANCOUNT>0</SCANCOUNT>
<MAXSCANTIME>12</MAXSCANTIME>
<LATESTSCANDATE>2009-11-19 12:00</LATESTSCANDATE>
<LATESTSCANSTATUS>20</LATESTSCANSTATUS>
<FREQUENCY>1</FREQUENCY>
<DAYWEEKMONTH>0</DAYWEEKMONTH>
<NAME>Application server</NAME>
<OWNER>Daniel Fredriksson</OWNER>
<ICOUNT>1</ICOUNT>
<SCANWINDOWS>1</SCANWINDOWS>
<SCANWINDOWDELAY>1</SCANWINDOWDELAY>
<SCANMODE>2</SCANMODE>
<DNSLOOKUP>1</DNSLOOKUP>
<NETBIOSLOOKUP>1</NETBIOSLOOKUP>
<CVSS_SR_AVAIL>ND</CVSS_SR_AVAIL>
<CVSS_SR_INTEG>ND</CVSS_SR_INTEG>
<CVSS_SR_CONF>ND</CVSS_SR_CONF>
<CVSS_CDP>ND</CVSS_CDP>
<CVSS_TD>ND</CVSS_TD>
<DISABLEPROTOCOL>0</DISABLEPROTOCOL>
<EMPTYTARGETGROUP>0</EMPTYTARGETGROUP>
<SCANLESS>0</SCANLESS>
<WAKEONLANDELAY>0</WAKEONLANDELAY>
<FROMLDAP>0</FROMLDAP>
<LATESTSCANDURATION>00:23:00</LATESTSCANDURATION>
<AVERAGESCANDURATION>00:38:00</AVERAGESCANDURATION>
<DELETED>0</DELETED>
</SCHEDULE>
</SCHEDULELIST>
</RESPONSE>
| Response key | |
|---|---|
| ADDTOGROUPXID | Add found targets to the following group (if schedule jod is a discovery scan) |
| AVERAGESCANDURATION | The average scan time. |
| CONCURRENTSCANS | Number of concurrent scansallowed in this schedul job |
| CVSS_CDP | CVSS Collateral Damage Potential. |
| CVSS_SR_AVAIL | CVSS Security Requirements - Availability. |
| CVSS_SR_CONF | CVSS Security Requirements - Confidentiality. |
| CVSS_SR_INTEG | CVSS Security Requirements - Integrity. |
| CVSS_TD | CVSS - Target Distribution. |
| DAYWEEKMONTH | Flag if specific day of week or month should be used (available on monthly scanning). |
| DELETED | Boolean value if this entry is marked as removed and should not be displayed. |
| DISABLEPROTOCOL | Flag regarding which process should be disabled during discovery. |
| DNSLOOKUP | Boolean flag if a DNS lookup should be performed on all targets that are added in case this schedule is in discovery mode. |
| EMPTYTARGETGROUP | Boolean value if the groupwhich we add targets t oshould be emptired prior to adding newly discovered targets. |
| FREQUENCY | The frequency of the scheduled time for this job. |
| FROMLDAP | Boolean flag if targets has been/shall be retrieved from a LDAP/AD server. |
| GROUPLIST | Comma separated list of granted groups for this account. |
| ICOUNT | The number of targets which will be scanned by this schedule. |
| LASTSCANDATE | When this schedule will no longer be re-schedule. |
| LATESTSCANDATE | When this schedule was scanned the latest time. |
| LATESTSCANDURATION | The duration of the latest scan. |
| LATESTSCANSTATUS | The latest scan status of this schedule. |
| MAXSCANTIME | The maximum amount of time allowed to scan this schedule. |
| NAME | The name of the schedule job. |
| NETBIOSLOOKUP | Boolean flag if a NetBIOS lookup should be performed on all targets that are added in case this schedule is in discovery mode. |
| NEXTSCANDATE | The next time this schedule will be executed. |
| OWNER | The owner of this schedule job (used when sending out notification). |
| SCANCOUNT | Deprecated |
| SCANLESS | Boolean flag if this schedule job should update daily. |
| SCANMODE | The mode of this schedule job (discovery, discovery/scan, scan). |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANWINDOWDELAY | The delay between scan windows (in days). |
| SCANWINDOWS | The number of allowed scan windows for this schedule. |
| TARGETLIST | The target list as accepted by the graphical user interface. |
| TEMPLATEID | The scanning policy used by this schedule. |
| WAKEONLANDELAY | The delay before starting a scan against a target which has been woken up for testing. |
| XID | The unique identifier of the given object. |
| XSUBUSERXID | The unique identifier of sub account that has created this schedule (Please note that this field may not be present). |
Remove Schedule
In order to remove a schedule job you need the unique identification number for that specific schedule job. This is retrived from the list of already defined schedule jobs ( See section: List Schedule).
| Required keys | |
|---|---|
| ACTION | REMOVESCHEDULEDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=REMOVESCHEDULEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Running Scan
In this section you can view the currently running scans and if required you can either pause ( and resume ) or stop any running scans.
List Running Scans
In order to see a list of currently running scans you shall supply the following information.
| Required keys | |
|---|---|
| ACTION | SCANSTATUSDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCANSTATUSDATA
Example response:
<RESPONSE>
<STATUSLIST>
<STATUS>
<XID>2122465</XID>
<XUSERXID>1000</XUSERXID>
<XSUBUSERXID>1000</XSUBUSERXID>
<XSOXID>1003</XSOXID>
<SCANNERID>-1</SCANNERID>
<SCANNERNAME>Local</SCANNERNAME>
<REMOTEXID>6961</REMOTEXID>
<COMPANY>Outpost24</COMPANY>
<VCSERVICE>O</VCSERVICE>
<VCPERCENT>10/15</VCPERCENT>
<IPERCENTV>66</IPERCENTV>
<ITHREADID>2122465</ITHREADID>
<VCSTATUS>running</VCSTATUS>
<VCSTATE>CAT_SCAN</VCSTATE>
<BPAUSE>0</BPAUSE>
<BSTOP>0</BSTOP>
<VCJOBNAME>Test API</VCJOBNAME>
<VCGNAME>lpattack15</VCGNAME>
<IATTACKERID>15</IATTACKERID>
<VCTARGET>91.216.32.140</VCTARGET>
<XIPXID>1140</XIPXID>
<ICOUNT>1</ICOUNT>
<IVERIFY>0</IVERIFY>
<DSCANSTARTED>2012-11-16 10:45</DSCANSTARTED>
<DSCANSTART>2012-11-16 10:45</DSCANSTART>
<DSCANEND>2012-11-16 22:45</DSCANEND>
<XTEMPLATE>-2</XTEMPLATE>
<XSCANJOBXID>7147</XSCANJOBXID>
<TXSETTINGS/>
<PROBEID>11fbf171</PROBEID>
<SCANWINDOWS>1</SCANWINDOWS>
<SCANWINDOWDELAY>1</SCANWINDOWDELAY>
<RESUMING>0</RESUMING>
<SCANSENT>0</SCANSENT>
<TARGETTYPE>0</TARGETTYPE>
<ISSTOPPED>0</ISSTOPPED>
<ISPAUSED>0</ISPAUSED>
<DBSCHEMA/>
<SCANLESSREPORTXID>-1</SCANLESSREPORTXID>
<SMARTFILTERING>1</SMARTFILTERING>
<HOSTNAME>www.outpost24.com</HOSTNAME>
<LOOKUP>0</LOOKUP>
<SCANSCHEMA>scan</SCANSCHEMA>
<WAKEONLAN/>
<WAKEONLANDELAY>0</WAKEONLANDELAY>
<FROMLDAP/>
</STATUS>
</STATUSLIST>
</RESPONSE>
| Response key | |
|---|---|
| BPAUSE | Boolean flag if the scan is marked as paused. |
| BSTOP | Boolean flag if the scan is marked as stopped. |
| COMPANY | The name of the company for this account |
| DBSCHEMA | Internal use only. |
| DSCANEND | Date and time information when the scan will terminate if not already finished. |
| DSCANSTART | Date and time information when the scan shall start. |
| DSCANSTARTED | Date and time information when the scan started. |
| FROMLDAP | Retrieve targets from the configured LDAP/AD server. |
| HOSTNAME | The FQDN of the host. |
| IATTACKERID | The internal attacker id which this scan is running from. |
| ICOUNT | The number of targets within this scan scope. |
| IPERCENTV | The percentage value of the progress of the scan. |
| ISPAUSED | Boolean flag if the scan is paused. |
| ISSTOPPED | Boolean flag if the scan is stopped. |
| ITHREADID | The thread identification number within the system. Used for performing actions upon specific scans. |
| IVERIFY | Boolean flag if the running scan is a verification scan. |
| LOOKUP | Boolean flag if any discovered targets will perform a lookup upon adding them to the system. |
| PDETECTTEMPLATE | The scan policy which will be used on scan started by a discovery/scan type of scan (Please note that this field may not be present). |
| PROBEID | The unique probe identification number. |
| REASON | The comment that will be used when adding targets to the system if the are detected (Please note that this field may not be present). |
| REMOTEXID | Internal use. |
| RESUMING | Boolean flag if this scan is resumed from a previously paused scan. |
| SCANLESSREPORTXID | The unique identifier of the report which is updated using the SLS feature. |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCANSCHEMA | Internal use. |
| SCANSENT | Boolean flag if the scan has been sent to the designated scanner. |
| SCANWINDOWDELAY | The delay between scan windows (in days). |
| SCANWINDOWS | The number of allowed scan windows for this schedule. |
| SMARTFILTERING | Boolean flag if the results will utilize smart filtering. |
| TARGETTYPE | The available types of targets: |
| TEMPLATE | The scan policy utilized by this object (Please note that this field may not be present). |
| TXREPORT | Deprecated (Please note that this field may not be present). |
| TXSETTINGS | Text settings for this scan. |
| VCGNAME | Internal use. |
| VCJOBNAME | The name of the schedule job. |
| VCPERCENT | Text representation of the percentage value. |
| VCSERVICE | Should be set to W in order to only see Web Applications scan status. |
| VCSTATE | Current state of the scan. |
| VCSTATUS | Current status of the scan. |
| VCTARGET | Text representation of the target. |
| WAKEONLAN | Boolean flag if targets should woken up by the WOL feature. |
| WAKEONLANDELAY | The delay before targets will be scanned since the WOL request is sent. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XSCANJOBXID | The unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range). |
| XSOXID | The unique identifier of the schedule object which contain the schedule preferences. |
| XSUBUSERXID | The unique identifier of sub user which this object is connected to. |
| XTEMPLATE | The unique identifier of the scan policy used by this object. |
| XUSERXID | The unique user id. |
Start a Scan
In order to start a scan you need to supply the unique identification number for a specific schedule. This can retrived from the schedule list (See section: List schedule).
| Required keys | |
|---|---|
| ACTION | STARTSCAN |
| ONLYSCANNOW | Should be set to 1. |
| XID | The unique identiefier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ONLYSCANNOW=1&ACTION=STARTSCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Pause a Scan
In order to pause a currently running scan you need to supply the unique identification number for that specific scan. This can be retrived from the scan list (See section: List running scans).
| Required keys | |
|---|---|
| ACTION | PAUSESCAN |
| XID | The unique identifier orf the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=PAUSESCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Resume a Scan
In order to resume a currently paused scan you need to supply the unique identification number for that specific scan. This can be retrived from the scan list (See section: List running scans).
| Required keys | |
|---|---|
| ACTION | RESUMESCAN |
| XID | The unique identifier orf the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=RESUMESCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Stop a Scan
In order to stop a currently running scan you need to supply the unique identification number for that specific scan. This can be retrived from the scan list (See section: List running scans).
If you would like to stop all running scans then you should supply -1 as the XID value.
| Required keys | |
|---|---|
| ACTION | STOPSCAN |
| XID | The unique identifier orf the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=STOPSCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Manage Reports
Here you can see the result of a scan and also export the results to different formats (PDF, Excel and XML). This section will also provide information regarding additional tasks that can be performed on single entries, like for instance how to accept a reported risk in a report.
There are several actions that can be performed upon a single report entry, such as assign task, accept risk, perform verify scan and comment vulnerability.
The different report types that you can export are the following:
Delta report - Shows that has changed between the latest and the selected previous report. The information will contain added and removed findings a long with any newly opened or closed ports. This is very useful when you need to determine what has changed between two scanning occurrences.
Overview report - Shows in which vulnerability families you currently have you reported vulnerabilities.
Solution report - This will give you information regarding how many issues will be resolved by applying the unique solutions for the selected report. With this information it's really easy to determine where you have your quick wins that you can apply and drastically reduce your risk level with minimal workload.
Trend report - This will provide statistics for the number of high, medium and low risks over time for the selected target.
Report Selection
This section will guide you through the different requests that you are required to perform in order to retrieve a report. This will contain requests like how to retrieve the schedules, templates or plain lists or targets which are available in the report.
There are two different ways to retrieve the reports. These are:
- From a group (list) - All targets currently defined in that group(s) will be used to present a report.
- From a host (list) - Only the individual selected target(s) will be used to generate a report.
The above ways of retrieving the reports will be explain in the following section.
Report Target
This is the sectioin where you receive information about the actual finding for a specific target. With the use of the filtering and addional parameters that can be defined you have a very powerful way of extracting information from the system based on your requirements.
| Required keys | |
|---|---|
| ACTION | REPORTTARGETDATA |
| GROUPS | Comma separated list of groups which you would like to retrive the targets for. |
| TARGETS | Comma separated list of targets which you would like to retrive the target report target information for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?GROUPS=,-1,&ACTION=REPORTTARGETDATA&TARGETS=-1
Example reponse:
<RESPONSE>
<REPORTLIST>
<REPORT>
<XTEMPLATE>2</XTEMPLATE>
<GLOBALTEMPLATE>1</GLOBALTEMPLATE>
<VERIFIED>0</VERIFIED>
<SCHEDULEJOB>Application server</SCHEDULEJOB>
<CVSSSCORE>0.0</CVSSSCORE>
<PCICVSSSCORE>0.0</PCICVSSSCORE>
<DFIRSTSEEN>2009-11-05 12:00</DFIRSTSEEN>
<DLASTSEEN>2009-11-05 12:00</DLASTSEEN>
<DATE>2009-11-05 12:00</DATE>
<XIPXID>87386</XIPXID>
<VCTARGET>192.168.200.33</VCTARGET>
<HOSTNAME>www.example.com</HOSTNAME>
<IPORT>445</IPORT>
<IPROTOCOL>6</IPROTOCOL>
<XID>5800689</XID>
<VCNAME>Port scanner</VCNAME>
<VCVULNID>101010</VCVULNID>
<BFALSEPOS>0</BFALSEPOS>
<BNEW>1</BNEW>
<BPCI>0</BPCI>
<TYPE>Port</TYPE>
<SERVICENAME>netbios-ssn</SERVICENAME>
<IRISK>0</IRISK>
<ORIGINALRISKLEVEL>-1</ORIGINALRISKLEVEL>
<SCANNERNAME>Local</SCANNERNAME>
<POTENTIALFALSE>0</POTENTIALFALSE>
<CUSTOM0>SE</CUSTOM0>
<CUSTOM1>1</CUSTOM1>
<CUSTOM2>dalskdjlasjd</CUSTOM2>
<CUSTOM3/>
<CUSTOM4>London</CUSTOM4>
<ACCEPTEDLENGTH>0</ACCEPTEDLENGTH>
<ACCEPTED>0</ACCEPTED>
<VCVHOST/>
<TARGETTYPE>0</TARGETTYPE>
<PLATFORM>ND</PLATFORM>
<ASSIGNEE>Unassigned</ASSIGNEE>
<ISADDED>0</ISADDED>
<FINDINGDATE>2009-11-05 12:00</FINDINGDATE>
<HASFPCOMMENT>0</HASFPCOMMENT>
<AGE>1565.0</AGE>
<HASEXPLOITS>0</HASEXPLOITS>
<LIMITED>1</LIMITED>
</REPORT>
</REPORTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| ACCEPTCOMMENT | Written comment that shall describe why the finding has been marked as an accepted risk (Please note that this field may not be present). |
| ACCEPTED | Boolean value if the report entry has been marked as an accepted risk. |
| ACCEPTEDLENGTH | For how many days was the entry accepted. |
| ACCEPTEXPIRES | The end date when the finding is no longer accepted automatically. |
| AGE | The number of days since the first occurrence of this specific finding. |
| ASSIGNEE | The user who is assigned to this specific entry. |
| BFALSEPOS | Boolean value if this entry is marked as a potential false positive. |
| BNEW | Boolean value if this finding wasn't reported on the previous report for this target. |
| BPCI | Boolean value if this finding is related to PCI. |
| CUSTOM0 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM1 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM2 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM3 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM4 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM5 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM6 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM7 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM8 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CUSTOM9 | Custom attributed defined on either an user or a target (Please note that this field may not be present). |
| CVSSSCORE | The calculated CVSS score for this finding. |
| DATE | Report date and time. |
| DFIRSTSEEN | Date and time when this finding where first reported for this target and service. |
| DLASTSEEN | The date and time when this finding where seen the last time for this target and service. |
| FINDINGDATE | The date and time when this finding where either verified or updated from the SLS scanning. |
| GLOBALTEMPLATE | Name of the global template usedwhen performing the scan if any. |
| HASEXPLOITS | Boolean flag if the vulnerability has a known exploit. |
| HOSTNAME | The FQDN of the host. |
| IIPVAL | The calculated number of the target (if IPv4) (Please note that this field may not be present). |
| IPORT | The port where this issue has been detected. |
| IPROTOCOL | The protocol where this issue has been detected (See http://www.isi.edu/in-notes/iana/assignments/protocol-numbers). |
| IRISK | The risk value for this finding |
| ISADDED | Boolean flag if this finding has been added since the last scan. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request. |
| ORIGINALRISKLEVEL | The original risk level if it has been changed. |
| PCICVSSSCORE | The calculated PCI CVSS score. |
| PLATFORM | The platform that has been detected upon this target. |
| POTENTIALFALSE | Boolean flag if this finding is a potential false positive. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCHEDULEJOB | The name of the schedule job which where used when performing this scan. |
| SERVICENAME | The name of the service which where used when performing this scan. |
| TARGETTYPE | The available types of targets: |
| TYPE | What type of entry this is: |
| VCBUG | Bugtraq ID for this finding. |
| VCCVE | CVE ID for this finding. |
| VCFAMILY | The vulnerability family which this entry falls under. |
| VCNAME | The name of the vulnerability. |
| VCTARGET | Text representation of the target. |
| VCVHOST | The virtual host where this vulnerability has been detected. |
| VCVULNID | The unique vulnerability id for this entry. |
| VERIFIED | Boolean flag if this finding has been verified scanned. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XTEMPLATE | The unique identifier of the scan policy utilized by this object. |
Report Template
Using predefined templates when retrieving reports allows you to use saved filters when selecting what should be present in the report.
How to define a template will not be covered by this documentation. This document will rather function as a guide to what the different values represent for your knowledge. It is only includded here in so that you can use it when selecting what the content should be in the report. When using a template you will only submit the filtering section to the backend.
| Required keys | |
|---|---|
| ACTION | REPORTTEMPLATEDATA |
| SCANTYPE | The type of scan which you would like to recieve the templates for. Valid values: |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?SCANTYPE=0&ACTION=REPORTTEMPLATEDATA
Example reponse:
<RESPONSE>
<REPORTTEMPLATES>
<TEMPLATE>
<XID>1059</XID>
<XUSERXID>114</XUSERXID>
<NAME>High risks - All targets</NAME>
<ISPUBLIC>1</ISPUBLIC>
<STATE>o%3Acolumns%3Da%253Ao%25253Aid%25253Ds%2525253Aexpander%25255Ewidth%25253Dn%2525253A20
%255Eo%25253Aid%25253Ds%2525253Arfg_TARGET%25255Ewidth%25253Dn%2525253A100%255Eo%25253Aid%252
53Ds%2525253Arfg_HOSTNAME%25255Ewidth%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255E
o%25253Aid%25253Ds%2525253Arfg_DATE%25255Ewidth%25253Dn%2525253A120%255Eo%25253Aid%25253Ds%25
25253Arfg_VULNID%25255Ewidth%25253Dn%2525253A70%255Eo%25253Aid%25253Ds%2525253Arfg_NAME%25255
Ewidth%25253Dn%2525253A494%255Eo%25253Aid%25253Ds%2525253Arfg_HASEXPLOITS%25255Ewidth%25253Dn
%2525253A100%255Eo%25253Aid%25253Ds%2525253Arfg_TYPE%25255Ewidth%25253Dn%2525253A80%25255Ehid
den%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_CVSS%25255Ewidth%25253Dn%2525253A73%
255Eo%25253Aid%25253Ds%2525253Arfg_RISK%25255Ewidth%25253Dn%2525253A140%255Eo%25253Aid%25253D
s%2525253Arfg_PORT%25255Ewidth%25253Dn%2525253A50%255Eo%25253Aid%25253Ds%2525253Arfg_PROTOCOL
%25255Ewidth%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253
Arfg_CVE%25255Ewidth%25253Dn%2525253A100%255Eo%25253Aid%25253Ds%2525253Arfg_FAMILY%25255Ewidt
h%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_BUGTR
AQ%25255Ewidth%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525
253Arfg_ACCEPTED%25255Ewidth%25253Dn%2525253A70%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid
%25253Ds%2525253Arfg_ACCEPTEXPIRES%25255Ewidth%25253Dn%2525253A227%25255Ehidden%25253Db%25252
53A1%255Eo%25253Aid%25253Ds%2525253Arfg_BFALSEPOS%25255Ewidth%25253Dn%2525253A50%25255Ehidden
%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_BPOTENTIALFALSEPOS%25255Ewidth%25253Dn%
2525253A102%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_BNEW%25255Ewidt
h%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_VERIFI
ED%25255Ewidth%25253Dn%2525253A133%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525
253Aid_rfg0%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_DFIRSTSEEN%2525
5Ewidth%25253Dn%2525253A120%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg
_DLASTSEEN%25255Ewidth%25253Dn%2525253A120%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%2525
3Ds%2525253Arfg_PRODUCT%25255Ewidth%25253Dn%2525253A100%25255Ehidden%25253Db%2525253A1%255Eo%
25253Aid%25253Ds%2525253Arfg_VCVHOST%25255Ewidth%25253Dn%2525253A200%25255Ehidden%25253Db%252
5253A1%255Eo%25253Aid%25253Ds%2525253Arfg_PLATFORM%25255Ewidth%25253Dn%2525253A100%25255Ehidd
en%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_ASSIGNEE%25255Ewidth%25253Dn%2525253A
205%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_PCICOMPLIANCE%25255Ewid
th%25253Dn%2525253A70%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_FINDI
NGDATE%25255Ewidth%25253Dn%2525253A120%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%
2525253Arfg_ISADDED%25255Ewidth%25253Dn%2525253A50%25255Ehidden%25253Db%2525253A1%255Eo%25253
Aid%25253Ds%2525253Aid_rfg6%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg
_HASFPCOMMENT%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Arfg_AGE%25255Ewid
th%25253Dn%2525253A70%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg8%2
5255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg7%25255Ehidden%25253Db%252
5253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg4%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%2
5253Ds%2525253Aid_rfg1%25255Ehidden%25253Db%2525253A1%255Eo%25253Aid%25253Ds%2525253Aid_rfg2%
5Esort%3Do%253Afield%253Ds%25253AVCNAME%255Edirection%253Ds%25253AASC%255Ecolumn%253Ds%25253A
Name%5Efilters%3Do%253AIRISK%253Da%25253As%2525253A4%5Egrouping%3Ds%253AVCTARGET</STATE>
<SERVERFILTER>filter%5B0%5D%5Bfield%5D=IRISK&filter%5B0%5D%5Bdata%5D%5Btype%5D=list&f
ilter%5B0%5D%5Bdata%5D%5Bvalue%5D=4</SERVERFILTER>
<TARGETS>-1</TARGETS>
<TARGETGROUPS>,-1,</TARGETGROUPS>
<OWNER>John Doe</OWNER>
<SCANTYPE>0</SCANTYPE>
</TEMPLATE>
</REPORTTEMPLATES>
</RESPONSE>
| Response keys | |
|---|---|
| ISPUBLIC | Boolean flag if this template is publicly available to all your sub users. |
| NAME | Nema of the report template. |
| OWNER | The creator of this template. |
| SCANTYPE | The type of scan which you would like to receive the templates for. Valid values: |
| SERVERFILTER | The filter for this template. |
| STATE | The filter used by the GUI to display this template. |
| TARGETGROUPS | The selected groups for this template. |
| TARGETS | The selected targets for this template. |
| XID | The unique identifier of the given object. |
| XUSERXID | The unique user id. |
Report
In order to retrieve scanning results you need to supply the which targets and/or groups that you would like to receive them for. The targets and group cat either be single or multiple ones with the use of a comma separated list of their unique identification key. How to retrieve these identification keys are described in the Report selection section.
Retrive Report Entries
In order to retrieve scanning resultyou need to supply the following information.
| Required keys | |
|---|---|
| ACTION | REPORTTARGETDATA |
| GROUPS | Comma separated list of unique group identifiers to be included in the report. |
| TARGETS | Comma separated list of unique target identifiers to be included in the report. |
Optional Keys
If based on a schedule object you should provide it's unique identification number in the following paramater.
| Optional keys | |
|---|---|
| SCANLOGXID | The unique scan log entry id for the schedule job which you would like to retrieve reports for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?GROUPS=,-1,&ACTION=REPORTTARGETDATA&TARGETS=-1
Example response:
<RESPONSE>
<REPORTLIST>
<REPORT>
<XTEMPLATE>2</XTEMPLATE>
<GLOBALTEMPLATE>1</GLOBALTEMPLATE>
<VERIFIED>0</VERIFIED>
<SCHEDULEJOB>Application server</SCHEDULEJOB>
<CVSSSCORE>0.0</CVSSSCORE>
<PCICVSSSCORE>0.0</PCICVSSSCORE>
<DFIRSTSEEN>2009-11-05 12:00</DFIRSTSEEN>
<DLASTSEEN>2009-11-05 12:00</DLASTSEEN>
<DATE>2009-11-05 12:00</DATE>
<XIPXID>87386</XIPXID>
<VCTARGET>192.168.200.33</VCTARGET>
<HOSTNAME>www.example.com</HOSTNAME>
<IPORT>445</IPORT>
<IPROTOCOL>6</IPROTOCOL>
<XID>5800689</XID>
<VCNAME>Port scanner</VCNAME>
<VCVULNID>101010</VCVULNID>
<BFALSEPOS>0</BFALSEPOS>
<BNEW>1</BNEW>
<BPCI>0</BPCI>
<TYPE>Port</TYPE>
<SERVICENAME>netbios-ssn</SERVICENAME>
<IRISK>0</IRISK>
<ORIGINALRISKLEVEL>-1</ORIGINALRISKLEVEL>
<SCANNERNAME>Local</SCANNERNAME>
<POTENTIALFALSE>0</POTENTIALFALSE>
<CUSTOM0>SE</CUSTOM0>
<CUSTOM1>1</CUSTOM1>
<CUSTOM2>dalskdjlasjd</CUSTOM2>
<CUSTOM3/>
<CUSTOM4>London</CUSTOM4>
<ACCEPTEDLENGTH>0</ACCEPTEDLENGTH>
<ACCEPTED>0</ACCEPTED>
<VCVHOST/>
<TARGETTYPE>0</TARGETTYPE>
<PLATFORM>ND</PLATFORM>
<ASSIGNEE>Unassigned</ASSIGNEE>
<ISADDED>0</ISADDED>
<FINDINGDATE>2009-11-05 12:00</FINDINGDATE>
<HASFPCOMMENT>0</HASFPCOMMENT>
<AGE>1565.0</AGE>
<HASEXPLOITS>0</HASEXPLOITS>
<LIMITED>1</LIMITED>
</REPORT>
</REPORTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| ACCEPTCOMMENT | The comment given when this vulnerability was accepted (Please note that this field may not be present). |
| ACCEPTED | Boolean value if the vulnerability has been accepted. |
| ACCEPTEDLENGTH | The number of days the vulnerability has been accepted. |
| ACCEPTEXPIRES | The date when the vulnerability no longer is accepted. |
| AGE | The number of days since the first occurrence of this specific finding. |
| ASSIGNEE | The user who has a ticket assigned to him/her for this entry. |
| BFALSEPOS | Boolean value if this vulnerability is marked as a false positive or not. |
| BNEW | Boolean value if this finding wasn't reported on the previous report for this target. |
| BPCI | Boolean value if this report is a PCI report. |
| CUSTOM0 | Custom attributed defined on either an user or a target. |
| CUSTOM1 | Custom attributed defined on either an user or a target. |
| CUSTOM2 | Custom attributed defined on either an user or a target. |
| CUSTOM3 | Custom attributed defined on either an user or a target. |
| CUSTOM4 | Custom attributed defined on either an user or a target. |
| CVSSSCORE | The CVSS score for this vulnerability. |
| DATE | The date and time when this scan was performed. |
| DFIRSTSEEN | The date and time when this finding was first detected on this host. |
| FINDINGDATE | The date and time when this finding was updated. |
| GLOBALTEMPLATE | The global template that was used if any. |
| HASEXPLOITS | Boolean flag if the vulnerability has a known exploit. |
| HASFPCOMMENT | Boolean flag if the target has false positive comments. |
| HOSTNAME | The FQDN of the host. |
| IPORT | The port where this vulnerability was detected upon. |
| IPROTOCOL | The protocol used when detecting this vulnerability. |
| IRISK | The risk level that this vulnerability is graded to. See appendix G. |
| ISADDED | Boolean value if this vulnerability has been added after the initial scan. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the limit parameter in the request. |
| ORIGINALRISKLEVEL | The original risk level for this vulnerability. |
| PCICVSSSCORE | The PCI CVSS score for this vulnerability ( Does not reflect DOS ). |
| PLATFORM | The detected platform for this vulnerability. |
| POTENTIALFALSE | Boolean value if this vulnerability are a potential false positive. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCHEDULEJOB | The name of the schedule job which is associated with this entry. |
| SERVICENAME | The name of the service listening on this port and protocol. |
| TARGETTYPE | The available types of targets: 0 : IP 1 : Host name 2 : NetBIOS name. |
| TYPE | The entry report type. |
| VCBUG | The Bugtraq ID for this vulnerability. |
| VCCVE | The CVE reference for this vulnerability. |
| VCFAMILY | The family name of this vulnerability. |
| VCNAME | The name of this vulnerability. |
| VCTARGET | Text representation of the target. |
| VCVHOST | The virtual host name where this vulnerability was detected. |
| VCVULNID | The unique script identification number given to this vulnerability. |
| VERIFIED | Boolean value if this finding has been verified or not. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XTEMPLATE | The unique identifier of the scan policy utilized by this object. |
Export Report
You can also export the report in a predefined format like PDF, Excel spreadsheet or into XML. In order to export a report you need to supply the selection criteria which where used to retrieve the report in the first place along with the next request.
| Required keys | |
|---|---|
| ACTION | EXPORTREPORT |
| FORMAT | Should be set to either PDF, XLS or XML. |
| LASTQUERY | The parameters used to retrive the report. This parameter should be URL encoded. |
LENGTH | The length of the selected period. |
| PERIOD | The period that you would like to have the report for: |
| REPORTTYPE | The report type that you would like to extract. See Appendix I. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?REPORTTYPE=0&FORMAT=PDF&PERIOD=1&ACTION=EXPORTREPORT&LASTQUERY=start%3D0%26SCANLOGXID%3D101%26TARGET%3D101%26GROUPS%3D%252C-1%252C%26limit%3D50%26groupBy%3DVCTARGET%26ACTION%3DREPORTTARGETDATA%26sort%3DVCVULNID%26dir%3DDESC&groupBy=VCTARGET&REPORTTYPE=3&PERIOD=1&LENGTH=1&sort=VCVULNID&dir=DESC&LENGTH=1
The response will be in a binary format. This format is dependent on the given parameters in the request.
Report Actions
This section will describe additional actions that can be taken upon the reports. Accepted risk will allow you to add information on a specific finding where it clearly states that the finding is an accepted risk within your organization and when and for how long the finding is to be considered accepted. The accepted risk functionality can be set up to automatically accept new finding of the same type, so if the specific finding appears in another location it can be automatically accepted. During the accepted period that has been defined (or forever) the finding will automatically be marked as an accepted risk and contain the original comment.
Mark false positive should be used to send back feedback to the support team. It should not be used instead of the accepted risk feature since a false positive is something that has reported upon the wrong circumstances and not something that you don't think apply to your organization. If you think that it doesn't affect your organization or if you added compensating controls, then you should use the accepted risk and provide the reasoning within that comment. This will provide the report readers with the information that compensating controls are put into place and which person that supplied those details when.
Using the Verify functionality allows you to perform a scan against the target just using that single test. The verify function doesn't deduct any scans from your license so you are free to re-test if the remediation has resolved the reported issues.
The Comment vulnerability feature allow you to add information on a specific vulnerability that will also be present in the report.
Each finding can also be assigned to a specific user within the system. There is a built in ticketing system that should be used to track the remediation process.
Accept Risk
You can choose to accept a reported vulnerability by accepting the risk it will expose the company for.
| Required keys | |
|---|---|
| ACCEPTCOMMENT | The comment to be included in the report regarding why it has been accepted. |
| ACCEPTFORALLTARGETS | Boolean value if the risk should be accept on all targets which currently have this risk. |
| ACCEPTFOREEVER | Boolean value if the risk is accepted forever. |
| ACCEPTRISKADD | The number of days you accept the risk. |
| ACTION | ACCEPTRISK |
| XID | The unique identifier of the given object |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACCEPTFORALLTARGETS=0&ACCEPTCOMMENT=Test&XID=99&ACCEPTFOREEVER=0&ACCEPTFOREEVER=0&ACCEPTRISKADD=14&ACTION=ACCEPTRISK
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Mark False Positives
In order to mark a finding as a false positive you need the unique identifiction number for that specific report entry.
| Required keys | |
|---|---|
| ACTION | MARKFALSEPOSITIVE |
| INFORMATION | Text comment which will be available in conjunction with the false positive. |
| SENDINFO | Should be set to 1 if you would like to notify Outpost24 support department regarding this entry. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?INFORMATION=Test&XID =99&SENDINFO=off&ACTION=MARKFALSEPOSITIVE
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Verify
You can perform a verification scan of a specific finding. This will just perform the check for the specific vulnerability and the result will be present in the report afterwards. This can be done on all types of findings except the following : Port scanning entires and those that are of the family Web Application Scanner (WAS).
| Required keys | |
|---|---|
| ACTION | STARTVERIFYDATA |
| XID | The uniq identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=99&ACTION=STARTVERIFYDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Comment Vulnerability
You can add comments to vulerabilities in the report. This is done by suplying the following information.
| Required keys | |
|---|---|
| ACTION | UPDATESCRIPTDATA |
| COMMENT | The comment which should be associated with this vulnerability. |
| ISCOMMENT | Must be set to 1 or true in order to add a comment. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=99&COMMENT=Test&ACTION=UPDATESCRPTDATA&ISCOMMENT=0
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Removed Marked False Positive
In order to remove the reported false positive you can perform an update on that specific report entry and reset the Boolean value to zero.
| Required keys | |
|---|---|
| ACTION | UPDATEREPORTFINDINGDATA |
| BFALSEPOS | Boolean value which should be set to 0 in order to remove the false positive flag from this entry. |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=99&BFALSEPOS=0&ACTION=UPDATEREPORTFINDINGDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Assign Report Entry as Ticket
You can mark findings as a task for any of you sub user s to take action upon. In order to do that you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | UPDATETICKETDATA |
| DUEDATE | The due date for this task. |
| ID | The task identification number. Should be set to NEW if you would like to create a new entry. |
| MESSAGE | The message which will be connected to this task. |
| MULTIPLE | Boolean value if the is regarding multiple entries or not. |
| NAME | The name of the task. |
| PRIORITY | The priority of this task. Value 1-5. |
| STATUS | The current status of the task. |
| TASKID | The task identification number. Should be set to -1 if you would like to created a new entry. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?DUEDATE=2013-04-08&MESSAGE=test&NAME=Test&PRIORITY=3&ID=New&TASKID=-1&STATUS=1&ACTION=UPDATETICKETDATA&MULTIPLE=&
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Report Types
This section will describe the other report types that can be extracted from the system.
Delta report:
This report will show you the differences between two selected reports (or previous). This is handy when you would like to see what has changed since the last time of scanning. It will display your changes both on the specific vulnerabilities and also any changes in the number of open ports. The changes are reported on the added or removed basis so it really easy to see what has been resolved (removed) and what needs to be prioritized (added).
Overview report:
The overview report will show you how the findings are distributed over vulnerability family and also upon which port you have the most reported issues.
Solution report:
This report will provide you with the "QUICK WINS", that is the "make me look good" list. It will provide the information where you gain the most risk reduction with least amount of work required. Instead of report based on the vulnerability it will display the findings based on their solution, so if updating to the latest version of a version would resolve multiple issues they will only have one entry in the solution report with the number of vulnerabilities that will be resolved by applying the required solution.
Trend report:
This report will give you a historical representation of how the number of high, medium and low risk has evolved during the selected trend period.
Delta Report
You can get a delta view over how the vunerabilities are changed during different periods.
| Required keys | |
|---|---|
| ACTION | REPORTDELTAREPORTS |
| GROUPS | The unique group identification number which you would like to get the delta for. |
| LENGTH | The number of periods. |
| PERIOD | 1 = week |
| PORT | Boolean value if you would like to include delta information on the open/closed port with the response. |
| SCANLOGXID | The unique scan log identifier that you would like to get the delta view for. |
| STARTSCANXID | A scan log id wich you would like to compare the the selected report with. |
| TARGETS | The unique target identification number which you would like to get the delta for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?PORT=1&SCANLOGXID=&PERIOD=4&STARTSCANXID=1&GROUPS=,-1,&ACTION=REPORTDELTAREPORTS&LENGTH=30&TARGETS=-1
Example response:
<RESPONSE>
<REPORTLIST>
<REPORT>
<VCTARGET>192.168.200.2</VCTARGET>
<IPADDRESS>192.168.200.2</IPADDRESS>
<FIRSTREPORTDATE>2009-10-09 12:57</FIRSTREPORTDATE>
<LASTREPORTDATE>2009-11-06 09:38</LASTREPORTDATE>
<XID>1026608</XID>
<XIPXID>87384</XIPXID>
<SCANNERNAME>Local</SCANNERNAME>
<ADDED>29</ADDED>
<REMOVED>8</REMOVED>
<UNCHANGED>20</UNCHANGED>
<HIGH>0</HIGH>
<MEDIUM>0</MEDIUM>
<LOW>0</LOW>
</REPORT>
</REPORTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| ADDED | The number of vulnerabilities which where added between the two dates. |
| FIRSTREPORTDATE | The first report date which is used in the comparison. |
| HIGH | Number of high risk. |
| IPADDRESS | The IP address which this delta is for. |
| LASTREPORTDATE | The last report date which is used in the comparison. |
| LOW | Number of low risks. |
| MEDIUM | Number of medium risks. |
| REMOVED | The number of vulnerabilities which where removed between the two dates. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| UNCHANGED | The number of vulnerability which where unchanged between the two dates. |
| VCTARGET | Text representation of the target. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
Overview Report
You can get an overview over how the vulnerabilities are distributed based on different criteria.
| Required keys | |
|---|---|
| ACTION | REPORTFINDINGSTAT |
| GROUPBY | Which overview you would like to have. Currently the following are available: VCFAMILY | IRISK | IPORT | ACCEPTED |
| GROUPS | The unique group identification number which you would like to get the oveview for. |
| TARGETS | The unique target identification number which you would like to get the overview for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?GROUPS=-1&GROUPBY=VCFAMILY&ACTION=REPORTFINDINGSTAT&TARGETS=-1
Example response:
<RESPONSE>
<REPORTLIST>
<REPORT>
<VCFAMILY>ubuntu</VCFAMILY>
<COUNT>41</COUNT>
</REPORT>
</REPORTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| COUNT | The amount of vulnerabilities found for the selected overview. |
| VCFAMILY | The family name of the vulnerability. |
Solution Report
You can get a solution view of your reported vulnerabilities.
| Required keys | |
|---|---|
| ACTION | REPORTSOLUTIONS |
| GROUPS | The unique group identification number which you would like to get the solutions for. |
| SCANLOGXID | The unique scan log identifier that you would like to get the solution view for. |
| TARGETS | The unique target identification number which you would like to get the solutions for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?SCANLOGXID=&GROUPS=,-1,&ACTION=REPORTSOLUTIONS&TARGETS=-1
Example response:
<RESPONSE>
<REPORTLIST>
<REPORT>
<SOLUTIONTYPE>2</SOLUTIONTYPE>
<SOLUTIONPRODUCT>Microsoft SMB</SOLUTIONPRODUCT>
<SOLUTIONTITLE>Restrict access to the SMB service</SOLUTIONTITLE>
<SOLUTION>Restrict access to the SMB service</SOLUTION>
<ORDERING>217926</ORDERING>
<COUNT>2</COUNT>
<TARGETCOUNT>1</TARGETCOUNT>
<HIGHRISKS>2</HIGHRISKS>
<MEDIUMRISKS>0</MEDIUMRISKS>
<LOWRISKS>0</LOWRISKS>
</REPORT>
</REPORTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| COUNT | The total number of vulnerabilities that has this solution. |
| HIGHRISKS | The number of high risks that this solution will resolve |
| LOWRISKS | The number of low risks that this solution will resolve. |
| MEDIUMRISKS | The number of medium risks that this solution will resolve |
| ORDERING | Internal use. |
| SOLUTION | The solution text that explaines that action needs to be taken to resolve the issue. |
| SOLUTIONPRODUCT | The product that the solution affects. |
| SOLUTIONTITLE | Short title regarding the solution. |
| SOLUTIONTYPE | The type of the solution. See Appendix_M |
| TARGETCOUNT | The number of targets that has this solution. |
Trend Report
You can get a trend overview over how the vulnerabilities are distributed based on differentperiods.
| Required keys | |
|---|---|
| ACTION | REPORTTREND |
| GROUPS | The unique group identification number which you would like to get the trend for. |
| LENGTH | The number of the periods |
| PERIOD | 1 = Week 2 = Month 3 = Year |
| TARGETS | The unique target identification number which you would like to get the trend for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?PERIOD=3&GROUPS=-1&ACTION=REPORTTREND&LENGTH=4&TARGETS=-1
Example response:
<RESPONSE>
<REPORTLIST>
<REPORT>
<DATE>2013-07-17 00:00</DATE>
<LOWACCEPTED>0</LOWACCEPTED>
<MEDIUMACCEPTED>0</MEDIUMACCEPTED>
<HIGHACCEPTED>0</HIGHACCEPTED>
<LOW>0</LOW>
<MEDIUM>0</MEDIUM>
<HIGH>0</HIGH>
<ADDED>0</ADDED>
<REMOVED>0</REMOVED>
<OPENED>2</OPENED>
<CLOSED>0</CLOSED>
<ISCVSS>0.0</ISCVSS>
</REPORT>
</REPORTLIST>
</RESPONSE
| Response keys | |
|---|---|
| ADDED | The number of added findings. |
| CLOSED | The number of closed findings. |
| DATE | The date when this information was gathered. |
| HIGH | The number of high findings. |
| HIGHACCEPTED | The number of high findings which are accepted. |
| ISCVSS | The sum of all calculated CVSS scores added together. |
| LOW | The number of low findings. |
| LOWACCEPTED | The number of low findings which are accepted. |
| MEDIUM | The number of medium findings. |
| MEDIUMACCEPTED | The number of medium findings which are accepted. |
| OPENED | The number of opened ports. |
| REMOVED | The number of removed findings. |
Report schedule
This section will describe how you can schedule reports to be automatically sent out to a defined recipient.
Multiple entries can be defined so different types of reports can be sent to the same recipient. The reports can also be defined to only contain specific host, groups or even using a report template (target selection and filtering combined).
On a HIAB it is also possible to transfer the file out to an external server using either FTP or SCP. Those options will be available once such servers have been defined in the maintenance section.
List Schedule Report
In order to see all the scheduled reports which has been added to the system on your profile you need to supply the details.
| Required keys | |
|---|---|
| ACTION | REPORTSCHEDULEDATA |
| SCANTYPE | The available scan types: 0 : OUTSCAN 1 : PCI 2 : WAS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?SCANTYPE=0&ACTION=REPORTSCHEDULEDATA
Example response:
<RESPONSE>
<REPORTSCHEDULES>
<SCHEDULE>
<XID>1005</XID>
<XUSERXID>114</XUSERXID>
<NAME>MySchedule</NAME>
<FREQUENCY>1</FREQUENCY>
<LASTDATE>2011-04-30 00:00</LASTDATE>
<LATESTDATE>2011-10-03 10:00</LATESTDATE>
<DAYWEEKMONTH>0</DAYWEEKMONTH>
<REPORTTYPE>3</REPORTTYPE>
<PERIOD>2</PERIOD>
<LENGTH>1</LENGTH>
<FORMAT>7</FORMAT>
<RECIPIENT>-1</RECIPIENT>
<RECIPIENTEMAIL>securitygroup@mycompany.com</RECIPIENTEMAIL>
<ENCRYPTIONKEY>df.key</ENCRYPTIONKEY>
<TARGETGROUPS>,-1,</TARGETGROUPS>
<SCANTYPE>0</SCANTYPE>
<RECIPIENTTYPE>0</RECIPIENTTYPE>
<OWNER>Daniel Fredriksson</OWNER>
<INCLUDEHOSTINFO>1</INCLUDEHOSTINFO>
<REPORTLEVEL>0</REPORTLEVEL>
</SCHEDULE>
</REPORTSCHEDULES>
</RESPONSE>
| Reponse keys | |
|---|---|
| DAYWEEKMONTH | Flag if specific day of week or month should be used (available on monthly scanning). |
| ENCRYPTIONKEY | Name of the encryption key which shall be used to encode the report. |
| FORMAT | Binary encoding of the format to be include. |
| FREQUENCY | The frequency of the scheduled time for this job. |
| INCLUDEHOSTINFO | Boolean flag if target information should be included in the exported report. |
| LASTDATE | The last date and time when the report was generated. |
| LATESTDATE | Run schedule until this given date. |
| LENGTH | The lenght of the given period. |
| NAME | The name of the report schedule. |
| OWNER | The owner of the object. |
| PERIOD | The period of the scheduled report. See Appendix B. |
| RECIPIENT | The unique idenfication number of the user who should receive the report. Set to -1 if custom email address are used. |
| RECIPIENTEMAIL | The custom email address if no recipient identification number is specified. |
| RECIPIENTETYPE | The type of reciepient: |
| REPORTLEVEL | The number of sub levels of the groups that will be included in the group report. |
| REPORTTEMPLATE | The report template to use when generating the report. |
| REPORTTYPE | The type of report to export. See Appendix I. |
| SCANTYPE | The available scan types: 0 : OUTSCAN 1 : PCI 2 : WAS |
| TARGETGROUPS | Comma separated list of target groups to be included in the report. |
| XID | The unique identifier of the given object. |
| XUSERXID | The unique user id. |
Update Scheduled Report
You can schedule reports to be generated at a specific time.
| Required keys | |
|---|---|
| ACTION | UPDATEREPORTSCHEDULEDATA |
| NAME | Name of the schedule report. |
| RECIPIENT | The recipient of the report. |
| REPORTTYPE | The type of report to receive. See Appendix I. |
| SCANTYPE | The available scan types: 0 : OUTSCAN 1 : PCI 2 : WAS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?REPORTTYPE=1&NAME=Test&RECIPIENT=0&SCANTYPE=0&ACTION=UPDATEREPORTSCHEDULEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Remove Schedule Report
In order to remove a scheduled report you need the unique identification number for that specific report schedule. This is retrieved from the list of already defined report schedules ( See section : List Schedule Report).
| Required keys | |
|---|---|
| ACTION | REMOVEREPORTSCHEDULEDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=1754&ACTION=REMOVEREPORTSCHEDULEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Manage Tickets
In the system you can create custom and report specific tickets to be assigned to any of your defined users. The tickets can be defined to automatically become generated and assigned from within the event system. There is also an option to define an escalation rule for each individual user in case a due date has been exceeded.
List Tickets
You can retrieve a list of tickets by supplying the following information.
| Required keys | |
|---|---|
| ACTION | TICKETDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=TICKETDATA
Example response:
<RESPONSE>
<TICKETLIST>
<TICKET>
<XID>1821</XID>
<TYPE>6</TYPE>
<DUEDATE>2009-07-01 00:00</DUEDATE>
<PRIORITY>1</PRIORITY>
<STATUS>1</STATUS>
<SCRIPTID>-1</SCRIPTID>
<SCRIPTNAME/>
<NAME>My First Ticket</NAME>
<TASKID>100</TASKID>
<ASSIGNEE>Daniel Fredriksson</ASSIGNEE>
<WASFINDING>0</WASFINDING>
<PCIFINDING>0</PCIFINDING>
<SCHEDULEOBJECTNAME/>
<VERIFIED>0</VERIFIED>
</TICKET>
</TICKETLIST>
</RESPONSE>
| Response key | |
|---|---|
| ASSIGNEE | The assigned user of this task. |
| DREPORTDATE | The report date and time which this task is regarding. |
| DUEDATE | The due date of this task. |
| IPADDRESS | The IP address of the target which this task is concerning. |
| IPORT | The port of the finding of which this task is concerning. |
| IPROTOCOL | The protocol of the finding. |
| NAME | The name of the task. |
| PCIFINDING | Boolean value if this is regarding a PCI finding. |
| PORT | A text description of the port of which this task is concerning. |
| PRIORITY | The task priority (1-5) |
| PROTOCOL | A text decription of the protocol. |
| REPORTXID | Internal use. |
| SCHEDULEOBJECTNAME | The schedule name conerning this task |
| SCHEDULEOBJECTXID | The unique schedule id conerning this task |
| SCRIPTID | The vulnerability script id which this task is conerning. |
| SCRIPTNAME | The vulnerability name. |
| STATUS | Current status of this task. |
| TARGETTYPE | The available types of targets: 0 : IP 1 : Host name 2 : NetBIOS name. |
| TASKID | The unique identificatioin number of this task. |
| TYPE | The type of task: 0 : Single entry 1 : Whole report |
| VCVULNID | The vulnerability script id which this task is conerning. |
| VERIFIED | Boolean value if this finding has been verified or not. |
| VIRTUALHOST | The virtual hosts for this target. |
| WASFINDING | Boolean flag if this task concerns a Web Application Scan. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XSUBUSERXID | The unique identifier of sub user which this object is connected to. |
Update Ticket
In order to create a ticket you have to supply the following information.
| Required keys | |
|---|---|
| ACTION | UPDATETICKETDATA |
| DUEDATE | The due date for this task. |
| ID | The task idenfication number. Should be set to NEW if you would like to create a new entry. |
| MESSAGE | The message which will be connected to this task. |
| MULTIPLE | Boolean value if the task is regarding multiple entries or not. |
| NAME | The name of the task. |
| PRIORITY | The priotity of this task. Value 1-5 |
| STATUS | The current status of this task. |
| TASKID | The taskidentification number. Shoiuld be set to -1 if you would like to create a new entry. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?DUEDATE=2019-04-08&MESSAGE=test&NAME=Test&PRIORITY=3&ID=New&TASKID=-1&STATUS=1&ACTION=UPDATETICKETDATA&MULTIPLE=&
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Remove Ticket
If you are the main account holder the you can actually remove a ticket from the system. Please note that this isn't possible by any other user. In order to remove a ticket you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | REMOVETICKETDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=9326&ACTION=REMOVETICKETDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Manage Audit
Here you can retrieve a list of some actions which has been taken place in the system by the defined users so that you can see who did what and when.
This might be a requirement from your auditor but can come in handy when it comes to tracking changes within the system.
Please note that this information is only retained for 1 year. If longer storage is required, you are required to manually download and store this information in a remote system on an annual basis.
View Audit History
You can retrive a list of some actions which has been taken place in the system by the defined users so that you can see how did what and when.
| Required keys | |
|---|---|
| ACTION | AUDITDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=AUDITDATA
Example response:
<RESPONSE>
<AUDITLIST>
<AUDIT>
<XID>1185216</XID>
<XXID>4710</XXID>
<NAME>Api Api</NAME>
<XVCAPP>tSubUserS</XVCAPP>
<IMODE>1</IMODE>
<TXCUSTOM/>
<XTIME>2014-02-18 08:59</XTIME>
<VCFIRSTNAME>Api</VCFIRSTNAME>
<VCLASTNAME>Api</VCLASTNAME>
<LIMITED>1</LIMITED>
</AUDIT>
</AUDITLIST>
</RESPONSE>
| Response keys | |
|---|---|
| IMODE | 0 = Added |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request. |
| NAME | The full name on the account that performed the action. |
| TXCUSTOM | Additional details of the modification. |
| VCFIRSTNAME | The first name of the user. |
| VCLASTNAME | The surmane of the user. |
| XID | The unique identifier of the given object. |
| XTIME | The data and time when the action was performed. |
| XVCAPP | The application which the audit log entry is concerning. See Appendix N. |
| XXID | The unique identification number for the entry which this log is about. |
Export Audit History
The audit log can also be exported from the system. This request will result in a binary file being provided of the XLS format.
| Required keys | |
|---|---|
| ACTION | EXPORTAUDIT |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=EXPORTAUDIT
The response will be in a binary format. This format is dependent on the given parameters in the request.
Manage Events
The event notifications area allows for actions to be performed upon certain events. These actions can be sent out over SNMP, syslog or email.
Please see Appendix N for a complete list of all possible actions.
List Event Notifications
In order to list the defined event notifications which are present in the system you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | LOGGINGDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=LOGGINGDATA
Example response:
<RESPONSE>
<LOGLIST>
<LOG>
<XID>19678</XID>
<XUSERXID>114</XUSERXID>
<XREFID>20</XREFID>
<ITYPE>3</ITYPE>
<RECIPIENT>df@outpost24.com</RECIPIENT>
<TARGETLIST/>
<TARGETGROUPLIST/>
<MYSCANS>1</MYSCANS>
<NEWFINDINGS>1</NEWFINDINGS>
<SCANFORMAT>0</SCANFORMAT>
<ATTACHREPORT>0</ATTACHREPORT>
<REPORTTYPE>0</REPORTTYPE>
<SCANTYPE>7</SCANTYPE>
<TARGETINFORMATION>1</TARGETINFORMATION>
</LOG>
</LOGLIST>
</RESPONSE>
| Response keys | |
|---|---|
| ASSIGNEE | The user which is assigned the ticket (Please note that this field may not be present). |
| ATTACHREPORT | Boolean value if the report should be attached to the email if selected. |
| ENCRYPTIONKEY | The encryption key that will be used to encrypt any attached report (Please note that this field may not be present). |
| EVENTNAME | The name of the notification event (Please note that this field may not be present). |
| ITYPE | The event type: 1 : Syslog 2 : SNMP 3 : Email 4 : SMS 5 : Ticket |
| MYSCANS | Boolean value if this should only be for scans which the user has scheduled. |
| NEWFINDINGS | Boolean value if this event is only for new findings. |
| RECIPIENT | Email address where the event will be sent to (Please note that this field may not be present). |
| REPORTTYPE | The report type that will be attached to the event notfication. See Appendix I. |
| SCANFORMAT | The additional information format that should be included in the event. |
| SCANTYPE | The available scan types: 0 : OUTSCAN 1 : PCI 2 : WAS |
| TARGETGROUPLIST | For which target groups that this notification will take place. |
| TARGETINFORMATION | Boolean value if additional target information should be included in the notification. |
| TARGETLIST | The target list as accepted by the graphical user interface. |
| TICKETPRIORITY | The priority that will be set for the assigned task if defined (Please note that this field may not be present). |
| XASSIGNEE | The full name of the user which is assigned task if defined (Please note that this field may not be present). |
| XID | The unique identifier of the given object. |
| XREFID | See Appendix N. |
| XUSERXID | The unique user id. |
Update Event Notification
In order to add an event notification you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | UPDATELOGGINGDATA |
| ITYPE | 1 : Syslog |
| RECIPIENT | The recipient of the event |
| XREFID | See Appendix N. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XREFID=11&RECIPIENT=test@example.com&ITYPE=3&ACTION=UPDATELOGGINGDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Remove Event Notification
In order to remove any event notification you need to supply the unique identification number for that specific event.
| Required keys | |
|---|---|
| ACTION | REMOVELOGGINGDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=26903&ACTION=REMOVELOGGINGDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Manage Dashboard.
The dash board gives a quick overview of the status of your network. It holds modules that gives information about various aspects of the targets and their risks.
Top Groups
Shows the groups with the most vulnerabilities.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_TOPGROUPS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPGROUPS
Example response:
<RESPONSE>
<TOPGROUPS>
<STAT>
<XID>21077</XID>
<NAME>Risk</NAME>
<XIPARENTID>19923</XIPARENTID>
<XPATHUP>21077,19923</XPATHUP>
<COUNT>104</COUNT>
<RULEBASED>0</RULEBASED>
<REPORTBASED>0</REPORTBASED>
<HASCHILDNODES>1</HASCHILDNODES>
<PATH>Report Groups / Risk</PATH>
<POSITION>1</POSITION>
</STAT>
</TOPGROUPS>
</RESPONSE>
| Response keys | |
|---|---|
| COUNT | The number of vulnerabilities present in this group. |
| HASCHILDNODES | Boolean value if this group has any child nodes. |
| NAME | The name of the group. |
| PATH | The group path. |
| POSITION | The position in the path. |
| REPORTBASED | Boolean value if the group is based on a Reporting group. |
| RULEBASED | Boolean value if the group is based on a Dynamic group. |
| XID | The unique identifier of the given object. |
| XIPARENTID | The unique id for anyparent object for this object within the system. |
| XPATHUP | Internal use only. |
Top Ports
Shows the ports with most vulnerabilities.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_TOPPORTS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPPORTS
Example response:
<RESPONSE> <TOPPORTS> <STAT> <PORT>445</PORT> <COUNT>95</COUNT> </STAT> </TOPPORTS> </RESPONSE>
| Response keys | |
|---|---|
| COUNT | The number of open ports |
| PORT | The port number |
Top Applications
Shows the applications found that has most vulnerabilities in the specified target group.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_TOPAPPS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPAPPS
Example response:
<RESPONSE> <RESPONSE/> </RESPONSE>
| Response keys |
|---|
Risk Summary
Display how many targets that have high, medium, and low risk.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_RISKSUMMARY |
Optional Keys
The risk summary can also be extracted for a specific group.
Optional keys | |
|---|---|
| GROUPXID | The group that you would like to receive the risk summary for. If omitted it will report all based on all targets. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_RISKSUMMARY
Example response:
<RESPONSE>
<RISKCOUNT>
<STAT>
<HIGH>4</HIGH>
<LOW>1</LOW>
<MEDIUM>3</MEDIUM>
<HIGHTREND>-2</HIGHTREND>
<LOWTREND>0</LOWTREND>
<MEDIUMTREND>-2</MEDIUMTREND>
<TOTAL>9</TOTAL>
</STAT>
</RISKCOUNT>
</RESPONSE>>
| Response keys | |
|---|---|
| HIGH | The number of high risks. |
| HIGHTREND | The trend of high risks. |
| LOW | The number of low risks. |
| LOWTREND | The trend of low risks. |
| MEDIUM | The number of medium risks. |
| MEDIUMTREND | The trend of medium risks. |
| TOTAL | The total number of vulnerabilities on the selected group (or all targets it omitted). |
Remediation Statistics
Shows how long it takes on average to re-mediate risks on the targets in the specified target.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_REMEDIATIONSTATS |
| GROUPXID | The group that you would like to receive the risk summary for. If omitted it will report all based on all target. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?GROUPXID=-1&ACTION=DASHBOARD_REMEDIATIONSTATS
Example response:
<RESPONSE>
<RISKCOUNT>
<STAT>
<DAY>2013-11-19 00:00</DAY>
<DAYSHIGH>1674</DAYSHIGH>
<DAYSMEDIUM>1708</DAYSMEDIUM>
<DAYSLOW>1765</DAYSLOW>
</STAT>
</RISKCOUNT>
</RESPONSE>>
| Response keys | |
|---|---|
| DAY | The date for this statistics. |
| DAYSHIGH | The number of days it takes to resolve a high risk vulnerability. |
| DAYSLOW | The number of days it takes to resolve a low risk vulnerability. |
| DAYSMEDIUM | The number of days it takes to resolve a medium risk vulnerability. |
Top Platforms
Shows the platform distribution found that has most vulnerabilities in the specified target group.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_TOPPLATFORMS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPPLATFORMS
Example response:
<RESPONSE> <RESPONSE/> </RESPONSE>
| Response keys |
|---|
Top Targets
Shows the targets with most vulnerabilities in the specified target group.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_TOPTARGETS |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPTARGETS
Example response:
<RESPONSE>
<TOPTARGETS>
<STAT>
<XID>87384</XID>
<NAME>192.168.200.2</NAME>
<COUNT>88</COUNT>
</STAT>
</TOPTARGETS>
</RESPONSE>
| Response keys | |
|---|---|
| COUNT | The number of vulnerabilities present on the specific target. |
| NAME | The target name or IP. |
| XID | The unique identifier of the given object. |
Top Vulnerabilities
Shows the platform distribution found that has most vulnerabilities in the specified target group.
| Required keys | |
|---|---|
| ACTION | DASHBOARD_TOPVULNERABILITIES |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=DASHBOARD_TOPVULNERABILITIES
Example response:
<RESPONSE>
<TOPVULNERABILITIES>
<STAT>
<VCVULNID>205390</VCVULNID>
<VCNAME>Mozilla Firefox file:// Directory Listing XSS Vulnerability</VCNAME>
<COUNT>1</COUNT>
</STAT>
</TOPVULNERABILITIES>
</RESPONSE>
| Response keys | |
|---|---|
| COUNT | The number of occurences of this vulnerability. |
| VCNAME | Name of the vulnerability. |
| VCVULNID | The script id for the vulnerability. |
Vulnerability Database
The vulnerability database lets you look at the vulnerability checks, and also see their descriptions and suggested solutions.
It is also possible to get the number of times a specific vulnerability has been detected within your network..
List Vulnerabilities
In order to list the vulnerabilities you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | SCRIPTDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCRIPTDATA
Example response:
<RESPONSE>
<SCRIPTLIST>
<SCRIPT>
<XID>100018</XID>
<VCNAME>RPC Portmapper</VCNAME>
<VCFAM>rpc</VCFAM>
<IRISK>0</IRISK>
<ICVSS>0</ICVSS>
<VCCVE>CVE-1999-0632</VCCVE>
<VCCVSSVECTOR>(AV:N/AC:L/Au:N/C:N/I:N/A:N)</VCCVSSVECTOR>
<VCBUG>No bugtraq</VCBUG>
<SCRIPTCREATED>2007-04-04 00:00</SCRIPTCREATED>
<CVSS_SCORE>0.0</CVSS_SCORE>
<HASEXPLOITS>0</HASEXPLOITS>
<LIMITED>1</LIMITED>
</SCRIPT>
</SCRIPTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| CVSS_SCORE | The CVSS score for this vulnerability. |
| HASEXPLOITS | Boolean flag if the vulnerability has a known exploit. |
| ICVSS | The calculated CVSS number for this vulnerability. Divide it by 10 to get the correct number. |
| IRISK | The risk level that this vulnerability is graded to. See Appendix J. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the limit. parameter in the request. |
| SCRIPTCREATED | The date when this script was created. |
| VCBUG | The Bugtraq ID for this vulnerability. |
| VCCVE | The CVE reference for this vulnerability. |
| VCCVSSVECTOR | The CVE vector for this vulnerability. |
| VCFAM | The family that this vulnerability belongs to. |
| VCNAME | The name of this vulnerability. |
| XID | The unique identifier of the given object. |
Extended Script Information
If you supply the script identification you can get additional information like description and solutions for a specific vulnerability.
| Required keys | |
|---|---|
| ACTION | SCRIPTDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=289428&ACTION=SCRIPTDATA
Example response:
<RESPONSE>
<SCRIPTLIST>
<SCRIPT>
<XID>289428</XID>
<VCNAME>Sun JRE: TLS / DTLS Protocol CBC-mode Ciphersuite Timing Analysis Plaintext Recovery Cryptanalysis Attack</VCNAME>
<VCFAM>sun</VCFAM>
<IRISK>2</IRISK>
<VCCVE>CVE-2013-0169</VCCVE>
<VCBUG>No bugtraq</VCBUG>
<ICVSS>26</ICVSS>
<VCCVSSVECTOR>(AV:N/AC:H/Au:N/C:P/I:N/A:N)</VCCVSSVECTOR>
<CDESC>The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJRE, PolarSSL, and other products, do not properly consider timing sidechannel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen"
issue.</CDESC>
<CSOL>Upgrade to version 1.7.0_45 or later of Sun JRE.</CSOL>
<CVSS_SCORE>2.6</CVSS_SCORE>
<SOLUTIONTYPE>6</SOLUTIONTYPE>
<SOLUTIONPRODUCT>Sun JRE</SOLUTIONPRODUCT>
<SOLUTIONTITLE>Upgrade to version 1.7.0_45 or later of Sun JRE</SOLUTIONTITLE>
<HASEXPLOITS>0</HASEXPLOITS>
<FINDINGCOUNT>0</FINDINGCOUNT>
</SCRIPT>
</SCRIPTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| CDESC | The description for this vulnerability. |
| CSOL | The solution for this vulnerability. |
| CVSS_SCORE | The CVSS score for this vulnerability. |
| FINDINGCOUNT | The number of occurences of this vulnerability in your system. |
| HASEXPLOITS | Boolean flag if the vulnerability has a known exploit. |
| ICVSS | The calculated CVSS number for this vulnerability. Divide it by 10 to get the correct number. |
| IRISK | The risk level that this vulnerability is graded to. See Appendix J. |
| SOLUTIONPRODUCT | The solution product. |
| SOLUTIONTITLE | Short title regarding the solution . |
| SOLUTIONTYPE | The solution type. See Appendix_M |
| VCBUG | The Bugtraq ID for this vulnerability. |
| VCCVE | The CVE reference for this vulnerability. |
| VCCVSSVECTOR | The CVE vector for this vulnerability. |
| VCFAM | The family that this vulnerability belongs to. |
| VCNAME | The name of this vulnerability. |
| XID | The unique identifier of the given object. |
Web Application Scanner
The web application scanner is used to detect vulnerabilities on the web server such as cross site scripting and SQL injection.
If you have the full version you can also detect the following vulnerability types:
- XSS Element
- XSS Attribute
- XSS Header
- SQL Injection
- Remote File Include
- Local File Include
- Code Injection
- Command Injection
- Format String
- CRLF Injection
- Cross Site Request Forgery
Scope
The web application scanning is defined as a scope which includes the information about which links to follow and which IP:s we are allowed to follow during the crawling phase.
In the scope you can also define white-list, black-list and IP range which are used by the host name (if it's load balanced). There are also possible to define different authentication procedures, required cookies, fixed parameter values, user agent and HTTP refer.
Update Scheduled Scope
In order to add a web application scope you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | WASUPDATESCHEDULEDATA |
| MAXIMUMLINKS | The maximum number of links that the crawler will follow during the detect phase. |
| NAME | The name of the Web Application Scanning schedule scope. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?NAME=RemoveMe&ACTION=WASUPDATESCHEDULEDATA&MAXIMUMLINKS=20
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Scheduled Scopes
In order to alist the vulnerabilities you need to supply the following information.
| Required keys | |
|---|---|
| ACTION | WASSCHEDULEDATA |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=WASSCHEDULEDATA
Example response:
<RESPONSE>
<SCHEDULELIST>
<SCHEDULE>
<XID>1745084</XID>
<XUSERXID>114</XUSERXID>
<XSUBUSERXID>-1</XSUBUSERXID>
<MAXSCANTIME>6</MAXSCANTIME>
<NAME>TestSchedule</NAME>
<SCANWINDOWS>2</SCANWINDOWS>
<SCANWINDOWDELAY>1</SCANWINDOWDELAY>
<LATESTSCANSTATUS>24</LATESTSCANSTATUS>
<LATESTSCANDATE>2012-05-04 08:51</LATESTSCANDATE>
<URILIST>http://www.outpost24.com/demo</URILIST>
<URIBLACKLIST>www.outpost24.com/blacklisted</URIBLACKLIST>
<URIWHITELIST>www.outpost24.com/</URIWHITELIST>
<MAXIMUMLINKS>2000</MAXIMUMLINKS>
<REQUESTDELAY>0</REQUESTDELAY>
<TRANSFERTIMEOUT>20000</TRANSFERTIMEOUT>
<EVENTTIMEOUT>0</EVENTTIMEOUT>
<XSSREFLECTED>1</XSSREFLECTED>
<XSSPERSISTENT>1</XSSPERSISTENT>
<CONTENTANALYSIS>1</CONTENTANALYSIS>
<SQLINJECTION>1</SQLINJECTION>
<TIMESQLINJECTION>0</TIMESQLINJECTION>
<REMOTEFILEINCLUDE>1</REMOTEFILEINCLUDE>
<LOCALFILEINCLUDE>1</LOCALFILEINCLUDE>
<CODEINJECTION>1</CODEINJECTION>
<COMMANDINJECTION>1</COMMANDINJECTION>
<FORMATSTRING>1</FORMATSTRING>
<CRLFINJECTION>1</CRLFINJECTION>
<UNVALIDATEDREDIRECT>1</UNVALIDATEDREDIRECT>
<ENABLEAJAX>0</ENABLEAJAX>
<SCANNERID>0</SCANNERID>
<SCANNERNAME>Local</SCANNERNAME>
<ISWAS>1</ISWAS>
<DISCOVERYMODE>1</DISCOVERYMODE>
<DAYWEEKMONTH>0</DAYWEEKMONTH>
<FREQUENCY>10</FREQUENCY>
<OWNER>Daniel Fredriksson</OWNER>
<LATESTSCANDURATION>00:01:00</LATESTSCANDURATION>
<AVERAGESCANDURATION>00:01:00</AVERAGESCANDURATION>
<DELETED>0</DELETED>
</SCHEDULE>
</SCHEDULELIST>
</RESPONSE>
| Response keys | |
|---|---|
| AVERAGESCANDURATION | The average scan time. |
| CODEINJECTION | Boolean value if the test shall include code injection checks. |
| COMMANDINJECTION | Boolean value if the test shall include command injection checks. |
| CONTENTANALYSIS | Boolean value if the test shall include content analysis checks. |
| CRLFINJECTION | Boolean value if the test shall include CRLF injection checks. |
| DAYWEEKMONTH | Flag if specific day of week or month should be used (available on monthly scanning). |
| DELETED | Boolean value if this entry is marked as removed and should not be displayed. |
| DISCOVERYMODE | Boolean value if the scan only shall include the crawler part and not send any spikes to the target host. |
| ENABLEAJAX | Boolean value if the scan shall parse JavaScript and try to enumerate additional links. |
| EVENTTIMEOUT | The timeout in seconds before the web application scanner no longer waits for an event to be processed. |
| FORMATSTRING | Boolean value if the scan shall include format string injection checks. |
| FREQUENCY | The frequency of the scheduled time for this job. |
| ISWAS | Boolean flag which specifies that this schedule is a Web Application Scan instead of a normal one. |
| LATESTSCANDATE | When this schedule was scanned the latest time. |
| LATESTSCANDURATION | The duration of the latest scan. |
| LATESTSCANSTATUS | The latest scan status of this schedule. |
| LOCALFILEINCLUDE | Boolean value if the test shall include local file include injection chacks. |
| MAXIMUMLINKS | The maximum number of links that the scanner will follow (please note that on these links it may detect more URI's than the maximum number specified). |
| MAXSCANTIME | The maximum amount of time allowed to scan this schedule. |
| NAME | The name of the Web Application Scan scope schedule/definition. |
| OWNER | The owner of the object. |
| REMOTEFILEINCLUDE | Boolean value if the test shall include remote file include injection checks. |
| REQUESTDELAY | The delay in seconds between each request. |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCANWINDOWDELAY | The delay between scan windows (in days). |
| SCANWINDOWS | The number of allowed scan windows for this schedule. |
| SQLINJECTION | Boolean value if the test shall include SQL injection checks. |
| TIMESQLINJECTION | Boolean value if the test shall include timed SQL injection checks. |
| TRANSFERTIMEOUT | The transfer timeout before we continue to the next URI. |
| UNVALIDATEDREDIRECT | Boolean value if the test shall include checks for unvalidated URL redirects. |
| URIBLACKLIST | New line separated list of URI or sections of an URI of locations which the scanning isn't allowed to scan. |
| URILIST | New line separated list of URI's that the scanner will cover. |
| URIWHITELIST | New line separated list of the ONLY URI's that the scanner is allowed to cover. |
| WASCERTIFICATE | Certificate to use when performing web application scans. |
| XID | The unique identifier of the given object. |
| XSSPERSISTENT | Boolean value if the test shall include persistant XSS injection checks. |
| XSSREFLECTED | Boolean value if the test shall include reflected XSS injection checks. |
| XSUBUSERXID | The unique identifier of sub user which this object is connected to. |
| XUSERXID | The unique user id. |
Delete Scheduled Scope
In order to remove a scope you need to supply the unique identification number for that specific scope.
| Required keys | |
|---|---|
| ACTION | WASREMOVESCHEDULEDATA |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=174661&ACTION=WASREMOVESCHEDULEDATA
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
List Running Scans
It is possible to see the current status of the currently running scans. These can also be paused, resumed or stopped. When a scan is stopped, please allow some time for it to finish gracefully. The scanner will try to terminate it as quickly as possible.
List Running Scans
In order to see a list of currently running scans you shall supply the following information.
| Required keys | |
|---|---|
| ACTION | SCANSTATUSDATA |
| VCSERVICE | Should be set to W in order to only see Web Applications scan status. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?VCSERVICE=W&ACTION=SCANSTATUSDATA
Example response:
<RESPONSE>
<STATUSLIST>
<STATUS>
<XID>2122465</XID>
<XUSERXID>1000</XUSERXID>
<XSUBUSERXID>1000</XSUBUSERXID>
<XSOXID>1003</XSOXID>
<SCANNERID>-1</SCANNERID>
<SCANNERNAME>Local</SCANNERNAME>
<REMOTEXID>6961</REMOTEXID>
<COMPANY>Outpost24</COMPANY>
<VCSERVICE>O</VCSERVICE>
<VCPERCENT>10/15</VCPERCENT>
<IPERCENTV>66</IPERCENTV>
<ITHREADID>2122465</ITHREADID>
<VCSTATUS>running</VCSTATUS>
<VCSTATE>CAT_SCAN</VCSTATE>
<BPAUSE>0</BPAUSE>
<BSTOP>0</BSTOP>
<VCJOBNAME>Test API</VCJOBNAME>
<VCGNAME>lpattack15</VCGNAME>
<IATTACKERID>15</IATTACKERID>
<VCTARGET>91.216.32.140</VCTARGET>
<XIPXID>1140</XIPXID>
<ICOUNT>1</ICOUNT>
<IVERIFY>0</IVERIFY>
<DSCANSTARTED>2012-11-16 10:45</DSCANSTARTED>
<DSCANSTART>2012-11-16 10:45</DSCANSTART>
<DSCANEND>2012-11-16 22:45</DSCANEND>
<XTEMPLATE>-2</XTEMPLATE>
<XSCANJOBXID>7147</XSCANJOBXID>
<TXSETTINGS/>
<PROBEID>11fbf171</PROBEID>
<SCANWINDOWS>1</SCANWINDOWS>
<SCANWINDOWDELAY>1</SCANWINDOWDELAY>
<RESUMING>0</RESUMING>
<SCANSENT>0</SCANSENT>
<TARGETTYPE>0</TARGETTYPE>
<ISSTOPPED>0</ISSTOPPED>
<ISPAUSED>0</ISPAUSED>
<DBSCHEMA/>
<SCANLESSREPORTXID>-1</SCANLESSREPORTXID>
<SMARTFILTERING>1</SMARTFILTERING>
<HOSTNAME>www.outpost24.com</HOSTNAME>
<LOOKUP>0</LOOKUP>
<SCANSCHEMA>scan</SCANSCHEMA>
<WAKEONLAN/>
<WAKEONLANDELAY>0</WAKEONLANDELAY>
</STATUS>
</STATUSLIST>
</RESPONSE>
| Response keys | |
|---|---|
| BPAUSE | Boolean flag if the scan is marked as paused. |
| BSTOP | Boolean flag if the scan is marked as stopped. |
| COMPANY | The name of the comapny for this account. |
| DBSCHEMA | Internal use only. |
| DSCANEND | Date and time information when the scan will terminate if not already finished. |
| DSCANSTART | Date and time information when the scan shall start. |
| DSCANSTARTED | Date and time information when the scan started. |
| HOSTNAME | The FQDN of the host. |
| IATTACKERID | The internal attacker id which this scan is running from . |
| ICOUNT | The number of targets within this scan scope. |
| IPERCENTV | The percentage value of the progress of the scan. |
| ISPAUSED | Boolean flag if the scan is paused. |
| ISSTOPPED | Boolean flag if the scan is stopped. |
| ITHREADID | The thread identification number within the system. Used for performing actions upon specific scans. |
| IVERIFY | Boolean flag if the running scan is a verification scan. |
| LOOKUP | Boolean flag if any discovered targets will perform a lookup upon adding them to the system. |
| PDETECTTEMPLATE | The scan policy which will be used on scan started by a discovery/scan type of scan. |
| PROBEID | The unique probe identification number (Please note that this field may not be present). |
| REASON | The comment that will be used when adding targets to the system if the are detected (Please note that this field may not be present). |
| REMOTEXID | Internal use. |
| RESUMING | Boolean flag if this scan is resumed from a previosly paused scan. |
| SCANLESSREPORTXID | The unique identifier of the report which is updated using the SLS feature. |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCANSCHEMA | Internal use. |
| SCANSENT | Boolean flag if the scan has been sent to the designated scanner. |
| SCANWINDOWDELAY | The delay between scan windows (in days). |
| SCANWINDOWS | The number of allowed scan windows for this schedule. |
| SMARTFILTERING | Boolean flag if the results will utilize smart filtering. |
| TARGETTYPE | The available types of targets: 0 : IP 1 : Host name 2 : NetBIOS name. |
| TEMPLATE | The scan policy utilized by this object (Please note that this field may not be present). |
| TXREPORT | Deprecated (Please note that this field may not be present). |
| TXSETTINGS | Text settings for this scan. |
| VCGNAME | Internal use. |
| VCJOBNAME | The name of the schedule job. |
| VCPERCENT | Text representation of the percentage value. |
| VCSERVICE | Should be set to W in order to only see Web Applications scan status. |
| VCSTATE | Current state of the scan. |
| VCSTATUS | Current status of the scan. |
| VCTARGET | Text representation of the target. |
| WAKEONLAN | Boolean flag if targets should woken up by the WOL feature. |
| WAKEONLANDELAY | The delay before targets will be scanned since the WOL request is sent. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XSCANJOBXID | The unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range). |
| XSOXID | The unique identifier of the schedule object which contain the schedule preferences. |
| XSUBUSERXID | The unique identifier of sub user which this object is connected to. |
| XTEMPLATE | The unique identifier of the scan policy utilized by this object. |
| XUSERXID | The unique user id. |
Start a Scan
In order to start a scan you need to supply the unique identification number for a specific schedule. This can be retrieved from the schedule list ( See section : List Schedule ).
| Required keys | |
|---|---|
| ACTION | STARTSCAN |
| ONLYSCANNOW | Should be set to 1 |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ONLYSCANNOW=1&ACTION=STARTSCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Pause a Scan
In order to pause a currently running scan you need to supply the unique identification number for that specific scan This can be retrived from the scan list ( See section : List Running Scans ).
| Required keys | |
|---|---|
| ACTION | PAUSESCAN |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=PAUSESCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Resume Scan
In order to resume a currently paused scan you need to supply the unique identification number for that specific scan This can be retrived from the scan list ( See section : List Running Scans ).
| Required keys | |
|---|---|
| ACTION | RESUMESCAN |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=RESUMESCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Stop Scan
In order to stop a currently running scan you need to supply the unique identification number for that specific scan This can be retrived from the scan list ( See section : List Running Scans ).
| Required keys | |
|---|---|
| ACTION | STOPSCAN |
| XID | The unique identifier of the given object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?XID=,13&ACTION=STOPSCAN
The above given request will generate a generic response.
More information about this response type is available in Appendix A.
Report Findings
Here you can see the result of a web application scan and also export the results to different formats. .
Retrieve Report Entries
In order to retrieve scanning results you need to supply the the following information.
| Required keys | |
|---|---|
| ACTION | REPORTTARGETDATA |
| GROUPS | Comma separated list of unique group identifiers to be included in the report. |
| TARGETS | Comma separated list of unique target identifiers to be included in the report. |
Optional Keys
If based on a schedule object you should provide it's unique identification number in the following parameter.
| Optional keys | |
|---|---|
| SCANLOGXID | The unique scan log entry id for the schedule job which you would like to retrive reports for. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?GROUPS=,-1,&ACTION=REPORTTARGETDATA&TARGETS=-1
Example response:
<RESPONSE>
<REPORTLIST>
<REPORT>
<XTEMPLATE>2</XTEMPLATE>
<GLOBALTEMPLATE>1</GLOBALTEMPLATE>
<VERIFIED>0</VERIFIED>
<SCHEDULEJOB>Application server</SCHEDULEJOB>
<CVSSSCORE>0.0</CVSSSCORE>
<PCICVSSSCORE>0.0</PCICVSSSCORE>
<DFIRSTSEEN>2009-11-05 12:00</DFIRSTSEEN>
<DLASTSEEN>2009-11-05 12:00</DLASTSEEN>
<DATE>2009-11-05 12:00</DATE>
<XIPXID>87386</XIPXID>
<VCTARGET>192.168.200.33</VCTARGET>
<HOSTNAME>www.example.com</HOSTNAME>
<IPORT>445</IPORT>
<IPROTOCOL>6</IPROTOCOL>
<XID>5800689</XID>
<VCNAME>Port scanner</VCNAME>
<VCVULNID>101010</VCVULNID>
<BFALSEPOS>0</BFALSEPOS>
<BNEW>1</BNEW>
<BPCI>0</BPCI>
<TYPE>Port</TYPE>
<SERVICENAME>netbios-ssn</SERVICENAME>
<IRISK>0</IRISK>
<ORIGINALRISKLEVEL>-1</ORIGINALRISKLEVEL>
<SCANNERNAME>Local</SCANNERNAME>
<POTENTIALFALSE>0</POTENTIALFALSE>
<CUSTOM0>SE</CUSTOM0>
<CUSTOM1>1</CUSTOM1>
<CUSTOM2>dalskdjlasjd</CUSTOM2>
<CUSTOM3/>
<CUSTOM4>London</CUSTOM4>
<ACCEPTEDLENGTH>0</ACCEPTEDLENGTH>
<ACCEPTED>0</ACCEPTED>
<VCVHOST/>
<TARGETTYPE>0</TARGETTYPE>
<PLATFORM>ND</PLATFORM>
<ASSIGNEE>Unassigned</ASSIGNEE>
<ISADDED>0</ISADDED>
<FINDINGDATE>2009-11-05 12:00</FINDINGDATE>
<HASFPCOMMENT>0</HASFPCOMMENT>
<AGE>1565.0</AGE>
<HASEXPLOITS>0</HASEXPLOITS>
<LIMITED>1</LIMITED>
</REPORT>
</REPORTLIST>
</RESPONSE>
| Response keys | |
|---|---|
| ACCEPTCOMMENT | The comment given when this vulnerability was accepted (Please note that this field may not be present). |
| ACCEPTED | Boolean value if the vulnerability has been accepted. |
| ACCEPTEDLENGTH | The number of days the vulnerability has been accepted. |
| AGE | The number of days since the first occurrence of this specific finding. |
| ASSIGNEE | The user who has a ticket assigned to him/her for this entry. |
| BFALSEPOS | Boolean value if this vulnerability is marked as a false positive or not. |
| BNEW | Boolean value if this finding wasn't reported on the previous report for this target. |
| BPCI | Boolean value if this report is a PCI report. |
| CUSTOM0 | Custom attributed defined on either an user or a target. |
| CUSTOM1 | Custom attributed defined on either an user or a target. |
| CUSTOM2 | Custom attributed defined on either an user or a target. |
| CUSTOM3 | Custom attributed defined on either an user or a target. |
| CUSTOM4 | Custom attributed defined on either an user or a target. |
| CVSSSCORE | The CVSS score for this vulnerability. |
| DATE | The date and time when this scan was performed. |
| DFIRSTSEEN | The date and time when this finding was first detected on this host. |
| DLASTSEEN | The date and time when this finding was last seen on this host. |
| FINDINGDATE | The date and time when this finding was updated. |
| GLOBALTEMPLATE | The global template that was used if any. |
| HASEXPLOITS | Boolean flag if the vulnerability has a known exploit. |
| HASFPCOMMENT | Boolean flag if the target has false positive comments. |
| HOSTNAME | The FQDN of the host. |
| IPORT | The port where this vulnerability was detected upon. |
| IPROTOCOL | The protocol used when detecting this vulnerability. |
| IRISK | The risk level that this vulnerability is graded to. See appendix G. |
| ISADDED | Boolean value if this vulnerability has been added after the initial scan. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request. |
| ORIGINALRISKLEVEL | The original risk level for this vulnerability. |
| PCICVSSSCORE | The PCI CVSS score for this vulnerability ( Doesn't reflect DOS ). |
| PLATFORM | The detected platform for this vulnerability. |
| POTENTIALFALSE | Boolean value if this vulnerability are a potential false positive. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCHEDULEJOB | The name of the schedule job which is associated with this entry. |
| SERVICENAME | The name of the service listening on this port and protocol. |
| TARGETTYPE | The available types of targets: 0 : IP 1 : Host name 2 : NetBIOS name. |
| TYPE | The entry report type. |
| VCNAME | The Bugtraq ID for this vulnerability. |
| VCTARGET | Text representation of the target. |
| VCVHOST | The virtual host name where this vulnerability was detected. |
| VCVULNID | The unique script identification number given to this vulnerability. |
| VERIFIED | Boolean value if this finding has been verified or not. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XTEMPLATE | The unique identifier of the scan policy utilized by this object. |
Scan History
The scan history functions are the same as when you are viewing normal OUTSCAN or HIAB history. Please see earlier reference under Manage Schedule.
In order to see what has been executed in the past on your account you can retrieve a scan log which will contain the history of your scannings.
| Required keys | |
|---|---|
| ACTION | SCANLOG |
| WAS | Should be set to 1 in order to only see Web Application Scan log history |
Optional Keys
The following parameters can be supplied in case of you would like to exclude specific entries from being retrieved.
| Required keys | |
|---|---|
| EXCLUDEEMPTY | Boolean value if empty scan logs should be included in the results. |
| ITYPE | The type of this entry, see Appendix C. |
| TEMPLATE | The scan policy utilized by this object. |
Example request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=SCANLOG&WAS=1
Example response:
<RESPONSE>
<SCANLOGLIST>
<SCANLOG>
<XID>1821159</XID>
<VCHOST>1744737</VCHOST>
<XIPXID>-1</XIPXID>
<DSCANSTARTDATE>2011-01-26 14:16</DSCANSTARTDATE>
<DSCANENDDATE>2011-01-26 14:47</DSCANENDDATE>
<ITYPE>20</ITYPE>
<XTEMPLATE>-10</XTEMPLATE>
<SCANNERID>0</SCANNERID>
<XSOXID>1744737</XSOXID>
<SCHEDULEJOB>Was</SCHEDULEJOB>
<DISCOVERYTEMPLATE/>
<TARGET>Was</TARGET>
<XSCANJOBXID>1821159</XSCANJOBXID>
<SCANNERNAME>Local</SCANNERNAME>
<CONFIRMED>0</CONFIRMED>
<COMPLIANT>0</COMPLIANT>
<FROMHIAB>0</FROMHIAB>
<SCANTIME>00:31:00</SCANTIME>
<SUBMITTED>0</SUBMITTED>
<LAST>0</LAST>
<CANUPDATE>0</CANUPDATE>
<SCANLESS>0</SCANLESS>
<LATESTSCANUPDATE>2011-01-26 14:16</LATESTSCANUPDATE>
<HASWASSTATS>0</HASWASSTATS>
</SCANLOG>
</SCANLOGLIST>
</RESPONSE>
| Response keys | |
|---|---|
| CANUPDATE | Boolean flag if this entry can be updated using the SLS feature. |
| COMPLIANT | Boolean flag which shows if the target where compliant according to the PCI guidelines in case the scan refers to such a target. |
| CONFIRMED | Boolean flag if this target is confirmed within the PCI section. |
| DISCOVERYTEMPLATE | Name of the discovery job if it's a discovery |
| DSCANENDDATE | The date and time when the scan ended. |
| DSCANSTARTDATE | The date and time when the scan started. |
| FROMHIAB | Boolean flag which is set to 1 if the scan originated from a HIAB (only viable on OUTSCAN). |
| HASWASSTATS | Boolean flag if the target has web application scanning statistics. |
| IID | Internal use only. |
| ITYPE | The type of this entry, see Appendix C. |
| LAST | Boolean value if this is the latest entry for this target. |
| LATESTSCANUPDATE | Date and time when this scan where last updated using the SLS technology. |
| LIMITED | The presence of this field indicates that the response has been limited by the use of the "limit" parameter in the request. |
| SCANLESS | Boolean value if this is an SLS update of the report. |
| SCANNERID | The scanner id which this target will be tested from. |
| SCANNERNAME | The name of the scanner where this action takes place. |
| SCANTIME | The total amount of time the scan took. |
| SCHEDULEJOB | The name of the schedule job which is associated with this entry. |
| SUBMITTED | Boolean flag if this target is a PCI target and that the report hasn't been submitted yet in this quarter. |
| TARGET | The target that this entry is about. |
| TEMPLATE | The scan policy utilized by this object (Please note that this field may not be present). |
| VCHOST | The IP or host name of the target which where tested. |
| XID | The unique identifier of the given object. |
| XIPXID | The unique identifier of the target object. |
| XSCANJOBXID | The unique identifier of the scan job log object which contain all individual targets (entry with scan type set in the 20 range). |
| XSOXID | The unique identifier of the schedule object which contain the schedule preferences. |
| XTEMPLATE | The unique identifier of the scan policy utilized by this object. |
Appendix
In the following appendix we will provide information about additional features that are available through the use of the API. We will also provide look up thables of the meaning of the different field which are ised within the systemon different reqeusts.
Appendix A - Generic Request Response
When you are performing requests you will be presented with a generic status message when you are updating or removing an object. This looks like the following:
<RESPONSE> <SUCCESS>true</SUCCESS> <MESSAGE/> </RESPONSE>
The above response will also contain a reference to a DTD. The supplied DTD is NOT valid for the response and should be disregarded when parsing the response. Please set the code to avoid DTD validation.
Note
All responses from the XML API are wrapped in a RESPONSE tag
Appendix B - Schedule Frequency Table
The frequency table is used when you define different scheduled task like for instance scheduled report, scans, or back up tasks.
| Schedule code | Frequency |
|---|---|
| 1 | Weekly |
| 2 | Monthly |
| 3 | Quarterly |
| 4 | Fortnightly |
| 5 | Daily |
| 6 | Bimonthly |
| 10 | Once |
Appendix C - Scan Status Table
The scan status which is represented by a number is mapped to a type and action. Below you can see what the different codes stands for.
| Scan status code | Description |
|---|---|
| -1 | Not scanned |
| 0 | Completed (Scheduled) |
| 1 | Completed (Forced) |
| 2 | Timeout |
| 3 | Stopped |
| 4 | Stopped (By user) |
| 5 | Large report |
| 6 | Stopped (Large report) |
| 7 | Failed |
| 8 | Scan window paused |
| 9 | Scan window resume |
| 11 | Discovery - Scan running |
| 12 | Discovery - Done |
| 13 | Discovery -Time out |
| 14 | Discovery -Stopped |
| 18 | Schedule job not started |
| 19 | Schedule job currently running |
| 20 | Schedule job done |
| 22 | Schedule job failed |
| 30 | HIAB update |
| 31 | HIAB script update |
| 32 | HIAB backup |
| 33 | HIAB import |
| 34 | HIAB synchronize |
Appendix D - Error Codes
If a request fails or if you have not performed a correct request any of the following errors may be given in response.
| Error # | Message | Extended explanation |
|---|---|---|
| 100 | You are not logged in. | The action you have requested require that you are logged into the system. |
| 101 | Access is denied. | You don't have access to perform the requested function. |
| 102 | Incorrect login. | You have supplied the wrong credentials. |
| 103 | No records where removed. | You tried to remove something from the system but no records where removed during the request. |
| 104 | All required fields are not present. | All fields which are required in order to perform the request has not been supplied correctly. |
| 105 | The account you are trying to update does not exist. | The account you tried to update does not exist. |
| 106 | No targets found to be updated. | The target you tried to update does not exist. |
| 107 | The country code is invalid. | The supplied country code is not valid. |
| 108 | The mobile number is invalid. | The format of the mobile number is incorrect. |
| 109 | Username must be greater then four characters. | The minimum length of the user name id four characters. |
| 110 | The username is taken by another user. | The selected user name is not available. |
| 111 | Password must be greater then five characters. | Password must contain at least six characters. |
| 112 | Too many login attempts. The account is locked. | You have given the wrong password credentials to many times and the account has been locked. In order to gain access again you need to perform a Forgot login. |
| 113 | Old password is incorrect. | When you tried to change passwords you supplied the wrong old password. |
| 114 | <Not used> | |
| 115 | To many entries defined. The maximum is: | You are trying to add more than allowed. The error message will state how many entries that are allowed. |
| 116 | Unsupported value in field. | The mentioned field contains unsupported values. |
| 117 | No test was sent. Failed to find receiver. | This occurs if the user tries to send a test message and we are unable to determine the receiver. |
| 118 | Vaildation of input failed. | Something in the request isn't vaild. |
| 119 | <Not used> | |
| 120 | Invalid email address. | The email address isn't valid. |
| 121 | Parameter to low: | The mentioned parameter is to low. |
| 122 | Parameter to high: | The mentioned parameter is to high. |
| 123 | Importing data. Please try again later. | An import is being done, system will be disabled during that period. |
| 124 | Logged out due to inactivity. | The account has been logged out due to inactivity. |
| 500 | Internal server error. | When handling the request somethin unexpected occured which terminated the request. |
| 998 | Database not in UTF-8. Localization disabled. Contact support. | The database is missing a significant patch, please contact support for further assistance. |
| 999 | Server is not registered. | The HIAB appliance is not registered to an account on Outpost24, please contact support for further instructions. |
Appendix E - Country Codes
A complete and up to date list of supported country codes by the system can be retrieved from the system by performing the following request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=COUNTRYDATA
Example response:
<COUNTRYLIST>
<COUNTRY rowid="1">
<XID>af</XID>
<VCNAME>Afghanistan</VCNAME>
<VCAREACODE>93</VCAREACODE>
<TIMEZONE>Asia/Kabul</TIMEZONE>
</COUNTRY>
</COUNTRYLIST>
Appendix F - State Codes
A complete and up to date list of supported state codes by the system can be retrieved from the system by performing the following request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=STATEDATA
Example response:
<STATELIST>
<STATE rowid="1">
<XID>AL</XID>
<VCNAME>ALABAMA</VCNAME>
<TIMEZONE>US/Central</TIMEZONE>
</STATE>
</STATELIST>
Appendix G - Scanning Policies
A complete and up to date list of supported scanning policies by the system can be retrieved from the system by performing the following request:
https://outscan.outpost24.com/opi/XMLAPI?ACTION=TEMPLATEDATA
Example response :
<TEMPLATELIST>
<TEMPLATE rowid="1">
<XID>39</XID>
<NAME>test</NAME>
<GLOBAL>0</GLOBAL>
<ENABLEDFAMILYLIST></ENABLEDFAMILYLIST>
<DISABLEDFAMILYLIST></DISABLEDFAMILYLIST>
<ENABLEDSCRIPTLIST></ENABLEDSCRIPTLIST>
<DISABLEDSCRIPTLIST></DISABLEDSCRIPTLIST>
<PARTIALLYDISABLEDFAMILYLIST></PARTIALLYDISABLEDFAMILYLIST>
<UIHINTENABLEDSCRIPTLIST></UIHINTENABLEDSCRIPTLIST>
</TEMPLATE>
</TEMPLATELIST>
Appendix H - Audit Applications
The audit application will use the following string representations of different parts in the system.
| Value | Description |
|---|---|
| tHiab | HIAB changes |
| tMonitorHostS | Monitor log |
| tOutscanFileS | Uploaded files |
| tPdetectS | Discovery scans |
| tReportS | Report generation |
| tReportTextS | Report text modifications |
| tReport_DisputeS | PCI Disputes |
| tSavedscanprefS | Scan policies |
| tScannerS | Distributed scan changes |
| tScheduleObjectS | Schedules |
| tSubUserS | Sub account |
| tUserGroupS | Groups |
| tUserDataS | Targets |
| tWorkflowS | Tickets |
Appendix I - Report Types
When exporting reports you need to specify which type of report you would like to receive.
| Type | Description |
|---|---|
| 0 | Summary |
| 2 | Executed scripts |
| 3 | Detailed |
| 4 | Trend summary |
| 5 | Trend detailed |
| 7 | Group summary |
| 8 | Delta report |
| 9 | Solution report |
| 10 | PCI summary |
| 11 | PCI detailed |
Appendix J - Risk Table
In the reporting section the risk value is mapped to the following risk level.
| Risk | Description |
|---|---|
| 0 | Information |
| 1 | Low risk |
| 2 | Medium risk |
| 4 | High risk |
Appendix K - Additional Features
In all requests which will produce some sort of list you can supply additional parameters in order to filter out and sort the results in different manners.
Limit
If no limit is defined it will use a default limit which is set by the system ( often 50 ) but it depends on which request you are doing. If you would like to disable the limit you should set it to -1.
Example :
https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&limit=20
Sort
You can define a field that you would like to sort upon from the response. You can also select which direction with the use of the dir parameter.
Example :
https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&sort=NAME&dir=ASC
GroupBy
You can also group the findings based on a field from the results with the use of the groupBy parameter.
Example :
https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&groupBy=NAME
Filter
You can create multiple filters if that is required but you need to number then with the start from 0.
First you need to define which field this is about and you do that with the use of the following parameter : filter[counter][field].
Then you need to define which comparison you would like it to perform in the filter, the supported ones are eq, lt, gt, and not. The parameter is called filter[counter][comparison].
Once that is done you need to give it a comparison value which is done with the parameter : filter[counter][value].
Now at last you need to define which type this value is in order to perform the correct comparison and this is done with the parameter : filter[counter][data][type]and the supported types are : date, boolean, list, numeric and string.
Example :
https://outscan.outpost24.com/opi/XMLAPI?ACTION=NOACTION&filter[0][data][type]=date&filter[0][field]=NAME&filter[0][comparison]=eq&filter[0][value]=Test
Appendix N - Event Type
Whan defining events you need to supply which event you would like to set up. This is a list of the available event types currently present.
| Type | Description |
|---|---|
| 0 | Finding - Information |
| 1 | Finding - Low risk |
| 2 | Finding - Medium risk |
| 4 | Finding - High risk |
| 5 | Scan results ready |
| 6 | Large report detected |
| 7 | Scan started |
| 8 | Scan timeout |
| 9 | Scan stopped |
| 10 | Scan failed |
| 11 | Network monitor - Open port |
| 12 | Network monitor - Closed port |
| 13 | Network monitor - Answer on ping |
| 14 | Network monitor - No answer on ping |
| 15 | HIAB update |
| 16 | HIAB boot |
| 18 | HIAB backup |
| 19 | System restarted |
| 20 | Discovery - Notification |
| 21 | Discovery - Alive host |
| 22 | Discovery - Dead host |
| 23 | Discovery - Host added to system |
| 24 | Target added to system |
| 25 | Target removed from system |
| 26 | Scan notification |
| 30 | User login notification |
| 31 | Scanner missing |
| 32 | Maintenance plan completed |
| 33 | Update failed |
| 34 | Verify done |
| 35 | Scan - Not reachable |
| 36 | Scan - Updated |
| 37 | Backup failed |
| 38 | Release notes |
| 39 | Scan: Could not start SLS |
| 40 | Scan: Schedule started |
Appendix M - Solutiontype
When fetching data from reporting tools, more precisely the solution category, the UI has a string as the category title while the XMLAPI uses a number for the attribute SOLUTIONTYPE.
| Type | Description |
|---|---|
| 0 | Unspecified |
| 1 | Unknown |
| 2 | Reconfigure (software) |
| 3 | Workaround |
| 4 | InProgress (solution is being investigated) |
| 5 | Contact vendor |
| 6 | Update (software) |
| 7 | Patch (software) |
| 8 | Unack (Unacknowledged solution by vendor) |
| 9 | NoSol (No known solution) |
| 10 | Account (change account settings) |
| 11 | Disable (the service) |
| 11 | Filter (access) |
| 13 | Malware |
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.