Outpost24 Vulnerability Scanner overview

IBM® QRadar® uses HTTPS to communicate with the Outpost24 vulnerability scanner API to download asset and vulnerability data from previously completed scans.

The following table lists the specifications for the Outpost24 vulnerability scanner:
Table 1. Outpost24 Vulnerability Scanner specifications
Specification Value
Scanner name Outpost24 Vulnerability Scanner
Supported versions HIAB V4.1

OutScan V4.1
Connection type HTTPS
More information Outpost24 website (http://www.outpost24.com/)

Server certificates

Before you add a scanner, a server certificate is required to support HTTPS connections. QRadar supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:
  • Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using Secure Copy (SCP) or Secure File Transfer Protocol (SFTP).
  • To automatically download the certificate to the/opt/qradar/conf/trusted_certificates directory, SSH into the Console or managed host and type the following command:

    /opt/qradar/bin/getcert.sh <IP_or_Hostname> <optional_port_(443_default)>.

Install the Java Cryptography Extension

The default certificates that are used by OUTSCAN and HIAB use 2048-bit keys. As a result, you must modify the Java cryptography when you use these certificates. For more information, see Installing the Java Cryptography Extension on QRadar.

Configuration steps

To configure QRadar to download asset and vulnerability data from an Outpost24 vulnerability scanner, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the Outpost24 Vulnerability Scanner RPM from the IBM Support Website onto your QRadar system.
  2. On the Outpost24 vulnerability scanner, create an application token for QRadar.
  3. On the QRadar Console, add the Outpost24 vulnerability scanner. Configure all required parameters and use the following table to identify specific Outpost24 values:
    Table 2. Outpost24 Vulnerability Scanner parameters
    Parameter Value
    Type Outpost24 Vulnerability Scanner
    Server Hostname The host name or IP address of the Outpost24 vulnerability scanner device.
    Port 443
    API token Must use the API token that you created on the Outpost24 vulnerability scanner device.
  4. Schedule a scan.