Outpost24 Connector

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.

Outpost24 Outscan is an automated vulnerability scanner that enables organizations to diagnose, monitor, and triage external vulnerabilities on your internet-exposed devices as well as verify your PCI Compliance for transactional businesses.

Tip: For more information on how third-party integrations work, see Connectors.

Connector Details

Details Description

Supported products

Outpost24

Category

Endpoint Security

Ingested data

Assets and Findings

Ingested Asset Classes

Device

Web Application

Integration type

UNI directional (data is transferred from the Connector to Tenable Exposure Management in one direction)

Supported version and type

SaaS (latest)

Prerequisites and User Permissions

Before you begin configuring the connector, make sure to:

  • Identify your Outpost Outscan Server URL (e.g., https://outscan.outpost24.com)

    1. Log in to your Outpost24 portal.

    2. Click your account name in the upper-right corner, then select IAM.

    3. In the Roles tab, click + Add role.

    4. Name the role Exposure Management or Tenable (or another preferred name).

    5. Grant View permissions to:

      • Asset groups

      • Assets

      • Findings

    6. Click Add to create the role.

    7. In the Users tab, click + Add user.

    8. Fill in the required details:

      • Provide a unique username.

      • Use a valid email address (a temporary password will be sent here).

    9. Click Add.

    10. Retrieve the password from the email. (Optional: log in and update the password.)

    1. In the Users tab, select the checkbox of the newly created user.

    2. Click Assign roles and check the role you created earlier.

    3. Click Assign.

    4. Click Assign resource groups, select the relevant resource groups, and click Assign.

    1. In the left navigation panel, click NetSec.

    2. In the bottom-left, click the target icon, then Navigate to: NetSec > Settings > Manage Users.

    3. In Manage User Accounts, navigate to the User Roles tab and click + New.

    4. Enter the role name you greated earlier, check Read Only, and click Save.

    5. In the User Accounts tab, right-click the same user and select Edit.

    6. In the Account Settings tab:

      • Check Active.

      • Check the newly created role under Granted User Roles.

    7. Navigate to the Granted Targets tab and uncheck Not all Targets Granted.

    8. Navigate to the Attributes tab:

      • Enter a value in the Uri* field (any unique string).

    9. Click Save.

Add a Connector

To add a new connector:

  1. In the left navigation menu, click Connectors.

    The Connectors page appears.

  2. In the upper-right corner, click Add new connector.

    The Connector Library appears.

  3. In the search box, type the name of the connector.

  4. On the tile for the connector, click Connect.

    The connector configuration options appear.

Configure the Connector

To configure the connector:

  1. (Optional) In the Connector's Name text box, type a descriptive name for the connector.

  2. (Optional) To use a preconfigured on-prem connector to connect to this connector, from the Gateway drop-down, select the on-prem connector you want to use for the connector. Otherwise, select Don't use gateway.

    Note: For information about configuring a gateway, see Tenable On-Prem Connector.

  3. In the Server URL section, type the URL for your Outpost24 server.

  4. In the Username and Password text boxes, paste the user credentials you generated in Outpost24.

  5. In the Data pulling configuration section, you can configure dynamic settings specific to the connector.

    • (Optional) To fetch NetSec assets and vulnerabilities from Outpost24, select the Fetch NetSec assets and vulnerabilities check box.

    • In the Asset Retention text box, type the number of days after which you want assets to be removed from Tenable Exposure Management. If an asset has not been detected or updated within the specified number of days, it is automatically removed from the application, ensuring your asset inventory is current and relevant.

      Tip: For more information, see Asset Retention.

  6. In the Test connectivity section, click the Test Connectivity button to verify that Tenable Exposure Management can connect to your connector instance.

    • A successful connectivity test confirms that the platform can connect to the connector instance. It does not, however, guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.

    • If the connectivity test fails, an error message with details about the issue appears. Click Show tests for more information about the exact error.

  7. In the Connector scheduling section, configure the time and day(s) on which you want connector syncs to occur.

    Tip: For more information, see Connector Scheduling.

  8. Click Create. Tenable Exposure Management begins syncing the connector. The sync can take some time to complete.

  9. To confirm the sync is complete, do the following:

Outpost 24 in Tenable Exposure Management

Locate Connector Assets in Tenable Exposure Management

As the connector discovers assets, Tenable Exposure Management ingests those devices for reporting.

To view assets by connector:

  1. In Tenable Exposure Management, navigate to the Assets page.

  2. In the Filters section, under 3rd Party Connectors, click the connector name for which you want to view assets.

    The asset list updates to show only assets from the selected connector.

  3. Click on any asset to view Asset Details.

Locate Connector Weaknesses in Tenable Exposure Management

As the connector discovers weaknesses, Tenable Exposure Management ingests those weaknesses for reporting.

To view weaknesses by connector: 

  1. In Tenable Exposure Management, navigate to the Weaknesses page.

  2. In the Filters section, under 3rd Party Connectors, click the connector name for which you want to view weaknesses.

    The weaknesses list updates to show only weaknesses from the selected connector.

  3. Click on any weakness to view Weakness Details.

Locate Connector Findings in Tenable Exposure Management

As the connector discovers individual findings, Tenable Exposure Management ingests those findings for reporting.

To view findings by connector:

  1. In Tenable Exposure Management, navigate to the Findings page.

  2. In the Filters section, under 3rd Party Connectors, click the connector name for which you want to view findings

    The findings list updates to show only assets from the selected connector.

  3. Click on any asset to view Finding Details.

Data Mapping

Exposure Management integrates with the connector via API to retrieve relevant weakness and asset data, which is then mapped into the Exposure Management system. The following tables outline how fields and their values are mapped from the connector to Exposure Management.

Device Mapping

Tenable Exposure Management UI Field

Outpost24 Field
Unique Identifier

id

Asset - Name

hostname or name
Asset - Operating Systems

os

Asset - First Observation Date firstSeen or created
Asset - Last Observed At

lastSeen or updated

Asset - External Tags

source

businessCriticality

exposed

assetIdentifiers
Asset Custom Attributes

tags

groups

Finding Mapping (for Device)

Tenable Exposure Management UI Field

Outpost24 Field
Unique Identifier

asset id + id + Unique Vulnerability id
Finding Name

name
CVEs

cve
CWEs cwe
Severity Driver

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score
Description

description
Port port
Protocol protocol
First Seen

firstSeen or created
Last seen (Observed)

lastSeen

Finding Custom Attributes

packageName or presentableName

vulnId or id

softwareComponent

cyrating

hasExploits

exploitProbability

nvdCvssV3Vector

Web Application Mapping

Tenable Exposure Management Value

Outpost24 Value
Unique Identifier

id
Asset - Name

name
Asset - First Observation Date

firstSeen or created
Asset - Last Observed At

lastSeen or updated

Asset - External Tags

tags

groups
Asset Custom Attributes

source

asset_identifiers

Finding Mapping (for Web Application)

Tenable Exposure Management UI Field

Outpost24 Field
Unique Identifier

asset id + match id + Unique Vulnerability id
Finding Name

name
CVEs

cve
CWEs cwe
Severity Driver

nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score
Description

description

First Seen

firstSeen or created
Last seen (Observed)

lastSeen

Finding Custom Attributes

url

source

port

protocol

id

softwareComponent

cyrating

hasExploits

exploitProbability

nvdCvssV3Vector

Finding Status Mapping

Tenable Exposure Management Status

[Connector] Status

Active

PRESENT

isAccepted:false (for NetSec)

FALSE_POSITIVE

IRREPRODUCIBLE

REJECTED

ACCEPTED

isAccepted:true (for NetSec)

TO_PUSH

TO_QA

PENDING_VERIFICATION

TO_REVIEW

TO_VERIFY

Fixed

FIXED

Note:For Outpost24, Exposure Management uses the findings_status field to determine finding status.

Finding Severity Mapping

Tenable Exposure Management Severity

[Connector] Score

Critical

CVSS: 9.0 - 10.0

Severity: Critical

High

CVSS: 7.0 - 8.9

Severity: High

Medium

CVSS4.0 - 6.9

Severity: Medium

Low

CVSS: 1-3.9

Severity:Low

None

CVSS:0

Severtity: empty

Note:For Outpost24, Exposure Management uses the nvdCvssV3Score or cvssV3Severity or nvdCvssV2Score field to determine severity.

Status Update Mechanisms

Every day, Tenable Exposure Management syncs with the vendor's platform to receive updates on existing findings and assets and to retrieve new ones (if any were added).

The table below describes how the status update mechanism works in the connector for findings and assets ingested into Tenable Exposure Management.

Update Type in Exposure Management

Mechanism (When?)

Archiving Assets

  • Asset that appears in Exposure Management and is not returned on the next connector sync

  • Asset not seen for X days according to "Last Seen". See Asset Retention

Change a Finding status from "Active" to "Fixed"

  • Finding no longer appears in the scan findings

  • Finding status changes to findings_status = FIXED on the vendor side]
Note: Updates on the vendor side are reflected in Tenable Exposure Management only when the next scheduled connector sync time is complete (once a day).

Uniqueness Criteria

Tenable Exposure Management uses defined uniqueness criteria to determine whether an ingested asset or finding should be recognized as a distinct record. These criteria help define how assets and findings are identified and counted from each connector.

Tip:  Read all about Third-Party Data Deduplication in Tenable Exposure Management

The uniqueness criteria for this connector are as follows:

Data

Uniqueness Criteria

Asset

id

Finding

asset id + id + Unique Vulnerability id
Detection

Website / cloud resource: checkId

Host: vulnId
Solution solutionUuid

Support Limitations and Expected Behavior

This section outlines any irregularities, expected behaviors, or limitations related to integration of the connector and Exposure Management. It also highlights details about ingested and non-ingested data to clarify data handling and functionality within this integration.

Some customers use the NetSec module in Outpost24, which includes host data collected from agents running on machines. In these cases, certain hosts may appear in NetSec but not in the Outpost24 Portal interface.

The Exposure Management connector ingests data from both the Portal and NetSec, which may result in assets appearing in Exposure Management that are not visible in the Outpost24 Portal.

Outpost24 does not differentiate between asset types (e.g., devices vs. web applications). As a result, it may represent multiple asset types as a single entity.

Exposure Management, however, distinguishes between asset types. This difference may lead to apparent duplication of assets in Exposure Management.

Example:

If an Outpost24 agent is installed on a machine that also hosts a web application:

  • Outpost24 displays this as a single asset.

  • Exposure Management displays two distinct assets: one as a device, and another as a Web Application.

This behavior is expected and results from Exposure Management granular asset classification model.

API Endpoints in Use

API version: v1.0

API

Use in Tenable Exposure Management

Required Permissions

/opi/rest/auth/login

Token generation

 None

/opi/rest/outscan/targets

Assets (devices)

 Read Only for all targets

/opi/rest/outscan/findings

Findings, Assets enrichment

 Read Only for all targets
/opi/rest/checks Detections View Findings
/opi/rest/assets Assets (Web applications) View Assets
/opi/rest/findings Findings View Findings
/opi/rest/matches Findings View Findings
/opi/rest/checks Detections View Findings
/opi/rest/asset-groups Asset enrichment (tags) View Asset Groups

Data Validation

This section outlines how to validate and compare data between Exposure Management and the Outpost24 platform.

Asset Data Validation

Objective: Ensure that the number of assets in Outpost24 aligns with the number of assets displayed in Tenable Exposure Management.

In Outpost24:

  1. Navigate to the Assets section and select the Assets tab.

  2. Apply a filter on the Source column based on asset type:

    • Select NETSEC and VERIFY to view device assets.

    • Select CLOUDSEC to view resources.

    • Select all other sources (excluding the above) to view web applications.

  3. At the top of the list, select the checkbox next to Name to highlight all items.

  4. At the bottom of the screen, review the total number of filtered assets.

    Note: Some customers use the NetSec module, which includes agents running on machines. These hosts may not appear in the Portal but are ingested into Exposure Management.Exposure Management displays all NetSec and Portal data sources, which may lead to a higher asset count.

In Tenable Exposure Management:

  1. Locate your connector assets.

  2. Compare the total number of assets between Outpost24 and Tenable Exposure Management.

Expected outcome: Asset counts may not align exactly due to Outpost24 grouping multiple asset types under a single entry, whereas Exposure Management separates these into distinct asset types (for example, device vs. web application).

If an asset is not visible in Exposure Management, check the following conditions:

  • The asset was archived based on the last observed date (last seen).

  • The asset was archived because it did not return in the connector's next sync.

    Tip: To learn more on how assets and findings change status, see Status Update Mechanisms.

Finding Data Validation

Objective: Ensure that the number of findings in Outpost24 aligns with the number of findings displayed in Exposure Management.

In Outpost24 Portal:

  1. Navigate to the Assets section and select the Assets tab.

  2. Apply a filter on the Source column based on asset type:

    • Select NETSEC and VERIFY to view device assets.

    • Select CLOUDSEC to view resources.

    • Select all other sources (excluding the above) to view web applications.

  3. Select the checkbox next to Name for all applicable assets.

  4. At the bottom of the screen, click Generate Report.

  5. In the wizard:

    • Select the Vulnerabilities report type.

    • Choose Detailed.

    • Uncheck PDF and select Excel format.

    • Choose Custom date range from 1999-01-01 to the current date.

  6. Download the generated Excel file from the cloud icon.

  7. Open the Risk Details sheet to view all findings.

In Outpost24 NetSec:

  1. Navigate to NetSec > Reporting Tools.

  2. Select the relevant Target Group (e.g., All Targets).

  3. Click Export Report.

  4. Set:

    • Format: Excel

    • Report Type: Vulnerability

    • Target Summary: All Selected Targets

  5. Download and open the file.

  6. Review the Vulnerability Details sheet to see all findings.

In Tenable Exposure Management:

  1. Locate your connector findings.

  2. Compare the total number of findings between Outpost24 and Tenable Exposure Management.

Expected outcome: Finding counts may differ slightly due to data granularity or filtering differences. Outpost24 may present one asset with multiple findings collapsed, whereas Exposure Management separates them per asset and source.

If a finding is missing from Exposure Management or no longer active, check the following conditions:

  • The finding is marked as Fixed and appears under the Fixed state on the Findings screen

  • The finding no longer appears because its related asset was archived.

    Tip: To learn more on how assets and findings are archived or change status, see Status Update Mechanisms.