Outpost24
Integration version: 5.0
Configure Outpost24 integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
API Root
|
String | https://your-appliance.outpost24.com | Yes | API root of the Outpost24 instance. |
|
Username
|
String | N/A | Yes | Username of the Outpost24 account. |
|
Password
|
Password | N/A | Yes | Password of the Outpost24 account. |
|
Verify SSL
|
Checkbox | Checked | Yes | If enabled, verifies that the SSL certificate for the connection to the Outpost24 server is valid. |
Use Cases
- Perform enrichment of entities
- Ingestion of alerts
Actions
Enrich Entities
Description
Enrich entities using information from Outpost24. Supported entities: IP Address, Hostname.
Parameters
All
Possible values:
- All
- Vulnerability
- Information
- Port
Specify a comma-separated list of risk level findings that are used during filtering.
Possible values: Initial, Recommendation, Low, Medium, High, Critical.
If nothing is provided, the action fetches findings with all risk levels.
Specify the number of findings to process per entity.
If nothing is provided, the action returns 100 findings.
Run On
The action is runs on the following entities:
- IP Address
- Hostname
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
{
"id"
:
24358
,
"ip"
:
"10.205.0.35"
,
"hostname"
:
"lix18.mirmine.net"
,
"businessCriticality"
:
"MEDIUM"
,
"exposed"
:
false
,
"created"
:
"2021-09-09T12:58:47.085514Z"
,
"firstSeen"
:
"2021-09-09T12:58:47.085514Z"
,
"source"
:
[
"NETSEC"
]
"Findings"
:
[
lis
t
o
f
f
i
n
di
n
gs
]
}
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| hostname | When available in JSON |
| ip | When available in JSON |
| exposed | When available in JSON |
| businessCriticality | When available in JSON |
| created | When available in JSON |
| firstSeen | When available in JSON |
| source | When available in JSON |
| count_initial_findings | When available in JSON |
| count_recommendation_findings | When available in JSON |
| count_low_findings | When available in JSON |
| count_medium_findings | When available in JSON |
| count_high_findings | When available in JSON |
| count_critical_findings | When available in JSON |
Case Wall
The action should not fail nor stop a playbook execution:
If data is available for one entity (is_success=true): "Successfully enriched the following entities using information from Outpost24 Mobile: {entity.identifier}".
If data is not available for one entity (is_success=true): "Action wasn't able to enrich the following entities using information from Outpost24: {entity.identifier}"
If data is not available for any entity (is_success=false): " None of the provided entities were enriched."
The action should fail and stop a playbook execution:
If a fatal error, like wrong credentials, no connection to the server, other is reported: "Error executing action "Enrich Entities". Reason: {0}''.format(error.Stacktrace): "Error executing action "Enrich Entities". Reason: invalid risk level filter values provided: {csv of invalid values}. Possible values: Initial, Recommendation, Low, Medium, High, Critical.'
Table Title:{entity.identifier}
Table Columns:
- Key
- Value
Table Title:{entity.identifier}
Table Columns:
- CVE
- Product Name
- Service Name
- Type
- Solution
- Reason
- Description
- Risk Level
Ping
Description
Test connectivity to the Outpost24 with parameters provided at the integration configuration page in the Google Security Operations Marketplace tab.
Parameters
N/A
Run On
This action doesn't run on entities, nor has mandatory input parameters.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Case Wall
| Result type | Value/Description | Type (Entity \ General |
|---|---|---|
|
Output message*
|
The action should not fail nor stop a playbook execution:
If successful: "Successfully connected to the Outpost24 server with the provided connection parameters!" The action should fail and stop a playbook execution:
If not successful: "Failed to connect to the Outpost24 server! Error is {0}".format(exception.stacktrace) |
General |
Connectors
Outpost24 - Outscan Findings Connector
Description
Pull information about outscan findings from Outpost24.
Configure Outpost24 - Outscan Findings Connector in Google SecOps
For detailed instructions on how to configure a connector in Google SecOps, see Configuring the connector .
Connector parameters
Use the following parameters to configure the connector:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
Product Field Name
|
String | Product Name | Yes | Enter the source field name in order to retrieve the Product Field name. |
|
Event Field Name
|
String | type | Yes | Enter the source field name in order to retrieve the Event Field name. |
|
Environment Field Name
|
String | "" | No | Describes the name of the field where the environment name is stored. If the environment field isn't found, the environment is the default environment. |
|
Environment Regex Pattern
|
String | .* | No | A regex pattern to run on the value found in the "Environment Field Name" field. Default is .* to catch all and return the value unchanged. Used to allow the user to manipulate the environment field via regex logic. If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment. |
|
Script Timeout (Seconds)
|
Integer | 300 | Yes | Timeout limit for the python process running the current script. |
|
API Root
|
String | https://your-appliance.outpost24.com | Yes | API root of the Outpost24 instance. |
|
Username
|
String | N/A | Yes | Username of the Outpost24 account. |
|
Password
|
Password | N/A | Yes | Password of the Outpost24 account. |
|
Type Filter
|
CSV | Vulnerability, Information, Port | Yes | Comma-separated list of type filters for the finding. Possible values: Vulnerability, Information, Port. |
|
Lowest Risk To Fetch
|
String | N/A | No | The lowest risk that needs to be used to fetch alerts. Possible values: Initial, Recommendation, Low, Medium, High, Critical. If nothing is specified, the connector ingests alerts with all risk levels. |
|
Max Days Backwards
|
Integer | 1 | No | The number of hours for which findings should be fetched. |
|
Max Findings To Fetch
|
Integer | 100 | No | The number of findings to process per one connector iteration. |
|
Use whitelist as a blacklist
|
Checkbox | Unchecked | Yes | If enabled, whitelist is used as a blacklist. |
|
Verify SSL
|
Checkbox | Checked | Yes | If enabled, verifies that the SSL certificate for the connection to the Outpost24 server is valid. |
|
Proxy Server Address
|
String | N/A | No | The address of the proxy server to use. |
|
Proxy Username
|
String | N/A | No | The proxy username to authenticate with. |
|
Proxy Password
|
Password | N/A | No | The proxy password to authenticate with. |
Connector rules
Proxy support
The connector supports proxy.
Need more help? Get answers from Community members and Google SecOps professionals.
