Outpost24 Vulnerability Scanner Overview

Server Certificates

Before you add a scanner, a server certificate is required to support HTTPS connections. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:

• Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using Secure Copy (SCP) or Secure File Transfer Protocol (SFTP).

• To automatically download the certificate to the/opt/qradar/conf/trusted_certificates directory, SSH into the Console or managed host and type the following command:

  /opt/qradar/bin/getcert.sh <IP_or_Hostname> <optional_port_(443_default)>

Install the Java Cryptography Extension

The default certificates that are used by OUTSCAN and HIAB use 2048-bit keys. As a result, you must modify the Java cryptography when you use these certificates. For more information, see Installing the Java Cryptography Extension on JSA.

Configuration Steps

To configure JSA to download asset and vulnerability data from an Outpost24 vulnerability scanner, complete the following steps:

1. If automatic updates are not enabled, download and install the most recent version of the Outpost24 Vulnerability Scanner RPM from the Juniper Downloads onto your JSA system.

2. On the Outpost24 vulnerability scanner, create an application token for JSA.

3. On the JSA Console, add the Outpost24 vulnerability scanner. Configure all required parameters and use the following table to identify specific Outpost24 values:

   Table 2: Outpost24 Vulnerability Scanner Parameters

   Parameter	Value
   Type	Outpost24 Vulnerability Scanner
   Server Hostname	The host name or IP address of the Outpost24 vulnerability scanner device.
   Port	443
   API token	Must use the API token that you created on the Outpost24 vulnerability scanner device.

4. Schedule a scan.