hiab & outscan - manage users - outpost24 … · 2. manage users section navigate to “main...
TRANSCRIPT
t
Last update: 9 February 2017
ManageUsersQuickStartGuide
TableofContents1. Executive Summary ................................................................................................................................. 3
2. Manage Users Section ............................................................................................................................. 4
2.1. Settings ......................................................................................................................................... 4
2.2. Manage Groups Tree .................................................................................................................... 4
2.3. Manage Users Tree ...................................................................................................................... 5
2.4. User Account Grid ......................................................................................................................... 5
2.5. Creating and Maintaining Users .................................................................................................... 7
2.5.1. Account Settings ............................................................................................................................ 8
2.5.2. Granted Targets ............................................................................................................................. 8
2.6. User Roles Tab ............................................................................................................................. 8
Maintaining User Role .......................................................................................................................... 9
Target management ............................................................................................................................. 9
Scan Scheduling ................................................................................................................................... 9
Reporting Tools .................................................................................................................................. 10
Compliance Scanning ......................................................................................................................... 10
Web Application Scanning .................................................................................................................. 10
PCI Management ................................................................................................................................ 10
Managed Reports ............................................................................................................................... 10
Vulnerability Management .................................................................................................................. 11
User Management .............................................................................................................................. 11
Ticket Management ............................................................................................................................ 11
Audit Log Management ....................................................................................................................... 11
License ............................................................................................................................................... 11
HIAB Management ............................................................................................................................. 11
3. Technical Support .............................................................................................................................. 11
AboutThisGuide
1. ExecutiveSummary
ThisdocumentismeanttoprovideusersacomprehensiveoverviewofthefeatureManageUsersforOutscanand
HIAB.ThisdocumenthasbeenelaboratedundertheassumptionthereaderhasaccesstotheOutscan/HIAB
AccountandGraphicalUserInterface.
Informationinthisdocumentissubjecttochangewithoutpriornotice.
Reproductionofanypartofthedocumentwithoutpriorpermissionisstrictlyforbidden.
©Outpost24.AllRightsReserved.
2. ManageUsersSectionNavigateto“MainMenu->Settings->ManageUsers”toaccessthefeature.Thisareaallowsforviewingand
editingofalltheusersthatyouareallowedtoadministrateinthesystem.
2.1. SettingsThesettingsoptioncanbe found in thetoprightcorner: thebuttonwith thesymbolofasmallcogwheel.The
settingsoptionisonlyavailableifyou’vealreadysetupLDAP/ADin“MainMenu->Settings->Server->LDAP/AD
(tab)”.
IntheLDAP/ADAttributeMappingyoumaydefinethemappingbetweentheHIABandtheLDAP/ADfields.
Enterthefieldthatmapstothefollowingfields:
• Username-Theusernameoftheusertoimport
• Firstname-Thefirstnameoftheusertoimport
• Lastname-Thelastnameoftheusertoimport
• EmailAddress-Theemailaddressoftheusertoimport
• Mobilenumber-Themobilenumberoftheusertoimport
• Country-Thecountryoftheusertoimport.
• State-Thestateoftheusertoimport
BaseDN-usethisspecificDomainNameinsteadoftheonedefined
fortheserver(BaseDNoverride).Ifthebox“Assignrolestousers
basedongroupsinLDAP/AD”withintheUserRolessectionischecked,youwillbeallowedtodefineastatic
groupreferenceonyouralreadydefineduserroles.Thesearecalled"LDAP/ADGroup"(under"MaintainUser
Role"),withintheUserRolesTab.Ifauserbelongstoanyofthesegroups,thentheywillautomaticallybe
assignedthatrole.
2.2. ManageGroupsTreeShowsahierarchicalstructureofyourdefinedUsergroups.The
groups’namesareshowninthetree.Clickinganygroupwilldisplaythe
userswhichareincludedinthatspecificgroup.Tocreateanewgroup,
eitherusethe“New”option,orrightclickandgroupandchoose“New”.Thiswillcreateanewsubgroupforthat
group.
2.3. ManageUsersTreeTheTopLevelrepresentsyouraccountandunderneaththis
youwillbeabletoseeahierarchicalstructureofalltheusersthatyou
canadministrate.Theuser'snamesareshowninthistree.Youmay
selectanyuserbyclickingonit.Thiswillchangetheuseraccountgrid
toonlyshowthatuser.Youdeselecttheuserbyclickingonitonce
more.
Filter:Youmayfiltertheusertreebyenteringapartialorfullnamein
thefilterarea.Thiswillonlyshowtheusersthatmatchthefilteringstring,andpossiblysomeparentaccounts
thatareneededtoshowthehierarchy.Presstheclearicontoclearthefilterandshowallusersagain.Thefilter
canbefoundatthebottomofthemanageuserstreesection.
2.4. UserAccountGridTheuseraccountgridshowsmoredetailedinformationabouttheusers.
It ispossible toaddor removecolumns in thisgrid tobetter suit your
needs.Toaddor removecolumns;click thedownpointingarrowthat
will appear when you hover your mouse pointer over the column.
Choose 'columns',andcheckthecheckboxesfor thecolumnsthatyou
wishtoadd.Belowyouwillfindalistofthedifferentcolumnsavailable.
• Logons-Displayshowmanytimestheuserhasloggedintothesystem
• 2-FactorAuthentication–Whatsortof2-factorauthenticationtheuseris
using
• Active-Iftheaccountactiveornot
• Country-Theusers’country
• Created-Thetimewhentheaccountwascreated
• Email-Theemailaddressoftheuser
• EmailSent-Thelasttimeaninformationemailorpasswordrecoveryemailwassenttotheuser
• Lastloggedon–Whentheuserlastloggedintothesystem.Ifthisentryisblanktheuserhasstillnotlogged
intothesystem
• Name-Thefullnameoftheuser
• ParentAccount-Theparentaccountoftheuseraccount.TopLevelmeansthatyouraccountistheparent
• Userroles–Thetypeofuserrolesassignedtotheuser
• Username-Theusernamethattheuserlogsintothesystemwith
Rightclickingonauserwillbringupacontextmenuwhereyoucanperformspecificactionsonthatuseroronthe
view.
• New-Willopenthe“Createnewuser”window
• Delete-Willdeletetheselecteduser
• Edit-Willallowyoutoperformchangesontheselecteduser
• Copy-Willcopytheselectedusers’basesettings,andopenanewuserwherethegeneralinformationneeds
tobefilledin.(Firstname,Lastname,Email,Mobilenumber,Country,UsernameandPassword)
• Export-WillexportthealluseraccountsasaCSVorHTMLfile
Byclickingontheplusiconordoubleclickonauseryouwilldisplayadditionalinformationabouttheuseraccount
2.5. CreatingandMaintainingUsersThebuttonsatthetopcenterofthescreenallowsyouto:New:Willallowyoutocreateanewuser
Delete:Willallowyoutoremoveanexistinguser
ImportfromLDAP/AD:Willallowyoutoimportusersfromyourserverifyouhaveconfiguredtheserversettings
mentionedunderchapter3.1Settings.
Whencreatinganewuseryouwillbepromptedwiththewindowshownbelow.Populateallthefollowingfields
withthecredentialsandinformationofthepersonforwhomyouarecreatinganaccountfor.
• Firstname,Lastname,Email,Mobilenumber,country,usernameandpasswordfortheuser
• ParentAccount-Setstheparentaccount,couldbeusedtocreatehierarchystructures
• Authentication-Willallowyoutodefineiftheusercredentialsshouldbeverifiedagainstthelocaldatabase
orthedefinedLDAPorActiveDirectoryserver
• Requirepasswordchangeonnextlogon-Willforcetheusertochangehis/herpasswordthenexttimethey
logintothesystem
• Twofactorauthentication–Ifenabled,youmaysetupthemodeofauthenticationfromhere.Mobile
SecurityCodeandGoogleAuthenticatorcanbeusedforauthentication.Themethodusedforauthentication
canbelimited,dependingontheoptionsconfiguredfortwofactorauthenticationinthesecuritypolicy.
WhenGoogleauthenticationisselected,youwillbeaskedtoenterthecredentialIDwhichisusedtosetup
theaccount
2.5.1. AccountSettings• Active–Determineifauseraccountshouldbeactiveornot• SuperUser-Defineiftheusershouldhavethesameprivilegesasthemainaccount(whichisunrestricted)• AllowEnrollHiab-DefinesiftheusershouldbeabletoenrolladditionalHIABs.Thismaybeusefulifa
distributedenvironmentisused• SendInformativeEmail–Ifactivated,theuserwillreceiveanemailnotificationwiththecredentialsdetails
definedfortheaccount.
• Escalateticketsto–Promptsyouwithadropdownmenuthatallowsyoutodefinewhoistoreceiveany
ticketthathasn'tbeenresolvedpriortoitsduedate(onlyticketsthatwereassignedtothisspecificuser)
UnlesstheuserisaSuperUser,youmustassigntheuserwithoneormoreGrantedUserRoles,otherwisetheuser
willnotbeallowedtoperformanyactionsinthesystem.
2.5.2. GrantedTargetsUndertheGrantedtargetstabyouwillbeabletodefinewhichtargetsandscanners(ifenabled)theuserwillhave
accessto.
• NotallTargetsGranted-Limitthetargetgroupsandtargetsauserisallowedtoseeandadministrate.This
optionhastwotabs:
o TargetGroup-WillshowasmalltreeofwhichtargetgroupstheHIABalreadyhasdefined.Check
thecheckboxforthegrouptheusershouldbeabletoadministrate
o Targets-Shouldbeusedsparselysinceitwillcreateanoverheadwhenitcomestoadministrative
taskinthelongrun.Theonlytimeyoushouldusethisfeatureiswhenyouwouldliketogrant
accesstoawholeIPrangewithouthavingtodefinealltargetswithinthesystem
• GrantedScanners-Limitwhichscannerstheuserhasaccesstowithinthesystem.IftheAllScannersboxis
checkedthentheuserwillalsoautomaticallyhaveaccesstoallscannersthatareaddedinthefuture
2.6. UserRolesTabThisareaisusedtoadministratetheuserroles.Everyusercanbegivenoneorseveraluserroleswhichwill
determinewhatactionstheuserisallowedtoperform.Youarealsoabletoassignmultipleuserrolestooneuser,
whichwillgiveyoutheabilitytocustomizetheuserpermissionsevenfurther.
New-Createsanewuserrole
Delete-Removesaselecteduserrole
WhenclickingonNewyouwillbepromptedwithanewwindowasseenbelow.
Thedifferentoptionswillbeexplainedonthenextpage.Ifenabled,somecheckboxeswillrevealmoreoptions
withinthespecificsection.
MaintainingUserRole
• Rolename-Everyuserroleneedstohaveagivennameinordertoidentifytherole
• LDAP/ADGroup-IfaLDAP/ADuserhavethisattribute,thenthisuserrolewillbeassignedtothatuserafter
login
• ReadOnly-Userwillnotbepermittedtodoanychangesornewcreationswhenthisoptionisenabled
Targetmanagement
• AdministrateTargets/TargetGroups-Thiswillallowtheusertoadministratetargetsandgroupsinthe
'ManageTargets'view
ScanScheduling
AdministrateScheduling-Determinesiftheuserisallowedtodefineandsetupnewscans
ForceTargetGroupinScheduling-Willenforcetheuseronlytousethealreadydefinedgroupsinthe
schedulingsection.Nomanualtargetscanbeenteredinthetargetstab
• AdministrateScanningPolicies-Determinesiftheuserisallowedtocreate,modifyandremovescanning
policieswithinthesystem
• Stopscans-Iftheuserisallowedtoadministratescanschedulinghe/shewillalsobeallowedtostopscansif
thissettingisenabled
ReportingTools
• MarkFalsePositives-Allowsausertomarkafindingasafalsepositive
• RiskManagement–Theuserwillbeallowedtomarkvulnerabilitiesasacceptedrisksand/orchangetherisk
levelforafinding
• Verifyscan–Theuserwillbeallowedtoperformverificationscans.Noscanswillbedeductedfromthe
licensewhenusingthisfeature
• RemoveScanResult–Theuserwillbeallowedtoremovereports
• ReceiveScanResultsbyEmail–Theuserwillbeabletoreceivereportsbyemail
• AccessDashboard–TheuserwillbeabletoseetheDashboard
ComplianceScanning
• MarkExceptions–Thiswillallowtheusertomarkexceptionsinthecompliancemodule
WebApplicationScanning
• AdministrateScoping-Allowstheusertocreate,modifyorremoveanyscopesinthismodule
• AccessReporting-Allowstheusertoviewreportsinthismodule
• RemoveScanResults-Allowstheusertodeletereports
PCIManagement
ThissectionisonlyvisibleifPCIisincludedinyourOutscanLicense.
• AdministrateScoping–Allowstheusertocreate,modifyorremoveanyscopesinthismodule
• AdministrateScheduling-AllowstheusertostartandstopPCIscans
• AccessReporting-AllowstheusertoviewPCIreports
• DisputeFindings-Iftheuserhas"AccessReporting"thisoptionwillallowtheusertodisputefindingsfrom
thereport
ManagedReports
• CommentRepots–Outscanonly.Allowsuserstoaddcommentstoreports
VulnerabilityManagement
• CommentVulnerabilityDatabase–Allowstheusertocreateandeditcommentsinthevulnerability
database
UserManagement
• AdministrateAccounts-Allowstheusertoadministrateaccounts• AdministrateUserRoles-Allowstheusertoadministrateuserroles
TicketManagement
• ManageTickets–Allowstheusertoadministratetickets
AuditLogManagement
• ReadAuditLogs–Theuserwillbeabletoreadtheauditinglog
License
• ViewLicense-Allowstheusertoviewthelicensetab
HIABManagement
• AdministrateHIABServer-AllowstheusertorestarttheHIABandsetupHIABsettingslikebackupand
networking
• AdministrateNetworkMonitors-AllowstheusertoadministratetheMonitorTargets
3. TechnicalSupport Contactour24/7supportteambyemailortelephone:
Tel(fromtheUK):+442071938410
Tel(fromtheUS):+1(800)6913150
Tel(fromSpain):+34911880815
Tel(fromMexico):+525584214503
Tel(fromHongKong):+85281758310
Tel(fromMalaysia):+60320355931
Tel(fromSingapore):+6531518310
Tel(fromThailand):+6626427258
Tel(allothercountries):+46455612310