Privilege Escalation With CyberArk (Legacy) Credentials

Caution: Support for SOAP requests are no longer be supported by CyberArk as of December 31, 2024. If you are using the CyberArk Legacy Integration which utilizes SOAP for API requests, Tenable recommends using our non-Legacy CyberArk Integration which supports REST API requests.

Tenable Nessus Manager supports the use of privilege escalation, such as su and sudo, when using SSH through the CyberArk authentication method.

Requirements:

  • CyberArk account
  • Nessus Manager account

To configure SSH integration:

  1. Select SSH as the Type and CyberArk as the Authentication Method.

  2. An option for CyberArk elevate privileges with appears near the bottom of the configuration page.

    Note: Multiple options for privilege escalation are supported, including su, su+sudo and sudo. For example, if sudo is selected, additional fields for sudo user, CyberArk Account Details Name and Location of sudo (directory) are provided and can be completed to support authentication and privilege escalation through CyberArk Password Vault.

    Note: Additional information about all of the supported privilege escalation types and their accompanying fields can be found in the Nessus User Guide.

  3. Configure each field for SSH authentication. See the Nessus User Guide to get detailed descriptions for each option.

  4. Click Save.