Integrating With CyberArk Enterprise Password Vault

Nessus Manager provides an option for CyberArk Windows integration. Complete the following steps to configure Nessus Manager with CyberArk for Windows.


  • CyberArk account
  • Nessus Manager account

To configure Windows integration:

  1. Log in to Nessus.
  2. Click Scans.
  3. Click + New Scans.

  4. Select a Scan Template for the scan type required for your scan. For demonstration purposes, the Advanced Network Scan template is used.

  5. To configure a credentialed scan for Windows systems using CyberArk, enter a descriptive Name, the IP address(es) or hostname(s) of the scan Targets.

  6. Once the Name and Targets have been configured, click Credentials (highlighted below) and then select Windows from the left-hand menu (highlighted below).

  7. Click the Authentication method drop-down and select CyberArk.

  8. Configure each field for Windows authentication. See the Credentials section in the Nessus User Guide for detailed descriptions for each field option.

    Caution: Tenable strongly recommends encrypting communication between the Nessus scanner and the CyberArk AIM gateway using HTTPS and/or client certificates. For information on securing the connection, refer to the Nessus User Guide and the Central Credential Provider Implementation Guide located at (login required).

  1. Click Save.
  2. To verify the integration is working, click the Launch button (highlighted below) to initiate an on-demand scan.

  3. Once the scan has completed, select the completed scan and look for the corresponding Login Successful id (see chart below), which validates that authentication was successful. If the authentication is not successful, refer to the Debugging CyberArk Issues section of this document.

    Plugin Type Plugin ID
    Postgres 91826
    SQL 91825
    MySQL 91823