Database (Legacy) Integration

To configure database integration:

  1. Log in to Tenable Security Center.

  2. In the top navigation bar, click Scans > Credentials.

    The Credentials page appears.

  3. In the top right corner, click +Add.

    The Add Credential page appears.

  1. In the Database section, click Oracle Database.

    The Add Credential page appears.

  2. Enter a descriptive Name.

  3. (Optional) Enter a Description.
  4. (Optional) Select a Tag.
  5. In the Oracle Database Credential section, select CyberArk.

    The CyberArk field options appear.

  1. Configure each field for the Oracle Database authentication.

    Option Database Types Description

    Required

    Username

    All

    The target system’s username.

    yes

    Central Credential Provider Host

    All

    The CyberArk Central Credential Provider IP/DNS address.

    yes

    Central Credential Provider Port

    All

    The port on which the CyberArk Central Credential Provider is listening.

    yes

    CyberArk AIM Service URL

    All

    The URL of the AIM service. By default, this field uses /AIMWebservice/v1.1/AIM.asmx.

    no
    Central Credential Provider Username All

    If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.

    no
    Central Credential Provider Password All

    If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.

    no

    CyberArk Safe

    All

    The safe on the CyberArk Central Credential Provider server that contained the authentication information you would like to retrieve.

    no
    CyberArk Client Certificate All The file that contains the PEM certificate used to communicate with the CyberArk host. no
    CyberArk Client Certificate Private Key All The file that contains the PEM private key for the client certificate. no
    CyberArk Client Certificate Private Key Passphrase All The passphrase for the private key, if your authentication implementation requires it. no

    CyberArk AppId

    All

    The AppId that has been allocated permissions on the CyberArk Central Credential Provider to retrieve the target password.

    yes

    CyberArk Folder

    All

    The folder on the CyberArk Central Credential Provider server that contains the authentication information you would like to retrieve.

    no

    CyberArk Account Details Name

    All

    The unique name of the credential you want to retrieve from CyberArk.

    yes
    PolicyId All The PolicyID assigned to the credentials that you want to retrieve from the CyberArk Central Credential Provider. no

    Use SSL

    All

    If CyberArk Central Credential Provider is configured to support SSL through IIS check for secure communication.

    no

    Verify SSL Certificate

    All

    If CyberArk Central Credential Provider is configured to support SSL through IIS and you want to validate the certificate, select this option. Refer to the custom_CA.inc documentation for how to use self-signed certificates.

    no

    Database Port

    All

    The port on which Tenable Security Center communicates with the database.

    yes
    Database Name

    DB2

    PostgreSQL

    The name of the database. no
    Auth type

    Oracle

    SQL Server

    Sybase ASE

    SQL Server values include:

    • Windows
    • SQL

    Oracle values include:

    Sybase ASE values include:

    • RSA
    • Plain Text
    yes
    Instance Name SQL Server The name for your database instance. no
    Service type Oracle

    Valid values include:

    • SID
    • SERVICE_NAME
    yes
    Service Oracle The SID value for your database instance or a SERVICE_NAME value. The Service value you enter must match your parameter selection for the Service Type option. no

    Caution: Tenable strongly recommends encrypting communication between the Tenable Security Center scanner and the CyberArk AIM gateway using HTTPS and/or client certificates. For information on securing the connection, refer to Tenable Security Center User Guide and the Central Credential Provider Implementation Guide located at cyberark.com (login required).

  2. Click Submit.

Next Steps

  1. Complete the steps for Add the Credential to the Scan.