Database (Legacy) Integration

To configure database integration:

1. Log in to Tenable Security Center.

2. In the top navigation bar, click Scans > Credentials.

   The Credentials page appears.

3. In the top right corner, click +Add.

   The Add Credential page appears.

4. In the Database section, click Oracle Database.

   The Add Credential page appears.

5. Enter a descriptive Name.

6. (Optional) Enter a Description.
7. (Optional) Select a Tag.

8. In the Oracle Database Credential section, select CyberArk.

   The CyberArk field options appear.

9. Configure each field for the Oracle Database authentication.

   Option	Database Types	Description	Required
   Username	All	The target system’s username.	yes
   Central Credential Provider Host	All	The CyberArk Central Credential Provider IP/DNS address.	yes
   Central Credential Provider Port	All	The port on which the CyberArk Central Credential Provider is listening.	yes
   CyberArk AIM Service URL	All	The URL of the AIM service. By default, this field uses /AIMWebservice/v1.1/AIM.asmx.	no
   Central Credential Provider Username	All	If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.	no
   Central Credential Provider Password	All	If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.	no
   CyberArk Safe	All	The safe on the CyberArk Central Credential Provider server that contained the authentication information you would like to retrieve.	no
   CyberArk Client Certificate	All	The file that contains the PEM certificate used to communicate with the CyberArk host.	no
   CyberArk Client Certificate Private Key	All	The file that contains the PEM private key for the client certificate.	no
   CyberArk Client Certificate Private Key Passphrase	All	The passphrase for the private key, if your authentication implementation requires it.	no
   CyberArk AppId	All	The AppId that has been allocated permissions on the CyberArk Central Credential Provider to retrieve the target password.	yes
   CyberArk Folder	All	The folder on the CyberArk Central Credential Provider server that contains the authentication information you would like to retrieve.	no
   CyberArk Account Details Name	All	The unique name of the credential you want to retrieve from CyberArk.	yes
   PolicyId	All	The PolicyID assigned to the credentials that you want to retrieve from the CyberArk Central Credential Provider.	no
   Use SSL	All	If CyberArk Central Credential Provider is configured to support SSL through IIS check for secure communication.	no
   Verify SSL Certificate	All	If CyberArk Central Credential Provider is configured to support SSL through IIS and you want to validate the certificate, select this option. Refer to the custom_CA.inc documentation for how to use self-signed certificates.	no
   Database Port	All	The port on which Tenable Security Center communicates with the database.	yes
   Database Name	DB2 PostgreSQL	The name of the database.	no
   Auth type	Oracle SQL Server Sybase ASE	SQL Server values include: Windows SQL Oracle values include: Sybase ASE values include: RSA Plain Text	yes
   Instance Name	SQL Server	The name for your database instance.	no
   Service type	Oracle	Valid values include: SID SERVICE_NAME	yes
   Service	Oracle	The SID value for your database instance or a SERVICE_NAME value. The Service value you enter must match your parameter selection for the Service Type option.	no

   Caution: Tenable strongly recommends encrypting communication between the Tenable Security Center scanner and the CyberArk AIM gateway using HTTPS and/or client certificates. For information on securing the connection, refer to Tenable Security Center User Guide and the Central Credential Provider Implementation Guide located at cyberark.com (login required).

10. Click Submit.

Next Steps

1. Complete the steps for Add the Credential to the Scan.