Windows (Legacy) Integration

Caution: Support for SOAP requests are no longer be supported by CyberArk as of December 31, 2024. If you are using the CyberArk Legacy Integration which utilizes SOAP for API requests, Tenable recommends using our non-Legacy CyberArk Integration which supports REST API requests.

Tenable Nessus Manager provides an option for CyberArk Windows integration. Complete the following steps to configure Tenable Nessus Manager with CyberArk for Windows.

Requirements:

  • CyberArk account
  • Nessus Manager account

To configure Windows integration:

  1. Log in to Nessus.
  2. Click Scans.

  3. Click + New Scans.

    The Scan Templates page appears.

  4. Select a Scan Template.

    The selected scan template appears.

  1. In the Name box, type a name for the scan.

  2. In the Targets box, type an IP address, hostname, or range of IP addresses.
  3. (Optional) Add a description, folder location, scanner location, and specify target groups.

  1. Click the Credentials tab.

    The Credentials options appear.

  2. In the left-hand menu, select Windows.

  1. Click Authentication method.

    A drop-down appears.

  2. Select CyberArk.

  3. Configure each field for Windows authentication.

    (missing or bad snippet)

    Caution: Tenable strongly recommends encrypting communication between the Nessus scanner and the CyberArk AIM gateway using HTTPS and/or client certificates. For information on securing the connection, refer to the Nessus User Guide and the Central Credential Provider Implementation Guide located at cyberark.com (login required).

  1. Click Save.

Verification

  1. To verify the integration is working, click the Launch button (highlighted below) to initiate an on-demand scan.

  2. Once the scan has completed, select the completed scan. Look for the corresponding ID (see chart below), which validates that authentication was successful. If the authentication is not successful, refer to the Debugging CyberArk Issues section of this document.