Privilege Escalation with CyberArk Credentials

Tenable Vulnerability Management supports the use of privilege escalation, such as su and sudo, when using SSH through the CyberArk authentication method.

To configure SSH integration:

1. Log in to Tenable Vulnerability Management.
2. Click Scans.

3. Click + New Scan.

   

4. Select a Scan Template.

   

   The scan configuration page appears.

   

5. In the Name box, type a name for the scan.

6. In the Targets box, type an IP address, hostname, or range of IP addresses.
7. (Optional) Add a description, folder location, scanner location, and specify target groups.

8. Click the Credentials tab.

   The Credentials options appear.

   

9. In the Select a Credential menu, select the Host drop-down.

10. Select SSH as the Type and CyberArk as the Authentication Method.

    

11. Select an option for the Elevate Privileges With field.

    Note: Multiple options for privilege escalation are supported, including su, su+sudo and sudo. For example, if sudo is selected, additional fields for sudo user, Get Escalation Credential By, and Location of sudo (directory) are provided and can be completed to support authentication and privilege escalation through CyberArk Password Vault.

    Note: Additional information about all of the supported privilege escalation types and their accompanying fields can be found in the Tenable Vulnerability Management User Guide.

12. Select an option for the Get Escalation Credential By field.

    Note: The Escalation Credential may be obtained using the same query parameters as the login credential. Specifying an escalation credential identifier is optional. When no escalation credential is specified, the login credential is used for both login and escalation. If using a different password for login and escalation (for example, using su to “switch user”), it is required to enter both the login and escalation users.

13. Complete the privilege escalation options and click Save.