To configure Tenable with Delinea using SSH integration:
- Log in to your Tenable user interface.
- Click Scans.
Click + New Scan.
The My Scans page appears.
Select a scan template.
The Scan Templates page appears.
The scan configuration page appears.
In the Name box, type a name for the scan.
- In the Targets box, type an IP address, hostname, or range of IP addresses.
- (Optional) Add a description, folder location, scanner location, and specify target groups.
Click the Credentials tab.
The Credentials options appear.
- In the Select a Credential menu, select the Host drop-down.
The Delinea field options appear.
Configure each field for SSH authentication.
Option Description Required Delinea Authentication Method Indicates whether to use credentials or an API key for authentication. By default, Credentials is selected. yes
Delinea Login Name
The username to authenticate to the Delinea server.
The password to authenticate to the Delinea server. This is associated with the Delinea Login Name you provided.
Delinea API Key The API key generated in the Secret Server user interface. This setting is required if the API Key authentication method is selected. yes
The value of the secret on the Delinea server. The secret is labeled Secret Name on the Delinea server.
The Delinea Secret Server host to pull the secrets from.
The Delinea Secret Server Port for API requests. By default, Tenable uses 443.
Use Private Key
If enabled, uses key-based authentication for SSH connections instead of password authentication.
The duration Tenable should check out the password from Delinea. Duration time is in hours and should be longer than the scan time.
Enable if the Delinea Secret Server is configured to support SSL.
Verify SSL Certificate
If enabled, verifies the SSL Certificate on the Delinea server.
Elevate privileges with
The privilege escalation method you want to use to increase users' privileges after initial authentication. Multiple options for privilege escalation are supported, including su, su+sudo and sudo. Your selection determines the specific options you must configure.
Custom password prompt Some devices are configured to prompt for a password with a non-standard string (for example, "secret-passcode"). This setting allows recognition of these prompts. Leave this blank for most standard password prompts.
Targets to Prioritize Credentials
Specify IPs or CIDR blocks on which this credential is attempted before any other credential. To specify multiple IPs or CIDR blocks, use a comma or space-separated list.
Using this setting can decrease scan times by prioritizing a credential that you know works against your selected targets. For example, if your scan specifies 100 credentials, and the successful credential is the 59th credential out of 100, the first 58 credentials have to fail before the 59th credential succeeds. If you use Targets To Prioritize Credentials, you configure the scan to use the successful credential first, which allows the scan to access the target faster.