Database Auto-Discovery
Required User Role: Standard, Scan Manager, or Administrator
Database authentication requires additional data entries that are specific to the database type that is targeted. For example, to authenticate to an Oracle database, you must specify not only a username and password, but also port, service type, authentication type and database name.
In some cases, these values may be pulled from the Auto-Discovery process. For example, an Oracle Database account created with the Oracle Account contains port and database fields, that do not need to be entered manually. However, the Auth Type and Service Type fields must entered manually.
Generally, Delinea Secret Server Auto-Discovery can dynamically use port and database fields defined in the secret, but they can also be entered manually. Fields other than port and database may need to be entered manually.
Note: All Database Types in Tenable are supported (Oracle, DB2, Cassandra, MySQL, PostgreSQL, Sybase ASE, MongoDB, and SQL Server).
View the following tables for necessary fields and the database types they apply to.
Oracle
|
Field name |
Description |
Field value |
|---|---|---|
|
AuthType |
Method to authenticate to database. |
SYSDBA or SYSOPER or NORMAL |
|
Database |
Instance or database name. |
Example: orcl |
|
Port |
The port database instance is running on. |
Example: 1521 |
|
ServiceType |
Type of service on database. |
SID or SERVICE_NAME |
MongoDB
|
Field name |
Description |
Field value |
|---|---|---|
|
Database |
Instance or database name. |
Example: MongoDB 5 |
|
Port |
The port database instance is running on. |
Example: 27017 |
PostgreSQL
|
Field name |
Description |
Field value |
|---|---|---|
|
Database |
Instance or database name. |
Example: Postgres |
|
Port |
The port database instance is running on. |
Example: 5432 |
Cassandra
|
Field name |
Description |
Field value |
|---|---|---|
|
Port |
The port database instance is running on. |
Example: 9042 |
DB2
|
Field name |
Description |
Field value |
|---|---|---|
|
Database |
Instance or database name. |
Example: DB2_admin |
|
Port |
The port database instance is running on. |
Example: 50000 |
MySQL
|
Field name |
Description |
Field value |
|---|---|---|
|
Port |
The port database instance is running on. |
Example: 3306 |
SQL Server
|
Field name |
Description |
Field value |
|---|---|---|
|
AuthType |
Method to authenticate to database. |
Windows or SQL |
|
Database |
Instance or database name. |
Example: SQLEXPRESS |
|
Port |
The port database instance is running on. |
Example: 1433 |
To configure Database auto-discovery for Tenable Vulnerability Management or Tenable Nessus:
- Log in to your Tenable user interface.
-
In the upper-left corner, click the
button. The left navigation plane appears.
-
In the left navigation plane, click Scans.
The Scans page appears.
-
In the upper-right corner of the page, click the
Create a Scan button.The Select a Scan Template page appears.
-
Select a scan template.
The scan configuration page appears.
-
In the Name box, type a name for the scan.
- In the Targets box, type an IP address, hostname, or range of IP addresses.
- (Optional) Add a description, folder location, scanner location, and specify target groups.
-
Click the Credentials tab.
The Settings pane appears.
-
Click the Database option.
The Database options appear.
-
In the Database Type drop-down box, select Cassandra, Oracle, DB2, MongoDB, PostgreSQL, MySQL, SQL Server, or Sybase ASE.
-
In the Auth Type drop-down box, click Tenable for Delinea Secret Server.
The Tenable for Delinea Secret Server options appear.
-
Configure each option for the Database authentication.
Option Description Required Delinea Host
The Delinea Secret Server host to pull the secrets from.
Yes
Delinea Port
The Delinea Secret Server Port for API requests. By default, Tenable uses 443.
Yes
Delinea Authentication Method
Indicates whether to use credentials or an API key for authentication. By default, Credentials is selected.
Yes
Delinea Login Name The username to authenticate to the Delinea server.
Yes Delinea Password The password to authenticate to the Delinea server. This is associated with the provided Delinea Login Name. Yes
Delinea API Key The API key generated in the Secret Server user interface. This setting is required if the API Key authentication method is selected. Yes
Query Mode Choose to query accounts using pre-set fields or by constructing a string of URL query parameters. By default, Simple is selected. Yes
Folder ID Query accounts with the given folder ID. This option is only available if query mode is set to Simple.
No Search Text
Query accounts matching the given search text. This option is only available if query mode is set to Simple.
No
Search Field
The field to search using the given search text. If not specified, the query will search the name field. This option is only available if query mode is set to Simple.
No
Exact Match Perform an exact match against the search text. By default, this is unselected. This option is only available if query mode is set to Simple. No
Query String Provide a string of URL query parameters. This option is only available if query mode is set to Advanced, and in that case it is required. Yes
Use Private Key Use key-based authentication for SSH connections instead of password authentication. No
Use SSL Use SSL for secure communications. Yes
Verify SSL Certificate Verify the Delinea Secret Server SSL certificate. No
-
Do one of the following:
-
If you want to save without launching the scan, click Save.
-
If you want to save and launch the scan immediately, click Save & Launch.
Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.
-