Configure Tenable Nessus for Lieberman Windows
To integrate with Windows:
-
In a browser, log in to Nessus.
- Navigate to the Scans section.
-
Click the + New Scan button to configure Nessus for credentialed scans of Windows systems using Lieberman's password management solution.
-
Select a Scan Template for the scan type required for your scan. For demonstration purposes, the Advanced Network Scan template is used.
-
Enter a descriptive Name and the IP address(es) or hostname(s) of the scan Targets.
-
Click on the Credentials tab.
-
In the left-hand menu, select Windows.
-
From the Authentication method drop-down, select Lieberman.
-
Configure each field for Windows authentication.
Option |
Default Value |
Username
|
(Required) The target system’s username.
|
Domain |
The domain, if the username is part of a domain. |
Lieberman host
|
(Required) The Lieberman IP/DNS address.
Note: If your Lieberman installation is in a subdirectory, you must include the subdirectory path. For example, type IP address or hostname/subdirectory path.
|
Lieberman port
|
(Required) The port on which Lieberman listens.
|
Lieberman user
|
(Required) The Lieberman explicit user for authenticating to the Lieberman RED API.
|
Lieberman password
|
(Required) The password for the Lieberman explicit user.
|
Lieberman Authenticator |
The alias used for the authenticator in Lieberman. The name should match the name used in Lieberman.
Note: If you use this option, append a domain to the Lieberman user option, i.e., domain\user.
|
Lieberman Client Certificate |
The file that contains the PEM certificate used to communicate with the Lieberman host.
Note: If you use this option, you do not have to enter information in the Lieberman user, Lieberman password, and Lieberman Authenticator fields.
|
Lieberman Client Certificate Private Key |
The file that contains the PEM private key for the client certificate. |
Lieberman Client Certificate Private Key Passphrase |
The passphrase for the private key, if required. |
Use SSL
|
If Lieberman is configured to support SSL through IIS, check for secure communication.
|
Verify SSL certificate
|
If Lieberman is configured to support SSL through IIS and you want to validate the certificate, check this. Refer to custom_CA.inc documentation for how to use self-signed certificates.
|
System Name |
In the rare case your organization uses one default Lieberman entry for all managed systems, enter the default entry name. |
- Click Save.
-
To verify the integration works, click the Launch button to initiate an on-demand scan.
- Once the scan has completed, select the completed scan and look for the corresponding message - Microsoft Windows SMB Log In Possible: 10394. This validates that authentication was successful.