Configure Tenable.io for Lieberman Windows
To integrate with Windows:
Log in to Tenable.io.
The My Scans page appears.
Click + New Scan.
The Scan Templates page appears.
Select a Scan Template.
The Settings for the selected scan template appears.
Enter a descriptive Name and the IP address(es) or hostname(s) of the scan Targets.
Click on the Credentials tab.
The Add Managed Credentials section appears.
In the left-hand menu, select Windows.
The Windows section appears.
From the Authentication method drop-down, select Lieberman.
The Lieberman options appear.
Configure each field for Windows authentication.
Option Description Required Username The target system’s username.
Domain The domain, if the username is part of a domain.
The Lieberman IP/DNS address.
Note: If your Lieberman installation is in a subdirectory, you must include the subdirectory path. For example, type IP address or hostname / subdirectory path.
Lieberman port The port on which Lieberman listens.
Lieberman user The Lieberman explicit user for authenticating to the Lieberman RED API.
Lieberman password The password for the Lieberman explicit user.
The alias used for the authenticator in Lieberman. The name should match the name used in Lieberman.
Note: If you use this option, you should append a domain to the Lieberman user option, i.e., domain\user.
no Lieberman Client Certificate
The file that contains the PEM certificate used to communicate with the Lieberman host.
Note: If you use this option, you do not have to enter information in the Lieberman user, Lieberman password, and Lieberman Authenticator fields.
no Lieberman Client Certificate Private Key The file that contains the PEM private key for the client certificate. no Lieberman Client Certificate Private Key Passphrase The passphrase for the private key, if required. no Use SSL
If Lieberman is configured to support SSL through IIS, check for secure communication.
Verify SSL Certificate
If Lieberman is configured to support SSL through IIS and you want to validate the certificate, check this. Refer to custom_CA.inc documentation for how to use self-signed certificates.
System Name In the rare case your organization uses one default Lieberman entry for all managed systems, enter the default entry name.
- Click Save.
What to do next:
- After the scan completes, click the completed scan and look for the following message - Microsoft Windows SMB Log In Possible: 10394. This validates that authentication was successful.