Database Integration

Tenable provides full database support for WALLIX Bastion integrations. Complete the following steps to configure database credentials for scans with WALLIX Bastion.

For more information on Tenable scans, see the Nessus User Guide and the Tenable Vulnerability Management User Guide.

Requirements:

  • WALLIX Bastion account
  • Tenable Vulnerability Management or Tenable Nessus Manager account

To configure Database integration:

  1. Log in to your Tenable user interface.
  2. Click Scans.

  3. Click + New Scan.

    The Scan Templates page appears.

  4. Select Advanced Scan.

    The selected scan template appears.

  1. In the Name box, type a name for the scan.

  2. In the Targets box, type an IP address, hostname, or range of IP addresses.
  3. (Optional) Add a description, folder location, scanner location, and specify target groups.

  1. Click the Credentials tab.

    The Credentials options appear.

  2. In the Categories drop-down box, select Database.

    The Database options appear.

  3. Click Database.

    The Database options appear.

  4. Click the Database Type drop-down box.

    The Database field options appear.

  5. From the Database Type drop-down box, select Oracle.

  6. From the Auth Type drop-down box, select Wallix Bastion.

    The Wallix Bastion field options appear.

  7. Configure each field for Database authentication.

    Option Description Required

    Wallix Host

    The IP address for the WALLIX Bastion host.

    yes

    Wallix Port

    The port on which the WALLIX Bastion API communicates. By default, Tenable uses 443.

    yes

    Authentication Type

    Basic authentication (with WALLIX Bastion user interface username and Password requirements) or API Key authentication (with username and WALLIX Bastion-generated API key requirements).

    no
    Wallix User

    Your WALLIX Bastion user interface login username.

    		 yes
    Wallix Password Your WALLIX Bastion user interface login password. Used for Basic authentication to the API. yes
    Wallix API Key The API key generated in the WALLIX Bastion user interface. Used for API Key authentication to the API. yes
    Get Credential by Device Account Name

    The account name associated with a Device you want to log in to the target systems with.

    Note: If your device has more than one account you must enter the specific device name for the account you want to retrieve credentials for. Failure to do this may result in credentials for the wrong account returned by the system.

    Required only if you have a target and/or device with multiple accounts.

    HTTPS

    This is enabled by default.

    Caution: The integration fails if you disable HTTPS.

    yes

    Verify SSL Certificate

    This is disabled by default and is not supported in WALLIX Bastion PAM integrations.

    no

    Database

    Port    		 The TCP port that the Oracle database instance listens on for communications from. The default is port 1521.

    no

    Auth Type

    The type of account you want Tenable to use to access the database instance: 

    • SYSDBA
    • SYSOPER
    • NORMAL

    no
    Service Type The Oracle parameter you want to use to specify the database instance: SID or SERVICE_NAME.

    no
    Service

    The SID value or SERVICE_NAME value for your database instance.

    The Service value you enter must match your parameter selection for the Service Type option.

    yes

  1. Click Save.

Verification

  1. Click the arrow next to the Save button to drop down the launch button.

  2. To verify the integration is working, click the Launch button to initiate an on-demand scan.

  3. After the scan completes, click the scan to view the results.