TOC & Recently Viewed

Recently Viewed Topics

Privilege Escalation with CyberArk Credentials

Tenable.io supports the use of privilege escalation, such as su and sudo, when using SSH through the CyberArk authentication method.

To add a CyberArk Password Vault credential set:

  1. Select SSH as the Type and CyberArk as the Authentication Method.

  2. An option for CyberArk elevate privileges with appears near the bottom of the configuration page. Multiple options for privilege escalation are supported, including su, su+sudo and sudo. For example, if sudo is selected, additional fields for sudo user, “CyberArk Account Details Name and Location of sudo (directory) are provided and can be completed to support authentication and privilege escalation through CyberArk Password Vault. Additional information about all of the supported privilege escalation types and their accompanying fields can be found in the Tenable.io User Guide.

Note: When asked for a CyberArk Account Details Name, perform the following steps to obtain the correct value:
1. Log in to CyberArk Password Vault.
2. Choose the secret (password) you wish to use.
3. Look at the name parameter (such as in the image below) in the Account Details page; this is the value to supply in the CyberArk Account Details Name field.

 

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.