Miscellaneous Credentials
This section includes information and settings for credentials in the Miscellaneous section.
ADSI
ADSI requires the domain controller information, domain, and domain admin and password.
ADSI allows Tenable Nessus to query an ActiveSync server to determine if any Android or iOS-based devices are connected. Using the credentials and server information, Tenable Nessus authenticates to the domain controller (not the Exchange server) to directly query it for device information. These settings are required for mobile device scanning.
Tenable Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only.
| Option | Description | Default |
|---|---|---|
|
Domain Controller |
(Required) The name of the domain controller for ActiveSync. |
- |
|
Domain |
(Required) The name of the NetBIOS domain for ActiveSync. |
- |
|
Domain Admin |
(Required) The domain administrator's username. |
- |
|
Domain Password |
(Required) The domain administrator's password. |
- |
Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only; Nessus cannot retrieve information from Exchange Server 2007.
Cisco Meraki
| Option | Description | Required |
|---|---|---|
|
Cisco Meraki API Host |
Hostname or IP address to the Cisco Meraki Dashboard API host. Note: If your Cisco Meraki API Host requires you to use your own direct/unique URL, refer to Cisco Meraki Credential Fields, Usage, and Limitations in the Tenable and Cisco Meraki Integration Guide for guidance. |
Yes |
|
Cisco Meraki API Port |
Port of the Cisco Meraki Dashboard API. (Default 443) |
Yes |
|
Cisco Meraki API Key |
API Key for authentication to the Cisco Meraki API. |
Yes |
|
CIsco Meraki Organization Name |
Enter a single organization per credential. |
Yes |
|
CIsco Meraki Network Name |
Enter one or more comma-separated network names. | No |
|
Cisco Meraki Product Type |
Enter one or more comma-separated product types. Valid product types: appliance, camera, cellularGateway, secureConnect, sensor, switch, systemManager, wireless, and wirelessController. | No |
|
Cisco Meraki Tag |
Enter one or more comma-separated tags used to filter device searches within an organization. |
No |
|
Cisco Meraki Device Name |
Enter a single Cisco Meraki device name. (e.g., "Meraki MS120-8") |
No |
|
Cisco Meraki Device Model |
Enter one or more comma-separated Cisco Meraki device models. (e.g., "MS120-8") |
No |
|
Device Serial Number |
Enter one or more comma-separated device serial numbers. |
No |
|
Device MAC Address |
Enter one or more comma-separated device MAC Addresses. |
No |
|
Discover Devices |
Adds any discovered Cisco Meraki devices to the targets to scan. (Default Off) |
No |
|
HTTPS |
When set to On, the field expands with the option to enable Verification of SSL Client Certificate if a Custom CA is configured. (Default Off) |
No |
F5
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the scanning F5 account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the F5 user. | - |
| Port |
(Required) The TCP port that F5 listens on for communications from Tenable Nessus. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
IBM iSeries
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the IBM iSeries account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the IBM iSeries user. | - |
Netapp API
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the Netapp API account with HTTPS access that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the Netapp API user. | - |
| vFiler |
The vFiler nodes to scan for on the target systems. To limit the audit to a single vFiler, type the name of the vFiler. To audit for all discovered Netapp virtual filers (vFilers) on target systems, leave the field blank. |
- |
| Port | (Required) The TCP port that Netapp API listens on for communications from Tenable Nessus. | 443 |
Nutanix Prism
Tip: To view whether your Nutanix Prism credentials were successfully authenticated, view the plugin output of the integration_status.nasl plugin once the scan is complete. For more information, see Plugins
| Option | Description | Default |
|---|---|---|
|
Nutanix Host |
(Required) Hostname or IP address of the Nutanix Prism Central host. |
- |
|
Nutanix Port |
(Required) The TCP port that the Nutanix Prism Central host listens on for communications from Tenable. |
9440 |
|
Nutanix Prism Central Authentication Method |
(Required) The user can choose from a list of authentication methods:
|
Username and Password |
|
Discover Hosts |
When enabled, Tenable adds all discovered Nutanix hosts to the list of scan targets. | enabled |
|
Discover Virtual Machines |
When enabled. Tenable adds all discovered Nutanix Virtual Machines to the list of scan targets. | enabled |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
disabled |
OpenStack
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the OpenStack account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the OpenStack user. | - |
| Tenant Name for Authentication | (Required) The name of the specific tenant the scan uses to authenticate. | admin |
| Port |
(Required) The TCP port that OpenStack listens on for communications from Tenable Nessus. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Palo Alto Networks PAN-OS
| Option | Description | Default |
|---|---|---|
| Username | (Required) The username for the PAN-OS account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the PAN-OS user. | - |
| Port | (Required) The TCP port that PAN-OS listens on for communications from Tenable Nessus. | 443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Red Hat Enterprise Virtualization (RHEV)
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for RHEV account that Tenable Nessus uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the RHEV user. |
- |
|
Port |
(Required) The TCP port that the RHEV server listens on for communications from Tenable Nessus. |
443 |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
VMware ESX SOAP API
Access to VMware servers is available through its native SOAP API. VMware ESX SOAP API allows you to access the ESX and ESXi servers via username and password. Also, you have the option of not enabling SSL certificate verification:
For more information on configuring VMWare ESX SOAP API, see Configure vSphere Scanning.
Tip: To view whether your ESXi SOAP API credentials were successfully authenticated, view the plugin output of the integration_status.nasl plugin once the scan is complete. For more information, see Plugins.
Tenable can access VMware servers through the native VMware SOAP API.
| Option | Description | Default |
|---|---|---|
|
ESX SOAP API Authentication Method |
(Required) The user can choose from a list of authentication methods:
|
Username and Password |
|
Do not verify SSL Certificate |
Do not validate the SSL certificate for the ESXi server. |
disabled |
VMware vCenter
For more information on configuring VMWare vCenter SOAP API, see Configure vSphere Scanning.
Tip: To view whether your VMware vCenter credentials were successfully authenticated, view the plugin output of the integration_status.nasl plugin once the scan is complete. For more information, see Plugins.
Tenable can access vCenter through the native VMware vCenter SOAP API. If available, Tenable uses the vCenter REST API to collect data in addition to the SOAP API.
Note: Tenable supports VMware vCenter/ESXi versions 7.0.3 and later for authenticated scans. This does not impact vulnerability checks for VMware vCenter/ESXi, which do not require authentication.
Note: The SOAP API requires a vCenter account with read permissions and settings privileges. The REST API requires a vCenter admin account with general read permissions and required Lifecycle Manager privileges to enumerate VIBs.
| Option | Description | Default |
|---|---|---|
|
vCenter Host |
(Required) The name of the vCenter host. |
- |
|
vCenter Port |
(Required) The TCP port that vCenter listens on for communications from Tenable. |
443 |
|
Username |
(Required) The username for the vCenter server account with admin read/write access that Tenable uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the vCenver server user. |
- |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
|
Auto Discover Managed VMware ESXi Hosts |
This option adds any discovered VMware ESXi hypervisor hosts to the scan targets you include in your scan. |
disabled |
|
Auto Discover Managed VMware ESXi Virtual Machines |
This option adds any discovered VMware ESXi hypervisor virtual machines to the scan targets you include in your scan. | disabled |
X.509
| Option | Description | Default |
|---|---|---|
|
Client certificate |
(Required) The client certificate. |
- |
|
Client key |
(Required) The client private key. | - |
|
Password for key |
(Required) The passphrase for the client private key. | - |
|
CA certificate to trust |
(Required) The trusted Certificate Authority's (CA) digital certificate. | - |