Credentialed Checks on Network Devices and APIs

When you scan targets that are not standard Windows, macOS, or Linux operating systems, such as network appliances or management APIs, Tenable Nessus still performs credentialed checks. Tenable Nessus evaluates these specialized targets and reports the credential status in Plugin 19506 (Nessus Scan Information) by using distinct authentication patterns tailored to the hardware or service.

Understanding how Tenable Nessus handles credentialed checks on non-standard platforms helps you verify authentication success across your entire infrastructure. Successful credentialed checks provide comprehensive vulnerability visibility into specialized network hardware and centralized management platforms, ensuring your scan results are highly accurate.

Description

Depending on the target type, Tenable Nessus uses one of three mechanisms to authenticate and perform credentialed checks:

  • SSH-Reachable Network Appliances — For devices such as Cisco hardware, Palo Alto firewalls (over SSH), F5 BIG-IP, and Fortinet, Tenable Nessus authenticates via an SSH session. It matches the device's system banner against known operating system records to retrieve version data and enable local checks. Plugin 19506 reports this as Credentialed checks : yes as <user> via ssh.

  • API-Only Integrations — For systems managed via APIs, such as VMware vCenter, Palo Alto (over HTTPS), Citrix NetScaler, and patch management systems (Red Hat Satellite, IBM TEM, HCL BigFix), Tenable Nessus authenticates directly to the management API. It uses SOAP or REST protocols to retrieve device, product, or package data without an SSH dispatcher. Plugin 19506 reports this as yes, via HTTPS or simply yes.

  • Platform-Specific Implementations — Certain integrations rely on platform-specific logic to verify credential success:

    • Nutanix — Tenable Nessus authenticates to Prism Central via the Nutanix REST API to retrieve cluster or node version data. Plugin 19506 reports this as yes as <user>, via HTTPS.

    • Cisco Merak — Tenable Nessus uses the Cisco Meraki Dashboard API to retrieve device metadata and inject assets rather than scanning live hosts over the network. Plugin 19506 reports this as yes, via HTTPS.

    • Cisco IOS via SNMP — Tenable Nessus extracts version data using SNMP community strings or SNMP v3 credentials.

Requirements and Considerations

  • You must configure the appropriate credentials in your scan policy (for example, SSH credentials, API keys, or SOAP/REST credentials) based on the specific target platform.

  • When scanning Cisco IOS devices via SNMP, Tenable Nessus generally requires concurrent SSH access to fully enable local checks and report a successful credentialed scan in Plugin 19506.

  • For API-based integrations like Cisco Meraki, Tenable Nessus retrieves asset data directly from the management dashboard instead of performing traditional network scans against the individual endpoints.