Cloud Services Credentials

Tenable Nessus supports Amazon Web Services (AWS), Microsoft Azure, Rackspace, and Salesforce.com.

AWS

Users can select Amazon Web Service (AWS) from the Credentials menu and enter credentials for compliance auditing an account in AWS.

Option	Description
AWS Access Key IDS	The AWS access key ID string.
AWS Secret Key	AWS secret key that provides the authentication for AWS Access Key ID.

AWS Global Credential Settings

Option	Default	Description
Regions to access	Rest of the World	For Tenable Nessus to audit an AWS account, you must define the regions you want to scan. Per Amazon policy, you need different credentials to audit account configuration for the China region than you need for the Rest of the World. Choosing the Rest of the World opens the following choices: us-east-1 us-east-2 us-west-1 us-west-2 ca-central-1 eu-west-1 eu-west-2 eu-central-1 ap-northeast-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 sa-east-1 us-gov-west-1
HTTPS	Enabled	Use HTTPS to access AWS.
Verify SSL Certificate	Enabled	Verify the validity of the SSL digital certificate.

Option

Default

Description

Regions to access

Rest of the World

For Tenable Nessus to audit an AWS account, you must define the regions you want to scan. Per Amazon policy, you need different credentials to audit account configuration for the China region than you need for the Rest of the World. Choosing the Rest of the World opens the following choices:

us-east-1
us-east-2
us-west-1
us-west-2
ca-central-1
eu-west-1
eu-west-2
eu-central-1
ap-northeast-1
ap-northeast-2
ap-southeast-1
ap-southeast-2
sa-east-1
us-gov-west-1

HTTPS

Enabled

Use HTTPS to access AWS.

Verify SSL Certificate

Enabled

Verify the validity of the SSL digital certificate.

Microsoft Azure

There are multiple authentication methods for Microsoft Azure.

Authentication Method: Key

Option	Description	Required
Tenant ID	The Tenant ID or Directory ID for your Azure environment.	Yes
Application ID	The application ID (also known as client ID) for your registered application.	Yes
Client Secret	The secret key for your registered application.	Yes
Subscription IDs	List of subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.	No

Authentication Method: Password

Option	Description	Required
Username	The username required to log in to Microsoft Azure.	Yes
Password	The password associated with the username.	Yes
Client ID	The application ID (also known as client ID) for your registered application.	Yes
Subscription IDs	List of subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.	No

Authentication Method: Certificate

Option	Description	Required
Tenant ID	The Tenant ID or Directory ID for your Azure environment.	Yes
Application ID	The application ID (also known as client ID) for your registered application.	Yes
Private Key	A PEM formatted 2048-bit RSA private key and certificate.	Yes
Config File	Additional configuration parameters. Currently only applicable for SCuBA scans.	No
Subscription IDs	List of subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.	No

Rackspace

Option	Description
Username	Username required to log in.
Password or API Keys	Password or API keys associated with the username.
Authentication Method	Specify Password or API-Key from the drop-down box.
Global Settings	Location of Rackspace Cloud instance.

Salesforce.com

Users can select Salesforce.com from the Credentials menu. This allows Tenable Nessus to log in to Salesforce.com as the specified user to perform compliance audits.

Option	Description
Username	Username required to log in to Salesforce.com
Password	Password associated with the Salesforce.com username