Miscellaneous
This section includes information and settings for credentials in the Miscellaneous section.
ADSI
ADSI requires the domain controller information, domain, and domain admin and password.
ADSI allows Nessus to query an ActiveSync server to determine if any Android or iOS-based devices are connected. Using the credentials and server information, Nessus authenticates to the domain controller (not the Exchange server) to directly query it for device information. These settings are required for mobile device scanning and Active Directory Starter Scans.
Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only.
| Option | Description | Default |
|---|---|---|
|
Domain Controller |
(Required) The name of the domain controller for ActiveSync. |
- |
|
Domain |
(Required) The name of the NetBIOS domain for ActiveSync. |
- |
|
Domain Admin |
(Required) The domain administrator's username. |
- |
|
Domain Password |
(Required) The domain administrator's password. |
- |
Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only; Nessus cannot retrieve information from Exchange Server 2007.
F5
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the scanning F5 account that Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the F5 user. | - |
| Port |
(Required) The TCP port that F5 listens on for communications from Nessus. |
443 |
| HTTPS |
When enabled, Nessus connects using secure communication (HTTPS). When disabled, Nessus connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Nessus verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
IBM iSeries
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the IBM iSeries account that Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the IBM iSeries user. | - |
Netapp API
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the Netapp API account with HTTPS access that Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the Netapp API user. | - |
| vFiler |
The vFiler nodes to scan for on the target systems. To limit the audit to a single vFiler, type the name of the vFiler. To audit for all discovered Netapp virtual filers (vFilers) on target systems, leave the field blank. |
- |
| Port | (Required) The TCP port that Netapp API listens on for communications from Nessus. | 443 |
Nutanix Prism
| Option | Description | Default |
|---|---|---|
|
Nutanix Host |
(Required) Hostname or IP address of the Nutanix Prism Central host. |
- |
|
Nutanix Port |
(Required) The TCP port that the Nutanix Prism Central host listens on for communications from Tenable. |
9440 |
|
Username |
(Required) Username used for authentication to the Nutanix Prism Central host. |
- |
| Password |
(Required) Password used for authentication to the Nutanix Prism Central host. |
- |
| Discover Host | This option adds any discovered Nutanix Prism Central hosts to the scan targets to be scanned. | - |
| Discover Virtual Machines | This option adds any discovered Nutanix Prism Central Virtual Machines to the scan targets to be scanned. | - |
|
HTTPS |
When enabled, Nessus connects using secure communication (HTTPS). When disabled, Nessus connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Nessus verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
OpenStack
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the OpenStack account that Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the OpenStack user. | - |
| Tenant Name for Authentication | (Required) The name of the specific tenant the scan uses to authenticate. | admin |
| Port |
(Required) The TCP port that OpenStack listens on for communications from Nessus. |
443 |
| HTTPS |
When enabled, Nessus connects using secure communication (HTTPS). When disabled, Nessus connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Nessus verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Palo Alto Networks PAN-OS
| Option | Description | Default |
|---|---|---|
| Username | (Required) The username for the PAN-OS account that Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the PAN-OS user. | - |
| Port | (Required) The TCP port that PAN-OS listens on for communications from Nessus. | 443 |
| HTTPS |
When enabled, Nessus connects using secure communication (HTTPS). When disabled, Nessus connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Nessus verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Red Hat Enterprise Virtualization (RHEV)
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for RHEV account that Nessus uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the RHEV user. |
- |
|
Port |
(Required) The TCP port that the RHEV server listens on for communications from Nessus. |
443 |
|
Verify SSL Certificate |
When enabled, Nessus verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
VMware ESX SOAP API
Access to VMware servers is available through its native SOAP API. VMware ESX SOAP API allows you to access the ESX and ESXi servers via username and password. Also, you have the option of not enabling SSL certificate verification:
For more information on configuring VMWare ESX SOAP API, see Configure vSphere Scanning.
Nessus can access VMware servers through the native VMware SOAP API.
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for the ESXi server account that Nessus uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the ESXi user. |
- |
|
Do not verify SSL Certificate |
Do not validate the SSL certificate for the ESXi server. |
disabled |
VMware vCenter Auto Discovery
For more information on configuring VMWare vCenter SOAP API, see Configure vSphere Scanning.
Nessus can access vCenter through the native VMware vCenter SOAP API. If available, Nessus uses the vCenter REST API to collect data in addition to the SOAP API.
| Option | Description | Default |
|---|---|---|
|
vCenter Host |
(Required) The name of the vCenter host. |
- |
|
vCenter Port |
(Required) The TCP port that vCenter listens on for communications from Nessus. |
443 |
|
Username |
(Required) The username for the vCenter server account with admin read/write access that Nessus uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the vCenver server user. |
- |
|
HTTPS |
When enabled, Nessus connects using secure communication (HTTPS). When disabled, Nessus connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Nessus verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
|
Auto Discover Managed VMware ESXi Hosts |
This option adds any discovered VMware ESXi hypervisor hosts to the scan targets you include in your scan. |
not enabled |
|
Auto Discover Managed VMware ESXi Virtual Machines |
This option adds any discovered VMware ESXi hypervisor virtual machines to the scan targets you include in your scan. | not enabled |
X.509
| Option | Description | Default |
|---|---|---|
|
Client certificate |
(Required) The client certificate. |
- |
|
Client key |
(Required) The client private key. | - |
|
Password for key |
(Required) The passphrase for the client private key. | - |
|
CA certificate to trust |
(Required) The trusted Certificate Authority's (CA) digital certificate. | - |