Miscellaneous Credentials
This section includes information and settings for credentials in the Miscellaneous section.
ADSI
ADSI requires the domain controller information, domain, and domain admin and password.
ADSI allows Tenable Nessus to query an ActiveSync server to determine if any Android or iOS-based devices are connected. Using the credentials and server information, Tenable Nessus authenticates to the domain controller (not the Exchange server) to directly query it for device information. These settings are required for mobile device scanning.
Tenable Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only.
| Option | Description | Default |
|---|---|---|
|
Domain Controller |
(Required) The name of the domain controller for ActiveSync. |
- |
|
Domain |
(Required) The name of the NetBIOS domain for ActiveSync. |
- |
|
Domain Admin |
(Required) The domain administrator's username. |
- |
|
Domain Password |
(Required) The domain administrator's password. |
- |
Nessus supports obtaining the mobile information from Exchange Server 2010 and 2013 only; Nessus cannot retrieve information from Exchange Server 2007.
F5
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the scanning F5 account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the F5 user. | - |
| Port |
(Required) The TCP port that F5 listens on for communications from Tenable Nessus. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
IBM iSeries
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the IBM iSeries account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the IBM iSeries user. | - |
Netapp API
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the Netapp API account with HTTPS access that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the Netapp API user. | - |
| vFiler |
The vFiler nodes to scan for on the target systems. To limit the audit to a single vFiler, type the name of the vFiler. To audit for all discovered Netapp virtual filers (vFilers) on target systems, leave the field blank. |
- |
| Port | (Required) The TCP port that Netapp API listens on for communications from Tenable Nessus. | 443 |
Nutanix Prism
Tip: To view whether your Nutanix Prism credentials were successfully authenticated, view the plugin output of the integration_status.nasl plugin once the scan is complete. For more information, see Plugins
| Option | Description | Default |
|---|---|---|
|
Nutanix Host |
(Required) Hostname or IP address of the Nutanix Prism Central host. |
- |
|
Nutanix Port |
(Required) The TCP port that the Nutanix Prism Central host listens on for communications from Tenable. |
9440 |
|
Username |
(Required) Username used for authentication to the Nutanix Prism Central host. |
- |
|
Password |
(Required) Password used for authentication to the Nutanix Prism Central host. |
- |
|
Discover Host |
This option adds any discovered Nutanix Prism Central hosts to the scan targets to be scanned. | - |
|
Discover Virtual Machines |
This option adds any discovered Nutanix Prism Central Virtual Machines to the scan targets to be scanned. | - |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
OpenStack
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the OpenStack account that Tenable Nessus uses to perform checks on the target system. |
- |
| Password | (Required) The password for the OpenStack user. | - |
| Tenant Name for Authentication | (Required) The name of the specific tenant the scan uses to authenticate. | admin |
| Port |
(Required) The TCP port that OpenStack listens on for communications from Tenable Nessus. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Palo Alto Networks PAN-OS
| Option | Description | Default |
|---|---|---|
| Username | (Required) The username for the PAN-OS account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the PAN-OS user. | - |
| Port | (Required) The TCP port that PAN-OS listens on for communications from Tenable Nessus. | 443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
Red Hat Enterprise Virtualization (RHEV)
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for RHEV account that Tenable Nessus uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the RHEV user. |
- |
|
Port |
(Required) The TCP port that the RHEV server listens on for communications from Tenable Nessus. |
443 |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
VMware ESX SOAP API
Access to VMware servers is available through its native SOAP API. VMware ESX SOAP API allows you to access the ESX and ESXi servers via username and password. Also, you have the option of not enabling SSL certificate verification:
For more information on configuring VMWare ESX SOAP API, see Configure vSphere Scanning.
Tip: To view whether your ESXi SOAP API credentials were successfully authenticated, view the plugin output of the integration_status.nasl plugin once the scan is complete. For more information, see Plugins.
Tenable can access VMware servers through the native VMware SOAP API.
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for the ESXi server account that Tenable uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the ESXi user. |
- |
|
Do not verify SSL Certificate |
Do not validate the SSL certificate for the ESXi server. |
disabled |
VMware vCenter
For more information on configuring VMWare vCenter SOAP API, see Configure vSphere Scanning.
Tip: To view whether your VMware vCenter credentials were successfully authenticated, view the plugin output of the integration_status.nasl plugin once the scan is complete. For more information, see Plugins.
Tenable can access vCenter through the native VMware vCenter SOAP API. If available, Tenable uses the vCenter REST API to collect data in addition to the SOAP API.
Note: Tenable supports VMware vCenter/ESXi versions 7.0.3 and later for authenticated scans. This does not impact vulnerability checks for VMware vCenter/ESXi, which do not require authentication.
Note: The SOAP API requires a vCenter account with read permissions and settings privileges. The REST API requires a vCenter admin account with general read permissions and required Lifecycle Manager privileges to enumerate VIBs.
| Option | Description | Default |
|---|---|---|
|
vCenter Host |
(Required) The name of the vCenter host. |
- |
|
vCenter Port |
(Required) The TCP port that vCenter listens on for communications from Tenable. |
443 |
|
Username |
(Required) The username for the vCenter server account with admin read/write access that Tenable uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the vCenver server user. |
- |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
|
Auto Discover Managed VMware ESXi Hosts |
This option adds any discovered VMware ESXi hypervisor hosts to the scan targets you include in your scan. |
not enabled |
|
Auto Discover Managed VMware ESXi Virtual Machines |
This option adds any discovered VMware ESXi hypervisor virtual machines to the scan targets you include in your scan. | not enabled |
X.509
| Option | Description | Default |
|---|---|---|
|
Client certificate |
(Required) The client certificate. |
- |
|
Client key |
(Required) The client private key. | - |
|
Password for key |
(Required) The passphrase for the client private key. | - |
|
CA certificate to trust |
(Required) The trusted Certificate Authority's (CA) digital certificate. | - |