Miscellaneous
Tenable Security Center supports the following additional authentication methods:
You can configure these authentication methods in scan policies, as described in The Authentication tab specifies authentication options during a scan. and Add a Scan Policy.
ADSI allows Tenable Security Center to query an ActiveSync server to determine if any Android or iOS-based devices are connected. Using the credentials and server information, Tenable Security Center authenticates to the domain controller (not the Exchange server) to directly query it for device information. These settings are required for mobile device scanning.
Tenable Security Center supports obtaining the mobile information from Exchange Server 2010 and 2013 only.
| Option | Description | Default |
|---|---|---|
|
Domain Controller |
(Required) The name of the domain controller for ActiveSync. |
- |
|
Domain |
(Required) The name of the NetBIOS domain for ActiveSync. |
- |
|
Domain Admin |
(Required) The domain administrator's username. |
- |
|
Domain Password |
(Required) The domain administrator's password. |
- |
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the scanning F5 account that Tenable Security Center uses to perform checks on the target system. |
- |
| Password | (Required) The password for the F5 user. | - |
| Port |
(Required) The TCP port that F5 listens on for communications from Tenable Security Center. |
443 |
| HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the IBM iSeries account that Tenable Security Center uses to perform checks on the target system. |
- |
| Password | (Required) The password for the IBM iSeries user. | - |
Red Hat Enterprise Virtualization (RHEV)
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for RHEV account that Tenable Security Center uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the RHEV user. |
- |
|
Port |
(Required) The TCP port that the RHEV server listens on for communications from Tenable Security Center. |
443 |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
| Option | Description | Default |
|---|---|---|
| Username |
(Required) The username for the Netapp API account with HTTPS access that Tenable Security Center uses to perform checks on the target system. |
- |
| Password | (Required) The password for the Netapp API user. | - |
| vFiler |
The vFiler nodes to scan for on the target systems. To limit the audit to a single vFiler, type the name of the vFiler. To audit for all discovered Netapp virtual filers (vFilers) on target systems, leave the field blank. |
- |
| Port | (Required) The TCP port that Netapp API listens on for communications from Tenable Security Center. | 443 |
| Option | Description | Default |
|---|---|---|
| Username | (Required) The username for the PAN-OS account that Tenable Security Center uses to perform checks on the target system. | - |
| Password | (Required) The password for the PAN-OS user. | - |
| Port | (Required) The TCP port that PAN-OS listens on for communications from Tenable Security Center. | 443 |
| Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
For more information about configuring VMWare ESX SOAP API, see Configure vSphere Scanning.
Tenable can access VMware servers through the native VMware SOAP API.
| Option | Description | Default |
|---|---|---|
|
Username |
(Required) The username for the ESXi server account that Tenable uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the ESXi user. |
- |
|
Do not verify SSL Certificate |
Do not validate the SSL certificate for the ESXi server. |
disabled |
For more information about configuring VMWare vCenter SOAP API, see Configure vSphere Scanning.
Tenable can access vCenter through the native VMware vCenter SOAP API. If available, Tenable uses the vCenter REST API to collect data in addition to the SOAP API.
Note: Tenable supports VMware vCenter/ESXi versions 7.0.3 and later for authenticated scans. This does not impact vulnerability checks for VMware vCenter/ESXi, which do not require authentication.
Note: The SOAP API requires a vCenter account with read permissions and settings privileges. The REST API requires a vCenter admin account with general read permissions and required Lifecycle Manager privileges to enumerate VIBs.
| Option | Description | Default |
|---|---|---|
|
vCenter Host |
(Required) The name of the vCenter host. |
- |
|
vCenter Port |
(Required) The TCP port that vCenter listens on for communications from Tenable. |
443 |
|
Username |
(Required) The username for the vCenter server account with admin read/write access that Tenable uses to perform checks on the target system. |
- |
|
Password |
(Required) The password for the vCenver server user. |
- |
|
HTTPS |
When enabled, Tenable connects using secure communication (HTTPS). When disabled, Tenable connects using standard HTTP. |
enabled |
|
Verify SSL Certificate |
When enabled, Tenable verifies that the SSL certificate on the server is signed by a trusted CA. Tip: If you are using a self-signed certificate, disable this setting. |
enabled |
| Option | Description | Default |
|---|---|---|
|
Client Certificate |
(Required) The client certificate. |
- |
|
Client Key |
(Required) The client private key. | - |
|
Password |
(Required) The passphrase for the client private key. | - |
|
CA Certificate to Trust |
(Required) The trusted Certificate Authority's (CA) digital certificate. | - |