Credentials

Credentials are reusable objects that facilitate scan target login.

Administrators can add credentials available to all organizations. Organizational users can add credentials available to other users in the same organization. For information about user access in Tenable Security Center, see User Access.

Users can share credentials with other users, allowing them to scan remote hosts without knowing the credentials of the host. For information about Tenable Security Center credential data encryption, see Encryption Strength.

Tenable Security Center supports the following credential types:

If a scan contains multiple instances of one type of credential, Tenable Security Center tries the credentials on each scan target in the order you added the credentials to Tenable Security Center.

Note: Tenable Security Center uses the first credential that allows successful login to perform credentialed checks on the target. After a credential allows a successful login, Tenable Security Center does not try any of the other credentials in the list, even if a different credential has greater privileges.

Note:If a Tenable Security Center scan contains multiple instances of one type of credential, Tenable Security Center attempts to log in to a valid target using each credential in sequence, in the order in which the credential objects were originally created in Tenable Security Center. The order in which credentials were added to the scan is irrelevant. Once Tenable Security Center is able to log in successfully with a credential set, it does not attempt to log in with any of the other credentials in the scan, regardless of their relative levels of access. Each stored credential set in Tenable Security Center has an object ID number, and credentials are attempted in ascending order of object ID. To check the ID of a credential, navigate to Scans > Credentials and click on the credential in question. The ID number is displayed on the right-hand side:

To add credentials, see Add Credentials.