Database Credentials

The following topic describes the available Database credentials.

Note: Aspects of credential options are based on Nessus plugin options. Therefore, specific credential options may differ from the descriptions documented here.

Configure the following options for all database credentials:

Options Description

Name (Required)

 A name for the credential.
Description A description for the credential.

Tag

 A tag for the credential. For more information, see Tags.

Apache Cassandra

Option

Description
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

  • Wallix Bastion

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.

Database Port

The port the database listens on. The default is port 9042.

Delinea Secret Server Auto-Discovery

Option Description Required

Delinea Host

The Delinea Secret Server host to pull the secrets from.

Yes

Delinea Port

The Delinea Secret Server Port for API requests. By default, Tenable uses 443.

Yes

Delinea Authentication Method

Indicates whether to use credentials or an API key for authentication. By default, Credentials is selected.

Yes
Delinea Login Name

The username to authenticate to the Delinea server.

 Yes
Delinea Password The password to authenticate to the Delinea server. This is associated with the provided Delinea Login Name.

Yes
Delinea API Key The API key generated in the Secret Server user interface. This setting is required if the API Key authentication method is selected.

Yes
Query Mode Choose to query accounts using pre-set fields or by constructing a string of URL query parameters. By default, Simple is selected.

Yes
Folder ID

Query accounts with the given folder ID. This option is only available if query mode is set to Simple.

 No

Search Text

Query accounts matching the given search text. This option is only available if query mode is set to Simple.

No

Search Field

The field to search using the given search text. If not specified, the query will search the name field. This option is only available if query mode is set to Simple.

No
Exact Match Perform an exact match against the search text. By default, this is unselected. This option is only available if query mode is set to Simple.

No
Query String Provide a string of URL query parameters. This option is only available if query mode is set to Advanced, and in that case it is required.

Yes
Use Private Key Use key-based authentication for SSH connections instead of password authentication.

No
Use SSL Use SSL for secure communications.

Yes
Verify SSL Certificate Verify the Delinea Secret Server SSL certificate.

No

IBM DB2

The following table describes the additional options to configure for IBM DB2 credentials.

Options Description

Source

The method for providing the required credential details: Entry or Import.

  • Entry — Specifies you want to use a single SID value or SERVICE_NAME value for the credential. You must also configure the remaining options on the Add Credential page, as described in Add Credentials.

  • Import — Specifies you want to use multiple SID values for the credential, uploaded as a .csv file. For more information about the required .csv file format, see Database Credentials Authentication.
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

  • Wallix Bastion

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.
Port The TCP port that the IBM DB2 database instance listens on for communications from Tenable Security Center. The default is port 50000.
Database Name The name for your database (not the name of your instance).

Informix/DRDA

The following table describes the additional options to configure for Informix/DRDA credentials.

Options Description
Username The username for a user on the database.

Password

 The password associated with the username you provided.
Port The TCP port that the Informix/DRDA database instance listens on for communications from Tenable Security Center. The default is port 1526.

MongoDB

Option

Description

Username

The username for the database.

Password

The password for the supplied username.

Database

The name of the database to authenticate to.

Tip: To authenticate via LDAP or saslauthd, type $external.

Port

(Required) The TCP port that the MongoDB database instance listens on for communications from Tenable Security Center.

MySQL

The following table describes the additional options to configure for MySQL credentials.

Options Description

Source

The method for providing the required credential details: Entry or Import.

  • Entry — Specifies you want to use a single SID value or SERVICE_NAME value for the credential. You must also configure the remaining options on the Add Credential page, as described in Add Credentials.

  • Import — Specifies you want to use multiple SID values for the credential, uploaded as a .csv file. For more information about the required .csv file format, see Database Credentials Authentication.
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

  • Wallix Bastion

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.
Username The username for a user on the database.

Password

 The password associated with the username you provided.
Port The TCP port that the MySQL database instance listens on for communications from Tenable Security Center. The default is port 3306.
SID The name for your database instance.

Oracle Database

The following table describes the additional options to configure for Oracle Database credentials.

Options Description

Source

The method for providing the required credential details: Entry or Import.

  • Entry — Specifies you want to use a single SID value or SERVICE_NAME value for the credential. You must also configure the remaining options on the Add Credential page, as described in Add Credentials.

  • Import — Specifies you want to use multiple SID values for the credential, uploaded as a .csv file. For more information about the required .csv file format, see Database Credentials Authentication.
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

  • Wallix Bastion

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.
Port The TCP port that the Oracle database instance listens on for communications from Tenable Security Center. The default is port 1521.
Authentication

The type of account you want Tenable Security Center to use to access the database instance: 

  • Normal
  • System Operator
  • System Database Administrator
Service Type The Oracle parameter you want to use to specify the database instance: SID or Service Name.
Service

The SID value or SERVICE_NAME value for your database instance.

The Service value you enter must match your parameter selection for the Service Type option.

PostgreSQL

The following table describes the additional options to configure for PostgreSQL credentials.

Options Description
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.
Port The TCP port that the PostgreSQL database instance listens on for communications from Tenable Security Center. The default is port 5432.
Database Name The name for your database instance.

SQL Server

The following table describes the additional options to configure for SQL Server credentials.

Options Description

Source

The method for providing the required credential details: Entry or Import.

  • Entry — Specifies you want to use a single SID value or SERVICE_NAME value for the credential. You must also configure the remaining options on the Add Credential page, as described in Add Credentials.

  • Import — Specifies you want to use multiple SID values for the credential, uploaded as a .csv file. For more information about the required .csv file format, see Database Credentials Authentication.
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

  • Wallix Bastion

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.
Username The username for a user on the database.

Password

 The password associated with the username you provided.
Port The TCP port that the SQL Server database instance listens on for communications from Tenable Security Center. The default is port 1433.

Authentication

The type of account you want Tenable Security Center to use to access the database instance: SQL or Windows.
Instance Name The name for your database instance.

Sybase ASE

The following table describes the additional options to configure for Sybase ASE credentials.

Options Description
Authentication Method

The authentication method for providing the required credentials.

  • CyberArk

  • Password

  • Lieberman

  • Hashicorp Vault

  • Wallix Bastion

For descriptions of the options for your selected authentication type, see Database Credentials Authentication.
Port The TCP port that the Sybase ASE database instance listens on for communications from Tenable Security Center. The default is port 3638.
Sybase ASE Auth Type

The type of authentication used by the Sybase ASE database: RSA or Plain Text.