Database Credentials Authentication Method Settings

Configure the following options for database credentials authentication. For more information about database credential settings, see Database Credentials.

CyberArk Options

The following table describes the additional options to configure when using CyberArk as the Authentication Method for IBM DB2, SQL Server, MySQL, Oracle Database, or PostgreSQL database credentials.

Note: You must be running Nessus 7.0.0 or later to configure CyberArk credentials.

Option Database Types Description

Username

All

The username for the target system.

Port All The port the database is listening on.
Service Type Oracle Database The Oracle parameter you want to use to identify the database instance: SID or Service Name.
Service Oracle Database

The SID value for your database instance or a SERVICE_NAME value.

The Service value you enter must match your parameter selection for the Service Type option.

Database Name

IBM D2

Postgre SQL

The name for your database instance.

Central Credential Provider URL Host

All

The IP/DNS address of the CyberArk Central Credential Provider.

Central Credential Provider URL Port

All

The port the CyberArk Central Credential Provider is listening on.

Vault Username

All

The username for the vault, if the CyberArk Central Credential Provider is configured for basic authentication.

Vault Password

All

The password for the vault, if the CyberArk Central Credential Provider is configured for basic authentication.

Safe

All

The safe on the CyberArk Central Credential Provider server that contains the credentials you want to retrieve.

CyberArk Client Certificate All The file that contains the PEM certificate used to communicate with the CyberArk host.
CyberArk Client Certificate Private Key All The file that contains the PEM private key for the client certificate.
CyberArk Client Certificate Private Key Passphrase All The passphrase for the private key, if required.

AppID

All

The AppID with CyberArk Central Credential Provider permissions to retrieve the target password.

Folder

All

The folder on the CyberArk Central Credential Provider server that contains the credentials you want to retrieve.

PolicyID All  

Vault Use SSL

All

When enabled, Tenable.sc uses SSL through IIS for secure communications. You must configure SSL through IIS in CyberArk Central Credential Provider before enabling this option.

Vault Verify SSL

All

When enabled, Tenable.sc validates the SSL certificate. You must configure SSL through IIS in CyberArk Central Credential Provider before enabling this option.

For more information about using self-signed certificates, see the Nessus custom_CA.inc documentation.

CyberArk AIM Service URL All

The URL for the CyberArk AIM web service. By default, Tenable.sc uses /AIMWebservice/v1.1/AIM.asmx.

Password Options

The following table describes the additional options to configure when using Password as the Authentication Method for database credentials.

Option Database Types Description
Username All The username for a user on the database.
Password All The password associated with the username you provided.
Port All The port the database is listening on.
Database Name

IBM D2

PostgreSQL

The name for your database instance.
Authentication

Oracle Database

SQL Server

The type of account you want Tenable.sc to use to access the database instance.
Service Type Oracle Database The Oracle parameter you want to use to identify the database instance: SID or Service Name.
Service Oracle Database

The SID value for your database instance or a SERVICE_NAME value.

The Service value you enter must match your parameter selection for the Service Type option.

Instance Name SQL Server The name for your database instance.

Lieberman Options

The following table describes the additional options to configure when using Lieberman as the Authentication Method for IBM DB2, SQL Server, MySQL, Oracle Database, or PostgreSQL database credentials.

Note: You must meet the version requirements specified in Tenable Integrated Product Compatibility.

Option Database Types Description
Username

All

The username for a user on the database.
Port

All

The port the database is listening on.
Database Name

IBM DB2

PostgreSQL

The name for your database instance.
Authentication

Oracle Database

SQL Server

The type of account you want Tenable.sc to use to access the database instance.
Service Type Oracle Database The Oracle parameter you want to use to identify the database instance: SID or Service Name.
Service Oracle Database

The SID value for your database instance or a SERVICE_NAME value.

The Service value you enter must match your parameter selection for the Service Type option.

Instance Name

SQL Server

The name for your database instance.
Lieberman Host

All

The Lieberman IP address or DNS address.
Lieberman Port

All

The port Lieberman is listening on.
Lieberman User

All

The username for the Lieberman explicit user you want Tenable.sc to use for authentication to the Lieberman Rapid Enterprise Defense (RED) API.

Lieberman Password

All

The password for the Lieberman explicit user.

Use SSL

All

When enabled, Tenable.sc uses SSL through IIS for secure communications. You must configure SSL through IIS in Lieberman before enabling this option.

Verify SSL Certificate

All

When enabled, Tenable.sc validates the SSL certificate. You must configure SSL through IIS in Lieberman before enabling this option.

System Name

All

The name for the database credentials in Lieberman.

Hashicorp Vault

The following table describes the additional options to configure when using Hashicorp Vault as the Authentication Method for IBM DB2, SQL Server, MySQL, Oracle Database, or PostgreSQL database credentials.

Option Description Required
Port (Oracle, IBM, MySQL, PostgreSQL, SQL Server) The port on which Tenable.sc communicates with the database. yes
SID (MySQL) The security identifier used to connect to the database. yes
Authentication (Oracle, SQL Server)

(Oracle) The role type used for the database authentication. (Normal, System Operator, Sys- tem Database Administrator)

(SQL Server) The authentication mode the data- base uses. (SQL or Windows)

yes
Database Name (IBM, PostgreSQL) The name of the database. no
Instance Name (SQL Server) The SQL server name. yes

Hashicorp Host

(Required) The Hashicorp Vault IP address or DNS address.

Note: If your Hashicorp Vault installation is in a subdirectory, you must include the subdirectory path. For example, type IP address or hostname/subdirectory path.

yes

Hashicorp Port

(Required) The port on which Hashicorp Vault listens.

yes
Authentication Type (Oracle, SQL Server)

(Oracle) The role type used for the database authentication. (Normal, System Operator, or System Database Administrator)

(SQL Server) The authentication mode the database uses. (SQL or Windows)

yes
Service Type (Oracle) The unique SID or Service Name that identifies your database. yes
Service (Oracle)

The SID or Service Name value for your database instance.

Note: The Service value must match the Service Type option parameter selection.

yes

Authentication Type

Specifies the authentication type for connecting to the instance: App Role or Certificates.

If you select Certificates, additional options for Hashicorp Client Certificate (Required) and Hashicorp Client Certificate Private Key (Required) appear. Select the appropriate files for the client certificate and private key.

yes

Role ID

The GUID provided by Hashicorp Vault when you configured your App Role.

yes
Role Secret ID

The GUID generated by Hashicorp Vault when you configured your App Role.

yes
Authentication URL

The URL Tenable.sc uses to access Hashicorp Vault.

yes
Namespace The name of a specified team in a multi-team environment. no
KV Engine URL The URL Tenable.sc uses to access the Hashicorp Vault secrets engine. yes

Username Source

Specifies if the username is input manually or pulled from Hashicorp Vault.

yes
Username key The name in Hashicorp Vault that usernames are stored under.  

Username

(Only displays if Username Source is Manual Entry) The name in Hashicorp Vault that usernames are stored under.

yes
Password key The key in Hashicorp Vault that passwords are stored under. yes
Secret Name The key secret you want to retrieve values for. yes