Database Credentials

Note: Some credential types may not be available for configuration, depending on the scan template you selected.

The following topic describes the available Database credentials.

Cassandra

Option

Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.

Port

The port the database listens on. The default is port 9042.

Delinea Secret Server Auto-Discovery

Option Description Required

Delinea Host

The Delinea Secret Server host to pull the secrets from.

Yes

Delinea Port

The Delinea Secret Server Port for API requests. By default, Tenable uses 443.

Yes

Delinea Authentication Method

Indicates whether to use credentials or an API key for authentication. By default, Credentials is selected.

Yes
Delinea Login Name

The username to authenticate to the Delinea server.

 Yes
Delinea Password The password to authenticate to the Delinea server. This is associated with the provided Delinea Login Name.

Yes
Delinea API Key The API key generated in the Secret Server user interface. This setting is required if the API Key authentication method is selected.

Yes
Query Mode Choose to query accounts using pre-set fields or by constructing a string of URL query parameters. By default, Simple is selected.

Yes
Folder ID

Query accounts with the given folder ID. This option is only available if query mode is set to Simple.

 No

Search Text

Query accounts matching the given search text. This option is only available if query mode is set to Simple.

No

Search Field

The field to search using the given search text. If not specified, the query will search the name field. This option is only available if query mode is set to Simple.

No
Exact Match Perform an exact match against the search text. By default, this is unselected. This option is only available if query mode is set to Simple.

No
Query String Provide a string of URL query parameters. This option is only available if query mode is set to Advanced, and in that case it is required.

Yes
Use Private Key Use key-based authentication for SSH connections instead of password authentication.

No
Use SSL Use SSL for secure communications.

Yes
Verify SSL Certificate Verify the Delinea Secret Server SSL certificate.

No

DB2

The following table describes the additional options to configure for DB2 credentials.

Options Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • Import

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.
Database Port The TCP port that the IBM DB2 database instance listens on for communications from Tenable Vulnerability Management. The default is port 50000.
Database Name The name for your database (not the name of your instance).

MongoDB

Option

Description
Auth Type

The authentication method for providing the required credentials.

Note: This option is only available for non-legacy versions of the MongoDB authentication method.

  • Password

  • Client Certificate

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.

Username

(Required) The username for the database.

Password

(Required) The password for the supplied username.

Database

The name of the database to authenticate to.

Tip: To authenticate via LDAP or saslauthd, type $external.

Port

(Required) The TCP port that the MongoDB database instance listens on for communications from Tenable Vulnerability Management.

MySQL

The following table describes the additional options to configure for MySQL credentials.

Options Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • Import

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.
Username The username for a user on the database.

Password

 The password associated with the username you provided.
Database Port The TCP port that the MySQL database instance listens on for communications from Tenable Vulnerability Management. The default is port 3306.

Oracle

The following table describes the additional options to configure for Oracle credentials.

Options Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • Import

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.
Database Port The TCP port that the Oracle database instance listens on for communications from Tenable Vulnerability Management. The default is port 1521.
Auth Type

The type of account you want Tenable Vulnerability Management to use to access the database instance: 

  • SYSDBA
  • SYSOPER
  • NORMAL
Service Type The Oracle parameter you want to use to specify the database instance: SID or SERVICE_NAME.
Service

The SID value or SERVICE_NAME value for your database instance.

The Service value you enter must match your parameter selection for the Service Type option.

PostgreSQL

The following table describes the additional options to configure for PostgreSQL credentials.

Options Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • Client Certificate

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.
Database Port The TCP port that the PostgreSQL database instance listens on for communications from Tenable Vulnerability Management. The default is port 5432.
Database Name The name for your database instance.

SQL Server

The following table describes the additional options to configure for SQL Server credentials.

Options Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • Import

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.
Username The username for a user on the database.

Password

 The password associated with the username you provided.
Database Port The TCP port that the SQL Server database instance listens on for communications from Tenable Vulnerability Management. The default is port 1433.

AuthType

The type of account you want Tenable Vulnerability Management to use to access the database instance: SQL or Windows.
Instance Name The name for your database instance.

Sybase ASE

The following table describes the additional options to configure for Sybase ASE credentials.

Options Description
Auth Type

The authentication method for providing the required credentials.

  • Password

  • CyberArk

  • Lieberman

  • Hashicorp Vault

For descriptions of the options for your selected authentication type, see Database Credentials Authentication Types.
Database Port The TCP port that the Sybase ASE database instance listens on for communications from Tenable Vulnerability Management. The default is port 3638.
Auth Type

The type of authentication used by the Sybase ASE database: RSA or Plain Text.