Add Credentials to a Scan

To add credentials to a scan:

  1. Determine whether you want to add scan-specific credentials or managed credentials to the scan. You can add both scan-specific credentials and managed credentials to a single scan.
  2. For scan-specific credentials:
    a. Determine the settings for the specific credential type.
    b. (Optional) If a specific setting requires a file (for example, a private key file for SSH credentials), use the POST /file/upload endpoint to upload the files to Tenable Vulnerability Management. Be sure to retain the fileuploaded value from the response message to use in the next step. The supported file types are pem, json, csv, x.509, p12, ssh (only RSA and DSA OpenSSH keys/certificates are supported), and cookie (Netscape cookies.txt format).
  3. For managed credentials, determine the UUID of the managed credentials you want to use. For information about creating managed credentials, see Create Managed Credentials managed credentials.
  4. Use the credentials[].add object in the request body of either the POST /scans endpoint (for new scans) or the PUT /scans/{scan_id} endpoint (for existing scans).

You can use a single request message to add multiple credentials[].add objects to a single scan.

The parameters of the credentials[].add object vary depending on whether you want to add scan-specific or managed credentials.

For scan-specific credentials, the credentials[].add object is formatted as follows:

{
  "credentials": {
    "add": {
      "{credential_category}": {
        "{credential_type}": [
          {
          "{credential_setting_1}": "{value_1}",
          "{credential_setting_2}": "{value_2}",
          "{credential_setting_3}": "{value_3}"
          }
        ]
      }
    }
  }
}

The settings in the credentials object vary based on credential category, credential type, and type-specific settings. For more information, see Construct a Credentials Object.

For managed credentials, the credentials[].add object is formatted as follows:

{
  "credentials": {
    "add": {
      "{credential_category}": {
        "{credential_type}": [
          {
            "id": "{string}"
          }
        ]
      }
    }
  }
}

The id parameter specifies the UUID of the managed credential you want to add.

Example Assessment Scan: Add Scan-Specific Credential (Windows)

This example request body adds scan-specific credentials to an existing Malware scan. This example also uses a target group, instead of listing individual targets.

{
  "uuid": "98841042-2aaf-4a44-a310-5b67c8d2544aa918400c42a035f7",
  "settings": {
    "name": "northern-region-assets",
    "target_groups": [2, 8, 12]
  },
  "credentials": {
    "add": {
      "Host": {
        "Windows": [
          {
          "domain": "",
          "username": "[email protected]",
          "auth_method": "Password",
          "password": "aJ^deq34Rc"
          }
        ]
      }
    }
  }
}

Example Assessment Scan: Add Managed Credentials (Windows)

This example request body adds managed credentials to an existing Malware scan. This example also uses a target group, instead of listing individual targets.

{
  "uuid": "98841042-2aaf-4a44-a310-5b67c8d2544aa918400c42a035f7",
  "settings": {
    "name": "northern-region-assets",
    "target_groups": [2, 8, 12]
  },
  "credentials": {
    "add": {
      "Host": {
        "Windows": [
          {
            "id": "7fefd74f-acac-4914-9806-e47d2ed91fc1"
          }
        ]
      }
    }
  }
}