Example: Determine Windows Password Credentials
This example describes recommended steps for determining settings for standard Windows credentials.
STEP 1: Get the list of settings for all supported credential types
List settings for all credentials types, using the GET /credentials/types endpoint.
Example (Excerpted from Response Message)
{
"credentials": [
{
"id": "Host",
"category": "Host",
"default_expand": true,
"types": [
{
"id": "Windows",
"name": "Windows",
"max": -1,
"configuration": [
{
"type": "select",
"name": "Authentication method",
"default": "Password",
"required": true,
"id": "auth_method",
"options": [
{
"name": "Password",
"inputs": [
{
"type": "text",
"name": "Username",
"required": true,
"placeholder": "administrator",
"id": "username"
},
{
"type": "password",
"name": "Password",
"required": true,
"id": "password"
},
{
"type": "text",
"name": "Domain",
"id": "domain"
}
],
"id": "Password"
}
]
}
]
}
]
}
]
}
STEP 2: Locate the specific settings for the credential type you want to use
Because the list of all settings can be substantial, Tenable recommends narrowing down your search first by credential category (Host
in this example), then by credential type (Windows
), then configuration
object.
For more information about the attributes the configuration
object can include, see Determine Settings for a Credential Type.
STEP 3: Analyze the 'inputs' attributes for the Windows credential object
The configuration.option.inputs
object contains attributes that represent the parameters Vulnerability Management prompts users to provide when adding the credential in the user interface.
The inputs also represent the parameters you use in creating a managed credential object using the API.
In this example, the following inputs correspond to the parameters you want to use:
username
password
domain
Use the id
attribute for each setting, rather than the name
attribute.
STEP 4: Determine the authentication method ID
The settings
object for Windows credentials includes the required element auth_method
, which specifies the authentication method that the scanner uses when connecting to the Windows device.
Use the configuration.options.id
attribute as the auth_method
value.
In this example, the auth_method
value is Password
.
STEP 5: Construct the credentials object
Using the settings you have just determined, you can construct a credentials object.
The format of the credentials object depends on whether you want to use the object to add a credential to a scan or create a managed credential. For more information, see Construct a Credentials Object.
Example: Scan-Specific Credentials Object
{
"Host": {
"Windows": [
{
"domain": "",
"username": "[email protected]",
"auth_method": "Password",
"password": "aJ^deq34Rc"
}
]
}
}
Example: Managed Credentials Object
{
"type": "Windows",
"settings": {
"domain": "",
"username": "[email protected]",
"auth_method": "Password",
"password": "aJ^deq34Rc"
}
}
Updated 3 days ago