Example: Determine Windows Password Credentials

This example describes recommended steps for determining settings for standard Windows credentials.

STEP 1: Get the list of settings for all supported credential types

List settings for all credentials types, using the GET /credentials/types endpoint.

Example (Excerpted from Response Message)

{
  "credentials": [
    {
      "id": "Host",
      "category": "Host",
      "default_expand": true,
      "types": [
        {
          "id": "Windows",
          "name": "Windows",
          "max": -1,
          "configuration": [
            {
              "type": "select",
              "name": "Authentication method",
              "default": "Password",
              "required": true,
              "id": "auth_method",
              "options": [
                {
                  "name": "Password",
                  "inputs": [
                    {
                      "type": "text",
                      "name": "Username",
                      "required": true,
                      "placeholder": "administrator",
                      "id": "username"
                    },
                    {
                      "type": "password",
                      "name": "Password",
                      "required": true,
                      "id": "password"
                    },
                    {
                      "type": "text",
                      "name": "Domain",
                      "id": "domain"
                    }
                  ],
                  "id": "Password"
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

STEP 2: Locate the specific settings for the credential type you want to use

Because the list of all settings can be substantial, Tenable recommends narrowing down your search first by credential category (Host in this example), then by credential type (Windows), then configuration object.

For more information about the attributes the configuration object can include, see Determine Settings for a Credential Type.

STEP 3: Analyze the 'inputs' attributes for the Windows credential object

The configuration.option.inputs object contains attributes that represent the parameters Vulnerability Management prompts users to provide when adding the credential in the user interface.

The inputs also represent the parameters you use in creating a managed credential object using the API.

In this example, the following inputs correspond to the parameters you want to use:

  • username
  • password
  • domain

Use the id attribute for each setting, rather than the name attribute.

STEP 4: Determine the authentication method ID

The settings object for Windows credentials includes the required element auth_method, which specifies the authentication method that the scanner uses when connecting to the Windows device.

Use the configuration.options.idattribute as the auth_method value.

In this example, the auth_method value is Password.

STEP 5: Construct the credentials object

Using the settings you have just determined, you can construct a credentials object.

The format of the credentials object depends on whether you want to use the object to add a credential to a scan or create a managed credential. For more information, see Construct a Credentials Object.

Example: Scan-Specific Credentials Object

{
  "Host": {
    "Windows": [
      {
        "domain": "",
        "username": "[email protected]",
        "auth_method": "Password",
        "password": "aJ^deq34Rc"
      }
    ]
  }  
}

Example: Managed Credentials Object

{
    "type": "Windows",
    "settings": {
        "domain": "",
        "username": "[email protected]",
        "auth_method": "Password",
        "password": "aJ^deq34Rc"
    }
}