Manage Credentials
In Tenable Vulnerability Management, you can use credentials to grant a scanner local access to scan a target system without requiring an agent. Configuring credentialed scans allows Vulnerability Management to perform a wider variety of checks than non-credentialed scans, which can result in more accurate scan results. This facilitates scanning of a very large network to determine local exposures or compliance violations.
Credentialed scans can perform any operation that a local user can perform. The level of scanning depends on the privileges granted to the user account. The more privileges the scanner has via the login account (for example, root or administrator access), the more thorough the scan results.
In Vulnerability Management, you can create credentials for use in scans in the following ways:
Category | Description | Parameter |
---|---|---|
Scan-specific |
| credentials object in the scan |
Policy-specific |
| credentials object in the policy |
Managed |
| POST /credentials endpoint |
The settings you configure for a credential vary based on the credential type. Credential types include:
- Cloud Services
- Database
- Host
- Miscellaneous
- Mobile Device Management
- Patch Management
- Plaintext authentication
For more information, see:
- Determine Settings for a Credential Type
- Example: Windows Password Credentials
- Create a Scan (for scan-specific credentials)
- Create a Managed Credential
- Update a Scan (for scan-specific credentials)
- Edit Managed Credentials
- Add Credentials to a Scan
- Remove Credentials from a Scan
- Convert Scan-specific to Managed Credentials
Updated 3 days ago