Remove Credentials from a Scan

If you remove scan-specific credentials from a scan, Tenable Vulnerability Management deletes the credentials record.

If you remove managed credentials from a scan, Vulnerability Management deletes the association between the managed credentials record and the scan, but retains the managed credentials.

To remove a credential from a scan:

  1. Use the GET /editor/scan/{scan_id} endpoint to view configuration details for the scan.
  2. Find the object for the credential type. For example, search on "Windows" to locate the Windows credentials.
  3. In the object for that credential type, find the instances array.
  4. In the instances array, note the id value for the object representing the credential you want to remove:
    • For scan-specific credentials, the ID is an integer that uniquely identifies the credential instance (for example, 264).
    • For managed credentials, the ID is a string specifying the UUID of the managed credential (for example, fc6c273e-1439-40ca-89b2-97f6d6efab9f).
  5. Use the id value in the credentials[].delete object in a PUT /scans/{scan_id} endpoint request.

For scan-specific credentials, the credentials[].delete object has the following format:

{
  "credentials": {
    "delete": [
      000
    ]
  }
}

where 000 represents the id integer.

For managed credentials, the credentials[].delete object has the following format:

{
  "credentials": {
    "delete": [
      "{id}"
    ]
  }
}

where {id} represents the id string.

Example Assessment Scan: Scan-Specific Credentials

This example request body deletes scan-specific credentials from an existing Malware scan. This example also uses a target group, instead of listing individual targets.

{
  "uuid": "50874b78-a0e3-4cd6-a03e-75409443a95fa918400c42a035f7",
  "settings": {
    "name": "northern-region-assets",
    "target_groups": [
      2, 
      8, 
      12
    ]
  },
  "credentials": {
    "delete": [
    	264    	
    ]
  }
}

Example Assessment Scan: Managed Credentials

This example request body deletes scan-specific credentials from an existing Malware scan. This example also uses a target group, instead of listing individual targets.

{
  "uuid": "50874b78-a0e3-4cd6-a03e-75409443a95fa918400c42a035f7",
  "settings": {
    "name": "northern-region-assets",
    "target_groups": [
      2, 
      8, 
      12
    ]
  },
  "credentials": {
    "delete": [
      "fc6c273e-1439-40ca-89b2-97f6d6efab9f"     
    ]
  }
}