Skip to main content

Credentialed Scanning

Brian Drake
Updated

In order to get a deeper look into a device's potential vulnerabilities, it is necessary to perform local checks and queries on the device itself. This is accomplished through Credentialed Scanning, which is configured in the Nodeware Portal dashboard on a per-Sensor basis via "MANAGE CUSTOMER" as seen in Fig. 1.

mceclip0.png

FIG 1 - Sensor Web Portal config view

Credential Types

You can provide 3 types of credentials to use during vulnerability scans:

NOTE: You can only use 1 of each type of credential.

  • WinRM (Windows Remote Management) Credentials
    • Can be Domain Admin accounts or local accounts
      • NOTE: You should create a "NODEWARE" specific account.
    • Reads installed software registry entries in read-only mode
  • SSH (Secure Shell) Credentials
    • Local Linux security audit framework
    • Reads installed software package information

 

mceclip1.png

FIG 2 - Create Scan Credential form

Enable Credentialed Scanning

  1. Fill in the required fields see FIG 2 above
  2. From the Credential Scanning button located under Manage Customer in the Nodeware Portal, click Add Credential
  3. Your credential is now active, similar to Fig. 3, and will be used in new scans

 

mceclip2.png

FIG 3 - Credentialed Scanning with valid credentials

Apply Credentials to a Host

  • Now that you have your credentials created, it's time to apply them for use to a host.


  • Go to the DEVICES button located on the left
  • You will be presented with the following screen

mceclip0.png

Select "Enable Credentials"

mceclip1.png

Select you credentials and operating system type and click "Enable"

mceclip2.png

 

Verify Credentials are Correct

Clicking into the assets in which credentials have been applied will show a BLUE doughnut graph indicating the credentials are working correctly.
If the doughnut graph is RED, the credentials contain an error.
Clicking on the doughnut will reveal the error

mceclip0.png

 

Credential Storage Security

All credentials entered into your Nodeware Portal are immediately hashed and stored securely. The credentials cannot be recovered by support staff or accessed by Nodeware software in plain-text format. Because of these security measures, credentials cannot be updated.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk