Release Highlight: CyberArk Query by hostname or FQDN

Summary

Tenable has added an enhancement to the CyberArk PAM integration. The integration can now query for accounts associated with target hostnames in addition to target IP addresses. Prior to this change, querying for a credential by username or by address would require the target account to be associated with the resolved IP address of the target. Now, users can associate accounts in CyberArk with the host name or fully qualified domain name (FQDN) of the target instead of just the IP address. In CyberArk, the target account’s “Address” can now either be the hostname/FQDN as it was entered in the target list, or the resolved IP address.

Scope

This change only applies to the CyberArk credential and only applies when “Get Credential By” is set to “Username” or “Parameters”.

The following credentials are not affected by this change:

• CyberArk with Auto-Discovery
• CyberArk (Legacy)

Impact

Prior to this change, customers may have created accounts associated with the resolved target IP addresses, despite entering those targets’ hostnames or FQDN as the scan targets. This configuration will continue to work for backwards compatibility, but now they can be associated with the hostname or FQDN instead.

While backwards compatibility is being preserved, we encourage customers to review their configurations.

Release

Immediate for TVM, Nessus and SC.