Tenable.sc: Oracle Database CSV Enumeration with CyberArk

Introduction

Currently, in Tenable.sc, users have to add each Oracle Database credential set one at a time and apply each of these credentials to a scan policy. Once the scan is started, each of these credential sets is used to authenticate against each detected Oracle Database listener possibly resulting in multiple undesirable authentication attempts.

Change

An option is being officially introduced to the Oracle Database Credential which will allow users to specify a CSV file with the Oracle Database authentication settings used for the scan policy. This option allows users to more easily input credentials and to associate credentials with a specific listener on a host.

The authentication method supported at this time is CyberArk’s Privileged Access Security (PAS) solution. For this reason, at least one Oracle Database Credential with the CyberArk authentication method must be configured in the same scan policy to be able to retrieve the password.

The Oracle Database password is retrieved from the configured CyberArk PAS when the CSV specifies an account name (Account Details Name in Tenable.sc). Otherwise, the target host and username are used to retrieve the password.

Please refer to the Oracle Database credentials documentation for more information.

Impact

Only Tenable.sc users that have previously used the release candidate are impacted and should note the new CSV format as mentioned in the documentation.

Additional Resources

• How-to Guide: Tenable.sc for CyberArk
• Tenable.sc: Database Integration with CyberArk

Target Release Date

12 October 2020

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.