Delinea Secret Server functionality for on-premises and...
Delinea Secret Server functionality for on-premises and cloud Summary Tenable has verified that our existing PAM integration with Delinea Secret Server works with both the on-premises and cloud versions. Change Minor changes were made to our integration for added Secret Server cloud compatibility. More details may be found about this integration within the product documentation for Nessus (Windows, SSH), Tenable Vulnerability Management (Windows, SSH), and Tenable Security Center (Windows, SSH). Impact If customers encounter issues with this integration, please open a ticket with Technical Support. Tenable will engage with Delinea as needed to identify and resolve any issues. Release Date April 29, 2024 - TVM, Nessus, and Security Center
Arcon Privileged Access Management Integration Database...
Arcon Privileged Access Management Integration Database Support Summary We are proud to announce that Tenable customers can now use the Arcon Privileged Access Management (PAM) Integration to gather database credentials to be used for target authentication during a scan in Tenable Vulnerability Management and Nessus Manager, with tentative plans to release this feature in Tenable Security Center. Arcon PAM integration now supports database target authentication. With this addition, customers will benefit from streamlined privileged access to use in credentialed vulnerability scans, providing a more comprehensive understanding of your cyber exposure. Database integration includes the following database types: Oracle SQL Server MySQL MongoDB PostgreSQL Sybase ASE DB2 We support Arcon v4.8.5.0 for all types except DB2 which requires v4.8.5.0 U16SP2. Release Date October 2nd 2023CyberArk Database Dynamic Scanning Summary We are proud to...
CyberArk Database Dynamic Scanning Summary We are proud to announce a major feature request for our modern CyberArk integration that eliminates A) the requirement for the user to manually add specific targets to the target settings and B) the need to create multiple credentials in a single scan. However, this feature does allow end users to create up to five credentials in a single scan. This feature takes advantage of CyberArk’s PVWA REST API to gather bulk account data, adds targets to the scan automatically based on user driver query parameters, and requests passwords from the CCP/AIM Web Service. Not only does this eliminate the requirement for the user to manually add specific targets to the settings and the need to create multiple credentials, but it also reduces calls to gather passwords. How it Works When users create a scan they only need to add one arbitrary target to the settings and set up a single credential (reference the two new credential types in the changes below). The credential simply allows communication and authentication between the scanner/sensor and the two CyberArk APIs (PVWA REST API and CCP/AIM Web Service REST API). First, we reach out to the PVWA REST API to gather bulk account details for accounts that meet criteria entered by the user within a ‘platform’ query field. We store this account data and automatically add targets/hosts to the scan. On a host-by-host basis, we request a password based on specific account details. If there are 100 targets added to the scan automatically, we make 100 password requests. As mentioned in the summary, this eliminates the need to make unnecessary requests to ‘try’ multiple credentials against a single target. Changes and Important Notes There is a new Database Credential for all Database Types called CyberArk Database Auto-Discovery Users only need to enter a single arbitrary target to the scan users only need to set up a single credential mentioned above, but can configure up to 5 if they choose to. The current CyberArk credential will remain unchanged and is still available for use Users will have to configure specific UI/backend properties (field) within their CyberArk instance for some of the database types. Some database types require more details for authentication like service (database name), service type, and authentication type). Specific guidance can be found in our Cyberark Integration Doc For more information please refer to our documentation pages. TVM: https://docs.tenable.com/integrations/CyberArk/vulnerability-management/Content/DynamicScannngIntro.htm Nessus: https://docs.tenable.com/integrations/CyberArk/Nessus/Content/DynamicScannngIntro.htm Impact to Existing Scan Policies There are no impacts to existing CyberArk credential configurations. Release Date TVM/Nessus: Tuesday September 5th 2023CyberArk SSH/Windows Dynamic Scanning Summary We are proud...
CyberArk SSH/Windows Dynamic Scanning Summary We are proud to announce a major feature request for our modern CyberArk integration that eliminates A) the requirement for the user to manually add specific targets to the target settings and B) the need to create multiple credentials in a single scan. However, this feature does allow end users to create up to five credentials in a single scan.This feature takes advantage of CyberArk’s PVWA REST API to gather bulk account data, adds targets to the scan automatically based on user driver query parameters, and requests passwords from the CCP/AIM Web Service. Not only does this eliminate the requirement for the user to manually add specific targets to the settings and the need to create multiple credentials, but it also reduces calls to gather passwords. How it Works When users create a scan they only need to add one arbitrary target to the settings and set up a single credential (reference the two new credential types in the changes below). The credential simply allows communication and authentication between the scanner/sensor and the two CyberArk APIs (PVWA REST API and CCP/AIM Web Service REST API). First, we reach out to the PVWA REST API to gather bulk account details for accounts that meet criteria entered by the user within a ‘platform’ query field. We store this account data and automatically add targets/hosts to the scan. On a host-by-host basis, we request a password based on specific account details. If there are 100 targets added to the scan automatically, we make 100 password requests. As mentioned in the summary, this eliminates the need to make unnecessary requests to ‘try’ multiple credentials against a single target. Changes and Important Notes There will be two NEW credential types: SSH: CyberArk SSH Auto-Discovery Windows: CyberArk Windows Auto-Discovery users only need to enter a single arbitrary target to the scan users only need to set up a single credential mentioned above, but can configure up to 5 if they choose to. The current CyberArk credential will remain unchanged and is still available for use Privilege Escalation on SSH is available using this new feature, but only the SUDO method at this time. Domain support is included with Windows configuration, but based on the Domain value in the CyberArk Account details. SSH Key authentication is supported, but privilege escalation is not available for this authentication type at this time. For more information please refer to our documentation pages. TVM: https://docs.tenable.com/integrations/CyberArk/vulnerability-management/Content/DynamicScannngIntro.htm Nessus: https://docs.tenable.com/integrations/CyberArk/Nessus/Content/DynamicScannngIntro.htm Impact to Existing Scan Policies There are no impacts to existing CyberArk credential configurations. Release Date TVM/Nessus: Tuesday September 5th 2023