Why Use Host Authentication?

Unix anomalies: We write temporary files to the device and remove them when the scan is finished. There can also be side effects from commands run, some of which are applications (browsers, etc).

Dissolvable Agent (Windows): When enabled, we write the dissolvable agent file to the device and remove it when the scan is finished. Learn more

Agentless Tracking (Windows, Unix): When enabled, we write a host ID file to the device at the time of the first scan. Note - the Manager primary contact for the subscription can do a cleanup action to remove the host ID file from hosts at any time. Learn more

Cleanup Issues (Windows, Unix): In rare cases, if a scan terminates before cleaning up temporary files or the dissolvable agent, the files may persist. This generally should not occur.

1 - Add authentication records for your host technologies. Go to Scans > Authentication and create new records from the New menu. For each record you'll provide login credentials that our service will use to log in to each host at scan time. Each record is defined for a technology, like Windows, Unix, Oracle, etc and you can have multiple records per technology.

Did you know? For several server applications you can have authentication records created for you automatically. Learn about instance discovery and system authentication records

2 - Add authentication vaults, if applicable. We support integration with multiple third party password vaults. Go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record. At scan time, we'll authenticate to hosts using credentials retrieved from your vault.

Check the account requirements

Who can create records?

For vulnerability scans you must enable authentication in an option profile and then select the profile at scan time. Go to Scans > Option Profiles. Edit an option profile (or create a new one), go to the Scan section and select each type of authentication you want to use.

Want to test authentication? Select "Enable authentication testing" in your option profile. Then run a scan using this profile to identify issues with authentication credentials before running a full scan.

Before you begin be sure the IPs you want to scan are already defined in your records.

To start your scan go to Scans > New > Scan (or Scheduled Scan) and enter your scan settings.

For a vulnerability scan, make sure you select the option profile that you've enabled with authentication.

We recommend you verify that authentication was successful after your authenticated scans finish. Be sure to resolve authentication failures before the next scan.

How to verify authentication for your scans

How to run the Authentication Report

Use the Credentials Breakdown to quickly filter your records list to show:

- Credentials that have not been attempted in the last 30 days (Unused)

- Credentials that were successful 100% of the time (Passing)

- Credentials that were not successful for some of the hosts in the record (Problematic)

- Credentials that were not successful for more than 50% of the hosts in the record (Failing)

- Credentials stored in a password vault (In Vault)

Tip - You can also search for records by type, network, title, IP address and vault type.

Drill down into record details to see pass/fail authentication status for your scanned hosts. The Updated column shows you when each host was last scanned using authentication - this is when the status was last updated.

Pass - Authentication to the host was successful.

Fail - Authentication to the host was not successful. Please refer to the Cause column for more information like the credentials used in the authentication attempt.

Not Attempted - Authentication to the host was not used (not counted as pass or fail). Perhaps you've never scanned the host using authentication or you did but the host scan data was purged. Please note - If you're in VM, we're looking at vulnerability scan data. If you're in PC, we're looking at compliance scan data. Let's say you scanned a host in PC using authentication but you didn't scan it in VM using authentication. You'll see a Pass/Fail status in PC and Not Attempted in VM.

Use the Search option at the top of the Authentication page to quickly find authentication records by different criteria like title, network, record type, IP address, modified date, and more.

Click Search to see the search options available, make your selections and then click Search again. You can also simply start typing in the Search field to find a search category and then provide a search value.

Click Clear Search to clear the Search field and show all records.

Search field

When searching by Modified date, please note that the search will look for records with a modified date less than the date entered. It does NOT search for records equal to the date entered. For example, if you select a Modified date of 11/10/2021, then we will return records modified before this date. We will not return records modified on this date.

You can download any data list within the UI in order to view your configurations outside of the product. Learn more.