Database Authentication

Qualys Cloud Agent allows you for database authentication using CyberArk Vault. You can configure your Cloud Agent to fetch the authentication credentials for database instances and use them for database assessment. Database assessment with CyberArk Vault using Qualys Cloud Agent for Windows currently allows only policy compliance control assessment.

Pre-requisites for Database Authentication

Your system must fulfill the following requirements to Configure Cloud Agent for Database Authentication.

• You must have Windows Cloud Agent Version 5.6.0 or above installed.
• You must have a subscription to the Policy Compliance application and Middleware Assessment.
• You must have Microsoft SQL Server 2014/2016/2019/2022 installed.
• You must have CyberArk Application Access Manager (AAM) Installed. If the AAM is installed in a directory other than the default path, ensure that the following environment variables are defined in the system variables.
  
  Variable Name: PAM_SDK
  
  Variable Value: CUSTOMPATH\CyberArk\ApplicationPasswordSdk
• Application ID with QualysAgent name is created in CyberArk Vault.
• Ensure that SQL Server Authentication Credentials are stored in the CyberArk Vault and required access permissions are assigned to it.
•  Store the username for a Windows Domain user account in CyberArk Vault using the User Principal Name (UPN) format. 
  
  The UPN format contains the domain user name with the DNS Domain name, for example, UserName@DNSDomainName.
• Install the C:\Program Files\CyberArk\ApplicationPasswordSdk\CPasswordSDK64.dll certificate in trusted root certification authorities for DLL Signature verification by the Qualys Cloud Agent.

Refer to the Qualys Cloud Agent Online Help to learn more about Database Assessment configuration.