Each SAP Hana record identifies account login credentials, database information and target hosts (IPs).
This record type is only available in accounts with PC or SCA, and is only supported for compliance scans.
For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article:
Authentication Technologies Matrix
Go to Scans > Authentication, and then go to New > Databases > SAP HANA.
On the Login Credentials tab, choose Basic or Vault based authentication type. For Basic authentication, you'll provide the username and password to be used for authentication to the SAP Hana server. For Vault based authentication, you'll provide the username for authentication, and then pick the vault type and vault record for password retrieval. At scan time, we'll authenticate to hosts with the username in your record and the password we find in your vault.
Need to create a vault record? Just go to Scans > Authentication > Vaults and tell us about your vault system.
On the Target Configuration tab, tell us the database name to authenticate to and the port the database is running on.
By default, the scanner will verify the SSL certificate used by the SAP HANA device to make sure the certificate is valid and trusted. You may want to clear this option to skip SSL verification if the device is not configured with a certificate, the certificate was not issued by a well-known certificate authority (CA) or the certificate is self-signed.
Enter a list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.
On the Unix Configuration tab, enter the full path to the SAP Hana configuration files on your Unix hosts. These files are accessed to run certain checks. Ensure that files are in the same location for all the hosts that you want scan.
Select the IP addresses for the SAP Hana databases that the scanning engine should log into using the specified credentials.
Managers can add authentication records. Unit Managers must be granted the Create/edit authentication records permission.
When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.