It's easy to store your passwords and other sensitive information using your CA PAM (Privileged Access Manager) solution and use them for authentication.
How to Use Vaults |
Click here and we'll walk you thru the steps. Add IP addresses to scan, configure scanner appliances, configure vaults and authentication records, set up option profiles and start scanning! |
Vault Credentials |
These credentials may be defined for your CA PAM vault. |
URL The HTTP or HTTPS URL to access the CA PAM Vault HTTP API. |
SSL Verify Qualys scanners will verify the SSL certificate of the web server to make sure the certificate is valid and trusted, unless you clear (un-check) the SSL Verify option. You may want to clear this option to skip SSL verification if the certificate was not issued by a well-known certification authority (CA) or if the certificate is self-signed. |
APIKey Name The user account that can call the CA PAM Vault HTTP API. |
API Key The password for the user account that can call the CA PAM Vault HTTP API. |
Authentication Record |
Choose the CA PAM vault in your authentication record and provide these details. |
Vault Device Type The type of device for which password is stored. Select Device Name or Device Host. |
Vault Device Name Enter the device name defined in the vault configuration. You can use one or more variables in order to match several targets that use the same naming convention.
${ip} // The IP address of the target, i.e. 10.20.30.40. ${ip_dash} // The IP address of the target with dashes instead of dots, i.e. 10-20-30-40. ${dnshost} // The DNS host name of the target, i.e. host.domain. ${host} // The host name of the target, i.e. host before .domain. ${nbhost} // (Windows only) The NetBIOS host name of the target in upper-case, i.e. HOST_ABC. |
Vault Device Host Enter the host name defined in the vault configuration. You can use one or more variables in order to match several targets that use the same naming convention.
${ip} // The IP address of the target, i.e. 10.20.30.40. ${ip_dash} // The IP address of the target with dashes instead of dots, i.e. 10-20-30-40. ${dnshost} // The DNS host name of the target, i.e. host.domain. ${host} // The host name of the target, i.e. host before .domain. ${nbhost} // (Windows only) The NetBIOS host name of the target in upper-case, i.e. HOST_ABC. |
Vault App Name Application name as defined in the vault configuration for accessing a specific device. |
You can use one or more variables when defining the device name or device host in order to match several targets that use the same naming convention. During the scan, we'll match the variables to hosts that are already defined in the vault.
Let's say you have these 4 devices in CA PAM:
centos6-10-50-60-70.foo.bar
host40-10-20-30-40
host80-10-50-60-70
host12-10-30-10-12
You’ll need to create 2 records with the following configuration.
Record 1: ${dnshost} (matches centos6-10-50-60-70.foo.bar)
Record 2: ${host}-${ip_dash} (matches host40-10-20-30-40, host80-10-50-60-70, host12-10-30-10-12)