Set Up SNMP Record

Create records to allow the service to authenticate to hosts that support the SNMP protocol (SNMPv1, SNMPv2c and SNMPv3).

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

 

- Go to Scans > Authentication.

- Create a SNMP record for the host. Go to New > Network and Security > SNMP.

SNMP community strings are used. The service will attempt to authenticate using several common default community strings, such as public, private, system, test, admin, access, and many more. Thus, you are not required to include any community strings in the record. If you do provide community strings in the record (up to 10), they will be used for authentication before the default community strings. For help on configuring SNMP community strings on various devices, please refer to your vendor's documentation.

First determine if authentication is required for communicating with the SNMPv3 service.

SNMP Authentication. Select this check box and provide SNMP authentication credentials (user name, password and algorithm). If not specified, the scanning engine will assume that authentication is not required. This corresponds to the SNMP security level "noAuthNoPriv" (without authentication and without privacy). The selected algorithm is used to safely prove to the SNMP server knowledge of the password without sending the password.

SNMP Encryption. Select this check box and provide SNMP encryption credentials (user name, password and algorithm) if privacy (data encryption) is to be used for SNMP communication. If not specified, the scanning engine will assume that privacy is not to be used for SNMP communication. This corresponds to SNMP security levels *NoPriv (without privacy). The selected algorithm is used to encrypt and decrypt SNMP messages.

Security Engine ID. If a security engine ID is part of the target host configuration, then it must be provided in the authentication record. If the security engine ID is not provided (and is required by the target host for all SNMP requests), then the SNMP service may not be detected on the target host and authentication will fail.

Context Engine ID/Context. If an SNMP context is configured on the target host, then you must provide the context engine ID used in scoped PDUs and/or context name in order for the scanning engine to retrieve context-sensitive information from the target host.

Select the target hosts (IPs) to authenticate to. Each IP may be included in one SNMP record.

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

 

Quick Links

Why use host authentication