Why Use Host Authentication?

Using host authentication (trusted scanning) allows our service to log in to each target system during scanning. For this reason we can perform in depth security assessment and get better visibility into each system's security posture. Running authenticated scans gives you the most accurate results with fewer false positives.

Good to Know

Do I have to use authentication?
For vulnerability scans, authentication is optional but recommended. For compliance scans, authentication is required.

Are my credentials safe?
Yes, credentials are exclusively used for READ access to your system. Credentials are securely handled by the service and are only used for the duration of the scan.

In most cases, we do not modify or write to the device ...
unless the user enables optional scan features Dissolvable Agent and Agentless Tracking and accepts the agreement regarding terms of use. In some cases on Unix, there may be temporary data written during a scan.

Authentication records

Authentication Technologies Matrix

A10 (uses Unix record) | Apache Web ServerAzure MS SQLCisco | Cisco CUCM | Checkpoint Firewall | Docker | HTTP | IBM DB2 | IBM VIOS (uses Unix record) | IBM WebSphere App Server | Infoblox | InformixDB | JBoss | Kubernetes | MariaDB | Microsoft SharePoint | MongoDB| MS Exchange Server | MS IIS | MS SQL | MySQL | Neo4jNetScaler (uses Unix record) | Network SSHNginx | Oracle | Oracle CDB/PDBs | Oracle HTTP Server | Oracle Listener | Oracle System Record Template | Oracle WebLogic Server | Palo Alto Networks Firewall | Pivotal Greenplum | PostgreSQL | SAP HANA | SAP IQ | SNMP | Sybase | Tomcat Server | Unix | Unix-based systems | vCenter | VMware ESXi | Windows


When you send an IP address associated with multiple authentication records for a scanner to scan a particular host, the authentication records detail page displays only the record from the most recent attempt. 

- When you search for an authentication record using an IP, you can filter only those records that contain IPs/ Asset Groups, but not for records containing tags.

- You cannot filter or search records when you click on the graph in the authentication details page. However, you can use the search bar located at the top of the page to filter records based on their status.

 

Get Started

 

Your Authentication Dashboard

The Credentials Breakdown filters consider hosts scanned in the last 30 days only. View record details to see when each host was last scanned using authentication.

 

Note: In the graph displayed on the Authentication details tab, the Not Attempted count displays the remaining IP count in the authentication record for which there is no Pass/Fail authentication status. Therefore, there can be a discrepancy between the Not Attempted status count in the graph and the list on the Authentication details tab.