Privilege level for ArubaOS

What authentication record do I use for ArubaOS targets?

You can use a Unix authentication record or Network SSH authentication record. The Network SSH record should be used for network devices. In either record, choose Target Type "ArubaOS (Policy Audit / Policy Compliance)" on the Login Credentials tab. 

What privileges are needed for authenticated scans for ArubaOS?

To perform authenticated scans on ArubaOS, the account used for scanning needs to have a "read-only" role. This role permits access to CLI show commands or WebUI monitoring pages only. 

Commands required for scanning

show snmp trap-hosts
show web-server profile
show firewall
show running-config 

Create a scan user account on the system to scan 

Create a scan user account and assign the read-only role to the user.

Use the following command:

mgmt-user <username> <role> <password>

For example: 

mgmt-user qualys_scan read-only my-password