Privilege level for ArubaOS

What authentication record do I use for ArubaOS targets?

You can use a Unix authentication record or Network SSH authentication record. The Network SSH record should be used for network devices. In either record, choose Target Type "ArubaOS (Policy Compliance)" on the Login Credentials tab. 

What privileges are needed for authenticated scans for ArubaOS?

To perform authenticated scans on ArubaOS, the account used for scanning needs to have a "read-only" role. This role permits access to CLI show commands or WebUI monitoring pages only. 

Commands required for scanning

show snmp trap-hosts
show web-server profile
show firewall
show running-config 

Create a scan user account on the system to scan 

Create a scan user account and assign the read-only role to the user.

Use the following command:

mgmt-user <username> <role> <password>

For example: 

mgmt-user qualys_scan read-only my-password