Privilege level for ArubaOS
What authentication record do I use for ArubaOS targets?
You can use a Unix authentication record or Network SSH authentication record. The Network SSH record should be used for network devices. In either record, choose Target Type "ArubaOS (Policy Compliance)" on the Login Credentials tab.
What privileges are needed for authenticated scans for ArubaOS?
To perform authenticated scans on ArubaOS, the account used for scanning needs to have a "read-only" role. This role permits access to CLI show commands or WebUI monitoring pages only.
Commands required for scanning
show snmp trap-hosts
show web-server profile
show firewall
show running-config
Create a scan user account on the system to scan
Create a scan user account and assign the read-only role to the user.
Use the following command:
mgmt-user <username> <role> <password>
For example:
mgmt-user qualys_scan read-only my-password