Privilege level for ArubaOS
What authentication record do I use for ArubaOS targets?
You can use a Unix authentication record or Network SSH authentication record. The Network SSH record should be used for network devices. In either record, choose Target Type "ArubaOS (Policy Audit / Policy Compliance)" on the Login Credentials tab.
What privileges are needed for authenticated scans for ArubaOS?
To perform authenticated scans on ArubaOS, the account used for scanning needs to have a "read-only" role. This role permits access to CLI show commands or WebUI monitoring pages only.
Commands required for scanning
show snmp trap-hosts
show web-server profile
show firewall
show running-config
Create a scan user account on the system to scan
Create a scan user account and assign the read-only role to the user.
Use the following command:
mgmt-user <username> <role> <password>
For example:
mgmt-user qualys_scan read-only my-password