Set Up SNMP Record
Create records to allow the service to authenticate to hosts that support the SNMP protocol (SNMPv1, SNMPv2c and SNMPv3).
Which technologies are supported?
For the most current list of supported authentication technologies and the versions that have been certified for VM and PA by record type, refer to the following article:
Authentication Technologies Matrix
|
Help me with record settings |
|
How do I get started?How do I get started? - Go to Scans > Authentication. - Create a SNMP record for the host. Go to New > Network and Security > SNMP. |
|
What credentials are used for SNMPv1 and v2c?What credentials are used for SNMPv1 and v2c? SNMP community strings are used. The service will attempt to authenticate using several common default community strings, such as public, private, system, test, admin, access, and many more. Thus, you are not required to include any community strings in the record. If you do provide community strings in the record (up to 10), they will be used for authentication before the default community strings. For help on configuring SNMP community strings on various devices, please refer to your vendor's documentation. |
|
What credentials are used for SNMPv3?What credentials are used for SNMPv3? First determine if authentication is required for communicating with the SNMPv3 service. SNMP Authentication. Select this check box and provide SNMP authentication credentials (user name, password and algorithm). If not specified, the scanning engine will assume that authentication is not required. This corresponds to the SNMP security level "noAuthNoPriv" (without authentication and without privacy). The selected algorithm is used to safely prove to the SNMP server knowledge of the password without sending the password. SNMP Encryption. Select this check box and provide SNMP encryption credentials (user name, password and algorithm) if privacy (data encryption) is to be used for SNMP communication. If not specified, the scanning engine will assume that privacy is not to be used for SNMP communication. This corresponds to SNMP security levels *NoPriv (without privacy). The selected algorithm is used to encrypt and decrypt SNMP messages. Security Engine ID. If a security engine ID is part of the target host configuration, then it must be provided in the authentication record. If the security engine ID is not provided (and is required by the target host for all SNMP requests), then the SNMP service may not be detected on the target host and authentication will fail. Context Engine ID/Context. If an SNMP context is configured on the target host, then you must provide the context engine ID used in scoped PDUs and/or context name in order for the scanning engine to retrieve context-sensitive information from the target host. |
|
Which IPs should I add to my record?Which IPs should I add to my record? Select the target hosts (IPs) to authenticate to. Each IP may be included in one SNMP record. |
|
Important Notes for Unit ManagersImportant Notes for Unit Managers When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager. |
| Do you have Tag Support enabled?Do you have Tag Support enabled?
If your subscription has Tag Support for Authentication Records enabled, then you'll see additional options for specifying hosts using asset tags. Choose an asset type and then provide IPs or tags to the record. Your asset type options are: IPs/Ranges, IP Range in Tag Rule and Asset Tags. For domain level authentication, you can only add assets when the domain type is NetBIOS, User-Selected IPs. The Assets section is disabled when the domain type is NetBIOS, Service-Selected IPs, or Active Directory. Asset Type: IPs/Ranges Asset Type: IP Range in Tag Rule Asset Type: Asset Tags |