Use this vault type to retrieve authentication credentials from a BeyondTrust
PowerBroker Password Safe (PBPS).
How to Use Vaults
and we'll walk you thru the steps. Add IP addresses to scan, configure
scanner appliances, configure vaults and authentication records,
set up option profiles and start scanning!
These credentials may be defined for your
BeyondTrust PBPS Vault.
Key Paste in the application key (alpha-numeric string)
for the BeyondTrust PBPS web services API. How
to find the key
HTTP or HTTPS URL to access the BeyondTrust PBPS web services
SSL Verify This
option is available when the URL uses HTTPS. Qualys scanners will
verify the SSL certificate of the web server to make sure the
certificate is valid and trusted, unless you clear (un-check)
the SSL Verify option. You may want to clear this option to skip
SSL verification if the certificate was not issued by a well-known
certification authority (CA) or if the certificate is self-signed.
The user account that can call the BeyondTrust PBPS web
services API. The maximum length is 64 characters. This special
character cannot be included: @
Password / Confirm
Password Specify a user password when required by
the Application API Key configuration in BeyondTrust. The maximum
length is 64 characters. How
to know if a password is required
Certificate / Private
Key The certificate and private key are required
if your server requires a certificate for authentication. Both
must be defined together or skipped. The certificate you enter
must be trusted by the PBPS web server. How
to know if a certificate is required
private key passphrase, if applicable.
Choose the BeyondTrust PBPS vault in your
authentication record and provide these details. Both fields are
Enter the managed system name (also known as asset name).
When not provided, we'll attempt to auto-discover the system name
for you at scan time. The service uses information known about
each host (like the IP address and FQDN) to query your BeyondTrust
PowerBroker Password Safe (PBPS) for the system name. Auto discovery
is the only option available when your record includes multiple
Using Palo Alto Networks Firewall authentication?
You must directly enter the system name in the Palo Alto Networks
Firewall record because auto-discovery of the system name is not
supported for this authentication type. Also, if the vault account
name for which we need to query a password is different from the
username defined in the Palo Alto Networks Firewall record, then
it needs to be directly entered in the Account Name field.
When an account name is not provided, we’ll try the username
entered in the authentication record.
A Manager user has permission to configure
a BeyondTrust PBPS Vault. A Unit Manager can be granted this permission.