CyberArk AIM Vault

Click here and we'll walk you thru the steps. Add IP addresses to scan, configure scanner appliances, configure vaults and authentication records, set up option profiles and start scanning!

These credentials may be defined for your CyberArk AIM vault.

Application ID  The application ID name for the CyberArk Central Credential Provider (CCP) web services API. The maximum length is 128 bytes and the first 28 characters must be unique. Learn moreLearn more

Safe  The name of the digital password safe. Maximum of 28 characters. Learn moreLearn more

URL  The URL to the CyberArk AIM web service. Choose SSL Verify and we'll verify the server's SSL certificate is valid and trusted. The SSL Verify option is available when the URL uses HTTPS. Sample URL: https://<host.domain>/AIMWebService/v1.1/AIM.asmx

SSL Verify  Qualys scanners will verify the SSL certificate of the web server to make sure the certificate is valid and trusted, unless you clear (un-check) the SSL Verify option. You may want to clear this option to skip SSL verification if the certificate was not issued by a well-known certification authority (CA) or if the certificate is self-signed.

Certificate / Private Key  The certificate and private key are required if your server requires a certificate for authentication. Both must be defined together or skipped. Learn moreLearn more

Passphrase  The private key passphrase.

Choose the CyberArk AIM vault in your authentication record and provide these details.

Folder  The name of the folder in the secure digital safe where the password to be used for authentication is stored. The folder name can contain a maximum of 169 characters. Entering a trailing /, as in folder/, is optional (when specified, the service removes the trailing / and does not save it in the folder name). The maximum length of a folder name with a file name is 170 characters (the leading and/or trailing space in the input value will be removed). These special characters cannot be included in a folder name: / : * ? " < > | <tab>

For example, let's say there's a Safe with the name "Windows" that stores passwords for accessing Windows systems. In this Safe, sub-folders are created for Windows 2012 and Windows 2008. Any password file stored in the "Windows 2012" folder will have a folder name of "Root\Windows 2012". If password files are stored under Root folder, then the folder name is "Root".

You can use one or more variables in order to match several targets that use the same naming convention.

${ip} // The IP address of the target, i.e. 10.20.30.40.

${ip_dash} // The IP address of the target with dashes instead of dots, i.e. 10-20-30-40.

${dnshost} // The DNS host name of the target, i.e. host.domain.

${host} // The hostname of the target, i.e. host before .domain.

${nbhost} // (Windows only) The NetBIOS host name of the target in upper-case, i.e. HOST_ABC.

File  The name of the file in the secure digital safe where the password to be used for authentication is stored. The file name can contain a maximum of 165 characters. The maximum length of a folder name plus a file name is 170 characters (the leading and/or trailing space in the input value will be removed). These special characters cannot be included in a file name: \ / : * ? " < > | <tab>

For example, let's say you've created a file called "windows-2012-10.20.30.40" and this file is the Windows 2012 folder. The folder name value is "Root\Windows 2012" and the file name value is "windows-2012-10.20.30.40".

You can use one or more variables in order to match several targets that use the same naming convention.

${ip} // The IP address of the target, i.e. 10.20.30.40.

${ip_dash} // The IP address of the target with dashes instead of dots, i.e. 10-20-30-40.

${dnshost} // The DNS host name of the target, i.e. host.domain.

${host} // The hostname of the target, i.e. host before .domain.

${nbhost} // (Windows only) The NetBIOS host name of the target in upper-case, i.e. HOST_ABC.

Use RSA keys stored in CyberArk AIM vault to scan Unix hosts

A Manager user has permission to configure a CyberArk AIM vault for a CyberArk CCP solution with a pointer to the correct location (safe) where passwords are stored. A Unit Manager can be granted this permission.