Authentication

Give the authentication record a title

Enter a title for easy identification.

Select a network for the authentication record

The network you select gets associated with the authentication record.

Give us the username for the authentication record

Tell us the user account to be used for authentication on the target hosts. Include 1-31 characters.

Tell us the your password preferences

Want to use a vault to fetch the password? Tell us if the password should be fetched from the vault (Yes) or not (No). Select YES and tell us the vault type and the vault title.

Skip Password - Select this option if your login account does not have a password.

Clear Text Password - Select this option if your password should be transmitted in clear text when connecting to services which do not support strong password encryption.

Tell us the private-key certificates

When a private-key certificate is specified, the service authenticates the target hosts using the specified credentials.

--You can add one or multiple private keys (RSA, DSA, ECDSA, ED25519) and certificates (X.509 and OpenSSH).

--If you add multiple private-key certificates, you can easily drag and drop the items to change the sequence of the private-key certificates.

--You can opt to get password from vault, add vault user passphrase, and get passphrase from vault.

Tell us the root delegation tools to be used

When a root delegation tool is specified, the service authenticates the target hosts using a lower privileged account and performs scan tests using the elevated privileges of the superuser (root).

--You can add one or multiple root delegation tools (Sudo, Pismu, PowerBroker).

--You can opt to get password from vault, add vault user passphrase, and get passphrase from vault.

--If you add multiple root delegation tools, you can easily drag and drop the items to change the sequence of the root delegation tools.

Define the policy compliance ports

Tell us the ports to be used to authenticate the target hosts and the service automatically performs compliance scanning using the specified port.

Select Well Knows Ports option if you want us to scan the standard or default ports (22 (SSH), 23 (telnet) and 513 (rlogin)) on the target hosts during authentication.

If services (SSH, telnet, rlogin) are not running on well-known ports for the hosts you will be scanning, then you must define a custom ports list.

Host ID Path

Tell us the path where the unique host ID, assigned by Qualys, should be stored on the host (provided you enable agentless tracking).

What hosts to scan

Add IP addresses to your Unix record. These are the target hosts our service will authenticate to at scan time. You can select a combination of asset groups and IPs/ranges. When you enter asset groups, we'll add all the IPs in the asset groups.

Add Comments

Your comments are saved in the authentication record.