Onboarding and Self-Service


Arctic Wolf Unified Portal Telemetry Management

Updated Jan 17, 2024

Configure credentialed scanning

Credentialed scanning uses known credentials for a target host or group of hosts to allow the scanner to run network and vulnerability checks.

During authentication, the scanner enumerates different protocols. For example, server message block (SMB). Some of these protocols can be insecure. When the scanner is connected, it receives a list of installed software. Then, based on the list of software that is installed on the host, the scanner runs and checks all Network Vulnerability Tests (NVTs) that use OpenVAS. Scan results are limited if the scanner cannot log in to the target.

Scanning a Windows target uses NTLMv2 over SMB for authentication.

Tip: This scan also finds vulnerabilities that are not remotely exploitable. For example, an Adobe Acrobat vulnerability.

Notes:

  • If you rotate your credentials, you must reset them on the Arctic Wolf Scanner as well.
  • To minimize security risks, Arctic Wolf recommends that you use these credentials for scanning only. Do not provide more permissions to these credentials or use them with systems other than the Arctic Wolf Scanner.
  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Scanners.

  3. Click Configure for the scanner that you want to view.

    Tip: If needed, use filters to limit your results. See Scanner filters for more information.

  4. Click the Credentialed Scanning tab.

  5. Click Create New Scan Credentials.

  6. Configure these settings:

    • Name — Enter a name for the credential.
    • Description — (Optional) Enter a description for the credential.
    • Add Targets — Enter the IP addresses of the target hosts in a comma-separated list.

      Tip: This field also accepts IP ranges using a hyphen. For example, 10.0.0.1-3.

  7. In the Type field, select the type of credential and fill out the fields that appear:

    • Username/Password — Enter the Username and Password.
    • Username/SSH Key — Enter the Username and SSH Key. You can also optionally enter a Passphrase.
  8. Click Create Credentialed Scanning.