Configure credentialed scanning
You can configure a Managed Risk Scanner to run credentialed scans, also called authenticated scans, on Windows, Linux, or VMware ESXi systems. This configuration enables the scanner to scan for vulnerabilities that cannot be discovered without authenticating to the target system.
Note: Credentialed scans also finds vulnerabilities that are not remotely exploitable, such as an Adobe Acrobat vulnerability.
During a credentialed scan, the scanner uses a valid user account to sign in to a target system to run local security checks, in addition to scanning the target system through the internal network. Local security checks include verifying security patch levels and updates to installed software or packages. Credentials are used to authenticate to different services on the target system. If OpenVAS can sign in to the target system, the scanner performs network vulnerability tests (NVTs), which are minimally invasive.
To configure credentialed scans, see:
- Configure credentialed scanning for VMware ESXi systems
- Configure credentialed scanning for Linux systems
- Configure credentialed scanning for Windows systems
Note: To configure credentialed scanning in the Risk Dashboard, see Configure credentialed scanning in the Risk Dashboard.