Configure credentialed scanning for VMware ESXi systems

You can provide credentials to a Managed Risk Scanner to allow the scanner to scan your environment with elevated permissions.

Note: To configure credentialed scanning in the Arctic Wolf Unified Portal, see Configure credentialed scanning for VMware ESXi systems in the Unified Portal.

On ESXi, credentialed scans use SSH on port 22 to authenticate with a username and password.

Note:
  • If you rotate your credentials, you must reset them on the scanner as well.
  • To minimize security risks, Arctic Wolf recommends that you use these credentials for scanning only. Do not provide more permissions to these credentials or use them with systems other than the scanner.

These resources are required:

  • A valid username, which can contain these characters:
    • Any alphanumeric character
    • -
    • _
    • @
    • .
    • \

These actions are required:

  • Make sure that the scanner can sign into scan targets without access policy restrictions on targets.
  1. Sign in to the Risk Dashboard.
  2. In the navigation menu, click Scanner Config.
  3. Do one of these actions:
    • If you are adding new scan credentials — In the Credentialed Scanning section, click Add new scan credentials.
    • If you are updated existing scan credentials — In the Credentialed Scanning section, next to the scan credentials you want to updated, click Edit.
    The Configure Credentials for Target Hosts dialog appears.
  4. Configure these settings:
    • Name — Enter a name for the credential.
      Note: This name cannot be the same as another credential.
    • Description — (Optional) Enter a description for the credential.
    • Hosts — Enter the IP addresses of the target hosts in a comma-separated list.
      Tip: This field also accepts IP ranges using a hyphen. For example, 10.0.0.1-3.
      Note: These IP addresses cannot overlap with the targets of another scan credential.
  5. In the Type list, select Username/Password and enter the Username and Password.
  6. Click Okay.