Risk DashboardUpdated Jan 25, 2024
On the Scanner Config page, the Credentialed Scanning section displays the Credentialed Scanning table.
Credentialed scanning uses known credentials for a target host or group of hosts to allow the scanner to run network and vulnerability checks.
During authentication, the scanner enumerates different protocols. For example, server message block (SMB). Some of these protocols can be insecure. When the scanner is connected, it receives a list of installed software. Then, based on the list of software that is installed on the host, the scanner runs and checks all Network Vulnerability Tests (NVTs) that use OpenVAS. Scan results are limited if the scanner cannot log in to the target.
Scanning a Windows target uses NTLMv2 over SMB for authentication.
Tip: This scan also finds vulnerabilities that are not remotely exploitable. For example, an Adobe Acrobat vulnerability.
- If you rotate your credentials, you must reset them on the Arctic Wolf Scanner as well.
- To minimize security risks, Arctic Wolf recommends that you use these credentials for scanning only. Do not provide more permissions to these credentials or use them with systems other than the Arctic Wolf Scanner.
To change how the information displays in the Credentialed Scanning table, do any of these actions:
- To set the number of rows that appear on a page, in the Show
<x>Entries list, select a value.
- To sort data by a specific column, click the column heading.
- To view specific information, in the Search bar, enter keywords.
The Credentialed Scanning table has these columns:
|The name of the credential that you configured.
|The type of credential. Values include:
|The hosts that apply to this credentialed scan.
|A description of the scan. For example,
SSH key pair to host A.
|Use this column to modify your credentialed scan: