Managed Risk


Risk Dashboard

Updated Jan 25, 2024

Credentialed Scanning section

On the Scanner Config page, the Credentialed Scanning section displays the Credentialed Scanning table.

Credentialed scanning uses known credentials for a target host or group of hosts to allow the scanner to run network and vulnerability checks.

During authentication, the scanner enumerates different protocols. For example, server message block (SMB). Some of these protocols can be insecure. When the scanner is connected, it receives a list of installed software. Then, based on the list of software that is installed on the host, the scanner runs and checks all Network Vulnerability Tests (NVTs) that use OpenVAS. Scan results are limited if the scanner cannot log in to the target.

Scanning a Windows target uses NTLMv2 over SMB for authentication.

Tip: This scan also finds vulnerabilities that are not remotely exploitable. For example, an Adobe Acrobat vulnerability.

Notes:

  • If you rotate your credentials, you must reset them on the Arctic Wolf Scanner as well.
  • To minimize security risks, Arctic Wolf recommends that you use these credentials for scanning only. Do not provide more permissions to these credentials or use them with systems other than the Arctic Wolf Scanner.

To change how the information displays in the Credentialed Scanning table, do any of these actions:

The Credentialed Scanning table has these columns:

Column Description
Name The name of the credential that you configured.
Type The type of credential. Values include:
  • Username/Password — You will provide the username and password of the target host(s). Windows requires the username in the format domain\username
  • Username/SSH Key — You will provide the username and SSH key of the target host(s). Using SSH key is only supported for Linux targets.
  • Hosts The hosts that apply to this credentialed scan.
    Description A description of the scan. For example, SSH key pair to host A.
    Modify Use this column to modify your credentialed scan:
  • Click Edit to edit the credentialed scan.
  • Click Delete to delete the credentialed scan.