Common tabs
  • 5 minutes to read
  • Dark
    Light
  • PDF

Common tabs

  • Dark
    Light
  • PDF

Article summary

Connection tab

For all types of Discovery

Connection tab
 

Access using credential from vault

FieldDescription
Access CredentialEnter IP, Hostname or Username. Access credential for the search. All credentials registered in senhasegura will be displayed
Configuration password (ex: enable)Setup Password
Force use of sudoIf this option is enabled, the commands will be executed as super user. The access credential completed in the Access credential field must have sudo nopasswd permission

Access using pool of credentials (click +)

FieldDescription
Pool of credentialsCredential pool used to scan
PriorityCredential pool priority. Higher priority credential pools prevail over lower priority credential pools

Searches tab

For all types of Discovery.

In the Searches tab you can search for all credentials that are being used by a service, just select the option Search Windows Service Accounts

Searches tab 

 

Mark the objects to be scanned.

Search objects configuration

FieldDescription
Search for credentialsIf this option is enabled, credentials will be included in the Discovery process.
Search for devices groupsIf this option is active, the devices’ groups will be included in the Discovery process. This option is standardly disabled.
Search for certificatesIf this option is enabled, digital certificates will be included in the Discovery process. The tab Certificates will be visible if this field is marked.
Find DevOps artifactsIf this option is enabled, DevOps artifacts will be included in the Discovery process. The tab DevOps tab will be visible.
Monitor unauthorized access (1 hour intervals)If this option is enabled, unauthorized access to credentials will be monitored and logs can be viewed in Discovery.
Identify accounts in application pools (IIS)If this option is enabled, credentials in application pools (IIS) will be included in Scan & Dicovery.
Search FQDN in Windows devicesIf this option is enabled, the search for devices will identify the its FQDN and consider it in the Discovery process. The FQDN will be the only device identifier if this option is enabled.
Identify Windows accounts associated with a serviceIf this option is enabled, discovery will find and list any nominal credential that is associated with any Windows services.

Search parameters tab

Only for Domain type.


Search parameters tab

 



FieldDescription
Account FormForm type used for accounts to search
DN of the credential filter(Leave blank to use DN Base) Domain name of the credential filter. If left blank, base DN will be used
DN of the device filter(Leave blank to use DN Base) Domain name of the device filter. If left blank, base DN will be used
Account name attributeName attribute of accounts to fetch
Account domainDomain Name of Accounts to Fetch
Account domain (Short Name)Simplified Domain Name (optional)
Use SSL?Indicates whether or not to use SSL certificate when searching. Mark Yes or No
Member is DN?Mark Yes or No
Bind requires DN?Mark Yes or No
DN Bind(Leave blank to use DN Base) Domain name of the user who will search. If left blank, the base DN will be used.

Plugins tab

Only for Devices and Containers types.

Plugins tab

 


Click on the plus icon and fill the plugin field.

INFO
To search for Windows service accounts you will need to select a Windows plugin from the Plugins tab.


Creating a PostgreSQL discovery

When the plugin option is selected, discovery will discover credentials within PostgreSQL type databases.

  1. Select the module Discovery ➔ Settings

  2. Click on the Actions menu and choose the New option

  3. Select the option by type of Device

  4. Select the Searches tab and check the search for credentials checkbox

  5. Click on the Plugins tab and choose the PostgreSQL option

  6. Fill in the other fields and save

In Discovery ➔ Discovery ➔ Credentials, the credentials found by discovery will be listed and can be viewed in this report.

Execution tab

In this tab you can configure the period and interval of execution of this discovery configuration. Configurations that may take longer to execute compared to the configured period, will not be executed concurrently. In other words, executions of the same configuration are not carried out in parallel. Only different configurations are performed in parallel.

Be careful to configure very short intervals for configurations that need to look for large network intervals and evaluate various artifacts.

The shortest configurable interval is one hourly run.

Plugins tab

 


Credential scan execution

FieldDescription
Keep credential scan active after import?*Indicates whether credential scanning will remain active after importing credentials or not
Days allowed for executionChoose All days or select one or more week days for the execution
Periods allowed for executionChoose All periods or select one or more period of time for the execution
Minimum interval between runs (in hours)*Minimum interval, in hours, between scans runs. This criterion takes into account the values entered in the Days allowed for execution and Periods allowed for execution fields.

Import tab

Only for Domain and Device types.


Plugins tab

 


FieldDescription
Enable automatic device and credentials import ?Indicates whether automatic device and credential import is enabled or not
Usernames for importing credentials (click on the plus icon)Usernames of credentials that will be imported automatically (eg. Administrator).

Certificate tab

For all types of Discovery that has in Search tab "Search for certificates" marked.


Certificate tab

 



Certificate's Orgin

  • Apache

  • Nginx

  • Tomcat

  • Search certificates in directories

  • Microsoft®IIS

  • Workstation Microsoft®Windows®

  • IBM Websphere

  • Search certificates without login

  • Issued by Microsoft®CA

  • Palo Alto Networks®

On this tab there is the option *Use credential pools to import certificates with keys (only nix systems).
This option allows certificates with a password and key to be imported into the senhasegura . Select this option and then indicate the pool of credentials for this task.

Configuring Palo Alto Networks®scan

When you select the Palo Alto option, senhasegura will scan the certificates inside Palo Alto Networks®, two fields will be displayed:

  • API Key: Select a user, already registered with senhasegura , that contains the value of the API Key;

  • Import keys?: Indicates that upon finding the certificates the keys will be imported too into the senhasegura .


INFO
Go to the Discovery menu: Discovery ➔ Certificates ➔ Certificates to view the report of certificates found, use the action button to perform a manual import.


CAUTION
In the Plugins tab when selecting the Palo Alto plugin, indicate that the access port is the SSH 22.


DevOps tab

For all types of Discovery that has in Search tab "Find Devops artifacts" marked.


DevOps tab

 


Ansible settings

FieldDescription
Enable Ansible ServiceIndicates if Ansible service is enabled
Search playbooksIndicates whether playbook search is enabled each
Search rolesIndicates whether role search is enabled each
Search hostsIndicates if host lookup is enabled

Jenkins settings

FieldDescription
Enable Jenkins ServiceIndicates if Jenkins searches are enabled on this Discovery
Search jobsIf this option is enabled, Discovery will search for Jenkins jobs.
Search nodesIf this option is enabled, Discovery will search for Jenkins nodes.
Search UsersIf this option is enabled, Discovery will search for Jenkins users.
Jenkins Access TokenToken that will be used to access Jenkins
Access portJenkins access door

Kubernetes settings

FieldDescription
Enable Kubernetes ServiceIndicates whether Kubernetes searches are enabled in this discovery
Search secretsIf this option is enabled, Discovery will search for Kubernetes secrets.
Kubernetes Access CredentialCredential that will be used to access Kubernetes
Access doorDoor for access to Kubernetes


INFO
senhasegura has a Kubernetes plugin that allows us to use credentials registered in the vault to use the service, increasing security when using the system. To get access to the plug-in, contact the senhasegura support team.






Was this article helpful?