AlienVault® USM Anywhere™

Managing Credentials in USM Anywhere

Role Availability Read-Only Analyst   Manager

When running a scan in USM Anywhere, you have the option to run it with or without authentication, a process used to verify the identity of a user, user device, or other entity, usually through a username and password. A credential is an identification that proves you are who you claim to be, and you are therefore a reliable source.

When running a scan without authentication, USM Anywhere probes the network services available on the target machine. Using known protocol behaviors, it attempts to identify the software that is running as well as its configuration and version. With this information, USM Anywhere then attempts to match the identified software with the known vulnerabilities to produce a report. The benefit of this approach is that the detection can be very specific in identifying known vulnerable behaviors.

When you choose to run a scan with authentication, your credentials allow USM Anywhere to query the running machine to gain detailed and accurate information about the running software and its configuration. This prevents false positivesA condition that is flagged as a vulnerability or weakness that is not actually a concern. This may be caused by other mitigating conditions (such as additional security technology) or inefficient tuning on detection technology. from misidentified services that can sometimes occur in the unauthenticated approach. In addition, an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges. ensures that all services and software are analyzed — regardless of whether the service is running or accessible from the network.

Important: A vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. scan requires credentials to perform an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges. on a host.

Keep in mind these points:

This topic discusses the following subtopics:

Scan Target Platform Support

USM Anywhere supports these platforms: