Import Credentials from external tools for Discovery

Asset discovery requires many types of credentials (SNMP, Domain, SSH etc.) to run discovery across domains and isolated networks to collect details on the discovered assets. Using a custom PowerShell script or command line program, you can retrieve these credentials from an external password or credential management tool in compliance with best security practices.

To discover and collect information about a device, various commands are sent. Some commands require certain user privileges and permissions.. The required credential depends on the type of device commands, in general in the form of passwords. For CG/ADE scanning of devices, there are four types of credentials required.

• Windows authentication – username & password for logging into the domain for sending Windows command (e.g. WMI commands)

• SSH/Telnet – Unix username, password, and admin password for sending SSH or Telnet commands.

• SNMP v1 & v2 – community string for sending simple SNMP commands

• SNMP v3 – username, authentication type/key, and encryption protocol/string for more complex commands

The credentials are persisted in a credential cache or the windows registry and the discovery profile has information on which credentials to be used during discovery. . Once a profile is set up, repeated (automated) scanning can be performed by referencing the appropriate profile.

Commands for importing credentials to the credential store

Creation of the credentials can be created via the Asset Discovery Tool user interface or running the ADE command-line utility with appropriate parameters. The command format is as follows.

DiscoveryWizard.exe -name “description of entry” -type “xxxx” - credentials “{….}”

Type is "domain", "ssh", or "snmp" (case insensitive).