BeyondTrust PBPS Vault

Click here and we'll walk you thru the steps. Add IP addresses to scan, configure scanner appliances, configure vaults and authentication records, set up option profiles and start scanning!

These credentials may be defined for your BeyondTrust PBPS Vault.

Application API Key  Paste in the application key (alpha-numeric string) for the BeyondTrust PBPS web services API. How to find the key

URL  The HTTP or HTTPS URL to access the BeyondTrust PBPS web services API.

SSL Verify  This option is available when the URL uses HTTPS. Qualys scanners will verify the SSL certificate of the web server to make sure the certificate is valid and trusted, unless you clear (un-check) the SSL Verify option. You may want to clear this option to skip SSL verification if the certificate was not issued by a well-known certification authority (CA) or if the certificate is self-signed.

User Name  The user account that can call the BeyondTrust PBPS web services API. The maximum length is 64 characters. This special character cannot be included: @

Password / Confirm Password  Specify a user password when required by the Application API Key configuration in BeyondTrust. The maximum length is 64 characters. How to know if a password is required

Certificate / Private Key  The certificate and private key are required if your server requires a certificate for authentication. Both must be defined together or skipped. The certificate you enter must be trusted by the PBPS web server. How to know if a certificate is required

Passphrase  The private key passphrase, if applicable.

Choose the BeyondTrust PBPS vault in your authentication record and provide these details. Both fields are optional.

System Name  Enter the managed system name (also known as asset name). When not provided, we'll attempt to auto-discover the system name for you at scan time. The service uses information known about each host (like the IP address and FQDN) to query your BeyondTrust PowerBroker Password Safe (PBPS) for the system name. Auto discovery is the only option available when your record includes multiple IPs.

Using Palo Alto Networks Firewall authentication? You must directly enter the system name in the Palo Alto Networks Firewall record because auto-discovery of the system name is not supported for this authentication type. Also, if the vault account name for which we need to query a password is different from the username defined in the Palo Alto Networks Firewall record, then it needs to be directly entered in the Account Name field.

Account Name  When an account name is not provided, we’ll try the username entered in the authentication record.  

A Manager user has permission to configure a BeyondTrust PBPS Vault. A Unit Manager can be granted this permission.