Managing Audit Credentials
You can specify audit credentials for the Direct Network Scan at the source level or the node level. Audit credentials that are defined at the node level take precedence over audit credentials defined at the source level.
-
Audit Credentials for Audit Sources
When you audit a Direct Network Scan Audit Source or the Site that includes this Audit Source, Alloy Discovery uses the credentials defined for that source. You specify source credentials on the General tab of the source's window.
-
Audit Credentials for Network Nodes
An individual set of credentials for a Network Node are used when auditing that Node and take a higher priority over Audit Source credentials. You specify node credentials in the Node Properties [Node Name] window.
There are different types of audit credentials, depending on what you want to audit:
-
Windows - used to audit Windows computers. These credentials must correspond to a user account that is a member of the local Administrators group on each Windows client machine, either directly or through the membership in a Windows domain group.
IMPORTANT: We recommend that you use a domain administrator's account. You can also specify a local account as long as this account exists on every computer you want audited.
-
Linux and Mac - used to audit Linux and macOS computers. You must assign the credentials that allow logging on to these computers.
We recommend that you provide credentials for an account with root rights, i.e. the root account or the account that can run the
dmidecode
command with elevated (root) privileges. Otherwise, Alloy Discovery will not be able to collect SMBIOS hardware informational on Linux computers. Collecting the list of services (daemons) on macOS computers also requires root rights. If you need this information, you should also use the root account or configure thelaunchctl
command to run with elevated (root) privileges under a non-root account.NOTE: Alloy Discovery establishes connection to the audited Linux and macOS computers using the Secure Shell protocol (SSH) over a standard TCP port 22. Therefore, it is required that the SSH server is running on each client computer and listening on the dedicated TCP port. If the SSH server on your client computers listens on a non-standard TCP port, specify another port number when providing audit credentials for the Audit Source. For details, see Configuring Direct Network Scan Audit Sources) or for specific computers, For details, see Viewing and Changing Network Node Properties.
-
ESXi/vSphere/Citrix - used to audit ESXi/vSphere and Citrix hypervisors.
We recommend that you use an account with administrative privileges. For Citrix hypervisors, audit credentials must allow logging to the computers using the SSH protocol.
NOTE: To access VMware ESXi/vSphere and Citrix hypervisors Alloy Discovery uses credentials as follows. If the ESXi/vSphere/Citrix audit credentials are specified, Alloy Discovery uses these credentials. Otherwise, it applies the credentials specified for Linux and Mac machines. For details, see Managing Audit Credentials.
-
Google - used to detect and identify Google Chromebooks.
-
SNMP - used to detect and identify network devices by accessing the data via SNMP.
NOTE:Alloy Discoverysupports SNMPv1, SNMPv2c, and SNMPv3 versions.
You can view the full list of defined audit credentials and manage them in the Audit Credentials section of the Audit Settings window. To access this window, select Audit > Audit Settings.
In addition, you can view the audit credentials in the Select Audit Credentials window that opens when you click the ellipsis button in a field where you select credentials. Depending on the field, this window can contain credentials of one or several types (Windows, Linux and Mac, Google, and SNMP).
Audit Credentials
You view and manage all defined audit credentials in the Audit Credentials section of the Audit Settings window. To access this section, select Audit > Audit Settings from the main menu and click Audit Credentials in the left navigation bar of the Audit Settings window.
To define new credentials:
-
Click New, and select the credentials type from the drop-down list.
-
In the Audit Credentials [Credentials Name] window, specify the credentials details.
To edit credentials:
-
Select the credentials from the list and click Edit.
-
In the Audit Credentials [Credentials Name] window, change data as needed.
To delete credentials:
-
Select the credentials from the list and click the Delete icon .
NOTE: You can delete credentials only when they are not assigned to any Audit Source or a Network Node.