Support
Scan Agents

Configuring internal agents for secrets management services

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

You can use internal agents in Invicti to communicate with secrets and encryption management services, such as CyberArk.

  • These secrets and encryption management services help you centrally manage privileged account identities in a single location.
  • They prevent unauthorized access to critical systems and protect credentials used in on-premises, hybrid, and cloud environments.
  • Further, they can rotate these passwords and SSH keys.

Using such services provide extra security when you scan password-protected web pages with Invicti. When you integrate Invicti with these secrets management services, you are no longer required to enter sensitive information, such as passwords.

You can integrate Invicti Enterprise with these services on the cloud and on-premises.

This topic explains how to authenticate a form using on-premises secrets and encryption services, such as CyberArk, together with an internal authentication verifier agent and how to scan your internal website.

Prerequisites

It is highly recommended that the secrets and encryption management service, the scan agent, and the authentication verifier agent have network connectivity among themselves

How to authenticate form using authentication verifier agent with CyberArk
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Scans > New Scan.
  3. In the Target URL field, enter the URL.
  4. Then from the Authentication settings, select the Form tab.
  5. Select Form Authentication.
  6. Enter a login form URL.
  7. From the New Persona drop-down, select a secret and encryption management service. (This example uses CyberArk EPV.)

  1. Complete the fields in the dialog.

Select Test Value Settings to verify the username and password.

  1. Select Save.
  2. Select Verify Login & Logout to test the new Persona.

If there is more than one authentication verifier agent installed in your machine, Invicti shows a drop-down to select the verifier agent you want to use.

If the Verify Login & Logout button is green, this means the Invicti Enterprise Authentication Verifier Agent authenticated the login form successfully.

How to scan internal website with an agent
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Scans > New Scan.
  3. From the Target URL field, select your Internal Website (if the field is not already populated).
  4. Complete the remainder of the fields, as described in Invicti Enterprise New Scan Fields and Invicti Enterprise Scan Options Fields.
  5. From the Scan Settings, do the following:
    1. Select General.
    2. From the Prefered Agent drop-down, select the scan agent that can communicate with the secrets and encryption management service.
  1. Select Launch. (For simplicity, optimization and other settings are ignored in this procedure.)