Support
Secret and Encryption Management

Integrating Invicti Enterprise with CyberArk Vault

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

CyberArk Enterprise Password Vault (EPV), as a privileged access management system, helps you centrally manage privileged account identities in a single location.

  • CyberArk EPV prevents unauthorized access to critical systems. It protects privileged account credentials used in on-premises, hybrid, and cloud environments.
  • Further, it rotates privileged account passwords and SSH keys.
  • To provide clear visibility, CyberArk EPV provides audit logs to security and audit teams. So the teams know which individual users accessed which privileged or shared accounts, when, and why.

Invicti Enterprise provides integration with CyberArk Enterprise Password Vault, so you do not need to provide sensitive credentials for vulnerability scanning on password-protected web pages.

For further information, see What Systems Does Invicti Integrate With? and Privileged Access Management and Invicti .

CyberArk Fields

This table lists and explains the fields in the New Vault Integration page.

Field Description
Name This is the name of the configuration that will be shown elsewhere.
URL This is the URL that must show where you set up CyberArk EPV.
Certificate File This is the user’s Certificate File.
Certificate Password This is the user’s Certificate Password.
Agent Mode This is the agent mode that you can select.

There are two options:

  • Cloud: Invicti verifies the connection with a cloud agent available on the Invicti Enterprise’s environment.
  • Internal: Invicti verifies the connection with an authentication verifier agent installed on your environment. For further information, see Configuring internal agents for secrets management services.
Verify and Save This verifies certification and the connection with the service.
How to Integrate Invicti Enterprise with CyberArk EPV
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Integrations > New Integration.
  3. From the Secrets and Encryption Management section, select CyberArk EPV.

Configure CyberArk EPV

  1. In the Name field, enter a friendly name for the integration.
  2. In the URL field, enter an URL that displays the address of CyberArk EPV.
  3. In the Certificate File field, select Certification File to upload the required file.
  4. In the Certificate Password field, enter the password required to configure the integration.
  5. Select Save.

Verifying form authentication with CyberArk EPV

When you successfully integrate CyberArk EPV, you can use this integration to launch a new scan.

This table lists and explains the fields in the CyberArk EPV Settings dialog.

Field Description
Integrations This is the name of the integration that you entered in the New Vault Integration window. Select the integration from the drop-down, if necessary.
Use Static Name Deselect the Use Static Username checkbox only if you plan to change a username routinely.

This is selected by default.

Static Username This holds the username value.
Username Query This holds the username query. Enter a proper query as specified to retrieve the username from CyberArk EPV.
Password Query This holds the password query. Enter a proper query as specified to retrieve the password from CyberArk EPV.
How to use the Vault integration to verify form authentication
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Scans > New Scan.
  3. In the Target URL field, enter the URL.
  4. Complete the remainder of the fields, as described in Invicti Enterprise New Scan Fields and Invicti Enterprise Scan Options Fields.
  5. Then from the Authentication settings, select the Form tab.

Configuring CyberArk in the Form Authentication page

  1. Select Form Authentication.
  2. Select the New Persona drop-down, then CyberArk EPV.
  3. Complete the fields in the dialog.

Configure CyberArk EPV Settings

  1. Select Save.
  2. Select Verify Login & Logout to test the new Persona.

Select Test Value Settings to verify the username and password.