Learn more about the products supported for vulnerability scanning by the Network Vulnerability Scanner service.
Network Vulnerability Scanner can scan network infrastructure devices from the following
supported vendors if the devices are running a supported operating system. When you
need to provide authentication credentials for the scan, such as in a vulnerability scan, the account associated with the credentials must have the listed privileges, roles,
or permissions. For reference, scans of products from supported vendors run the listed
commands to obtain device information.
To enable scanning for a particular product, ensure the Network Vulnerability Scanner
service on your Service Gateway is updated to at least the required version listed.
|
Vendor
|
Operating system
|
Required account permissions
|
Executed commands
|
Required Network Vulnerability Scanner service version
|
||
|
Arista Networks
|
|
Privilege level 15
|
show version show hostname show clock show interfaces bash cat /proc/cpuinfo |
1.1.5 or later
|
||
|
Check Point Software
|
|
Export mode privileged
|
show asset system show version all show hostname show interfaces all cpstat os -f all show uptime show timezone |
1.1.5 or later
|
||
|
Cisco
|
|
Privileged EXEC level or Privilege level 15
|
show version show clock show interface | include address |
1.1.2 or later
|
||
|
show version
show clock
show interfaces | i (.* address is)
show inventory
show running-config
show privilege
show file systems
|
1.0.0 or later
|
||||
|
show version show running-config show clock show ip interface brief show interfaces |
1.1.5 or later
|
||||
|
show version show running-config hostname show clock show memory summary show ipv4 interface brief show inventory show interfaces |
|||||
|
show version show hostname show clock show system resources show ip interface brief vrf all show interface show module |
|||||
|
Dell
|
|
iDRAC-specific user privilege required:
Sign in to iDRAC(0x00000001)
|
racadm getsysinfo getniccfg get iDRAC.Info get System.ServerOS.OSName get iDRAC.Time.Timezone |
1.2.0 or later
|
||
|
Fortinet
|
|
super_admin_readonly
|
get system status
get system performance status
get system interface
get hardware status
get system global | grep timezone
|
1.0.3 or later
|
||
|
Enable super-user profiles, then access with Super Admin or Read-Only Admin privileges
|
get system status get system interface diagnose fmnetwork interface list diagnose dvm device list diagnose sql status diagnose hardware info execute top -n 1 |
1.1.4 or later
|
|||
|
get system status show system interface diagnose netlink interface list show system global get hardware cpu get hardware memory |
|||||
|
get system status get system interface diagnose fmnetwork interface list diagnose dvm adom list diagnose dvm device list diagnose hardware info execute top -n 1 |
|||||
|
HPE Aruba Networking
|
|
Operator privilege level or higher
|
show system show interface show ip interface start-shell cat /proc/cpuinfo free -m sudo dmidecode -t system |
1.2.0 or later
|
||
|
HPE Juniper Networking
|
|
Required permission flags:
|
show version show system uptime show interfaces terse show interfaces show chassis routing-engine show chassis hardware |
1.2.0 or later
|
||
|
Huawei
|
|
User Privilege Level 3 or higher
|
display version display current-configuration display clock display interface display esn |
1.2.0 or later
|
||
|
Palo Alto Networks
|
|
Device administrator (read-only)
|
show system state filter cfg.product show system info show system state filter cfg.sys.time.zone show interface management show interface all show system state filter cfg.platform.memory |
1.1.0 or later
|
||
|
SonicWall
|
|
Read-only admin |
show version show status show administration show time diag show debug interface |
1.2.0 or later
|
