Learn more about the products supported for vulnerability scanning by the Network Vulnerability Scanner service.
Network Vulnerability Scanner can scan network infrastructure devices from the following
supported vendors if the devices are running a supported operating system. When you
need to provide authentication credentials for the scan, such as in a vulnerability scan, the account associated with the credentials must have the listed privileges, roles,
or permissions. For reference, scans of products from supported vendors run the listed
commands to obtain device information.
To enable scanning for a particular product, ensure the Network Vulnerability Scanner
service on your Service Gateway is updated to at least the required version listed.
|
Vendor
|
Operating system
|
Required account permissions
|
Executed commands
|
Required Network Vulnerability Scanner service version
|
|
Cisco
|
|
Privileged EXEC level or Privilege level 15
|
show version show clock show interface | include address |
1.1.2 or later
|
|
Privileged EXEC level or Privilege level 15
|
show version
show clock
show interfaces | i (.* address is)
show inventory
show running-config
show privilege
show file systems
|
1.0.0 or later
|
|
|
Fortinet
|
|
super_admin_readonly
|
get system status
get system performance status
get system interface
get hardware status
get system global | grep timezone
|
1.0.3 or later
|
|
Palo Alto Networks
|
|
Device administrator (read-only)
|
show system state filter cfg.product, show system info, show system state filter cfg.sys.time.zone, show interface management, show interface all, show system state filter cfg.platform.memory |
1.1.0 or later
|