3 Replies Latest reply on Jun 13, 2019 11:25 AM by Andrew Waters

    Query to check credential usage

    James Yant
      Share This:

      We have a rather large and growing list of credentials on our Discovery appliances and are looking to do some cleanup. Is there a way to get a list of credentials that are no longer being used or haven't been used in some time?

        • 1. Re: Query to check credential usage
          Andrew Waters

          This is not easy to do.

           

          Discovery of an endpoint can use multiple credentials, e.g. ssh for logging into a machine and a database credential for access a running database on the machine. While it is simple enough to get the main credential used in discovery it is not possible to manipulate the stored data to build a report.

          • 2. Re: Query to check credential usage
            Cory Garcia

            Andrew,

             

            I am still pretty new to Discovery but I remember an older version having some type of counter on Credential usage.

             

            Is it technically possible to have functionality in Discovery that has a process to do the following:

             

            Each Cred has a "Successful" Usage Counter

            This Counter can be reset by the Administrator

            During Discovery Process when a cred is used successfully the counter increments

            note: no need to track failures

             

            I think this would go a long way in helping Admins manage their credentials

            • 3. Re: Query to check credential usage
              Andrew Waters

              Older versions did but they recorded and defined credentials differently.

               

              For example a credential can now have multiple different access mechanisms where it used to only have one. This means that the credential usage needs to store how the credential is used in addition to the credential id making the store more complicated.

               

              Regardless there is an idea about credential usage but it would need a different implementation because of both the change in credential definitions and handling as well as the fact it was slow on larger deployments.

              2 of 2 people found this helpful