AnsweredAssumed Answered

Scanning a Cyber-Ark host

Question asked by Anon Ymous on May 28, 2015
Latest reply on May 29, 2015 by mcalvi

The documentation about Qualys or Cyber-Ark (CyberArk) that I have found so far discusses how to use C-A for auth records.  What I wanna know is how to scan the thing.  It appears to rename the standard Windows firewall to I think it "Cyber-Ark Hardened Windows Firewall".  Port scans come back with only ICMP replies, no open ports, interesting.

 

C-A seems baffled that I would just not trust their host altogether, which is funny.  I do have a local Windows admin acct that is proven good.  The sysadmin guys say they have allowed by Qualys IP address full IP (65535 TCP & UDP, plus ICMP) access to the thing, and port scans then come back with only TCP 135 open.  I think 135 should be enough for Qualys to remotely log in to it, but am unsure.

 

Either way, my q: really is has anyone been able to do an authenticated scan of a Cyber-Ark host, and if so, how?  Any suggestions?

 

This, for now, is on a local test network, no network firewall or IPS between Qualys appliance and C-A host, just straight Ethernet switching.  The C-A web site is my next stop.

Outcomes