The only option seems to be only cyberark. I’m wondering how many others have other privilege management systems that they would like to connect to and use so there’s not a service account waiting to be exploited with access to the entire company.
14 Likes
Delinea Secret Server would be great to get as credential management!
5 Likes
I agree, Rapid7 should think on the FR/IDEA.
2 Likes
Agreed! Rapid7 - let’s get this rolled out!
1 Like
I agree too! Would love to have Delinea Secret Server for credential management.
2 Likes
i feel any password vault, regardless of which brand, should be protected with some sort of MFA, to dramatically reduce wrongful, unauthorized access.
1 Like
A while back, I tried to implement a dependency changer for Delinea using powershell to rotate the stored credentials. I couldn’t get it to work the way I wanted. If someone wants to expand/fix my mistake (can’t remember what it was anymore), have at it.
#### Set stuff here ####
# Server hostname
$r7ivmserver = "x.x.x.x"
# Credential ID number
$id = 5
# Credential name
$name = "dummytest"
# Site assignment (either all-sites or specific-sites)
$siteAssignment = "all-sites"
# Service typ. can be "as400", "cifs", "cifshash", "cvs", "db2", "ftp", "http", "ms-sql", "mysql", "notes", "oracle", "pop", "postgresql", "remote-exec", "snmp", "snmpv3", "ssh", "ssh-key", "sybase" or "telnet"
$service = "cifs"
# Rapid7 API credential
$cu = "vault"
$cp = "xyz" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -AgumentList $cu, $cp
#### End of settings ####
$Url = "https://" + $r7ivmserver + ":3780//api/3/shared_credentials/" + $id
$body = @{"siteAssignment"=$siteAssignment; "name"=$name; "account"=@{"service"=$service; "password"="$PASSWORD"}} | ConvertTo-Json
$data = Invoke-RestMethod -uri $Url -Authentication Basic -Credential $cred -Method PUT -Body $body -ContentType "application/json"
Would love to have this
1 Like
There is an integration for Rapid7 insightvm in delinea that updates R7 shared creds. Has anyone managed to get the integration to work? If you could share the instructions as what is provided on the delinea site seems inaccurate.