The only option seems to be only cyberark. I’m wondering how many others have other privilege management systems that they would like to connect to and use so there’s not a service account waiting to be exploited with access to the entire company.
13 Likes
Delinea Secret Server would be great to get as credential management!
4 Likes
I agree, Rapid7 should think on the FR/IDEA.
1 Like
Agreed! Rapid7 - let’s get this rolled out!
1 Like
I agree too! Would love to have Delinea Secret Server for credential management.
1 Like
i feel any password vault, regardless of which brand, should be protected with some sort of MFA, to dramatically reduce wrongful, unauthorized access.
1 Like
A while back, I tried to implement a dependency changer for Delinea using powershell to rotate the stored credentials. I couldn’t get it to work the way I wanted. If someone wants to expand/fix my mistake (can’t remember what it was anymore), have at it.
#### Set stuff here ####
# Server hostname
$r7ivmserver = "x.x.x.x"
# Credential ID number
$id = 5
# Credential name
$name = "dummytest"
# Site assignment (either all-sites or specific-sites)
$siteAssignment = "all-sites"
# Service typ. can be "as400", "cifs", "cifshash", "cvs", "db2", "ftp", "http", "ms-sql", "mysql", "notes", "oracle", "pop", "postgresql", "remote-exec", "snmp", "snmpv3", "ssh", "ssh-key", "sybase" or "telnet"
$service = "cifs"
# Rapid7 API credential
$cu = "vault"
$cp = "xyz" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -AgumentList $cu, $cp
#### End of settings ####
$Url = "https://" + $r7ivmserver + ":3780//api/3/shared_credentials/" + $id
$body = @{"siteAssignment"=$siteAssignment; "name"=$name; "account"=@{"service"=$service; "password"="$PASSWORD"}} | ConvertTo-Json
$data = Invoke-RestMethod -uri $Url -Authentication Basic -Credential $cred -Method PUT -Body $body -ContentType "application/json"
Would love to have this
1 Like