Rotating Service account password - authenticated scans


I am wondering what capabilities if any I can leverage with the insightvm api to rotate a password in a privilege management solution my organization uses? I see that an integration exists for Cyberark, but Not for Thycotic.

Any advice or insight would be appreciated.

Thycotic has an API that you could call using the HTTP Requests Plugin to rotate the password.

POST /secrets/{id}/change-password

If you use Integrated Auth for your API calls it might be easier to use a PowerShell Plugin but make sure you use CredSSP

1 Like

@jake_sturk If you are able to filter and pull accounts/credentials from Thycotic with the Thycotic API, it is possible to use the InsightVM Console API to create and update credentials:

What we have seen before is a script that pulls credentials based on filters (secret name, ip address, etc) and then populate the username, password, domain, etc when creating the credentials. The Shared Credential endpoints allow you to define those credentials as global (used in all sites) or assign specific sites.

A very simple payload to create a Windows credential to be used for all sites is below as example:

  "account": {
    "service": "cifs",
    "username": "username",
    "password": "password"
  "description": "Credential checked out from Thycotic and used for scanning Windows devices",
  "name": "credential-name-here",
  "siteAssignment": "all-sites"

Hope this helps!

1 Like