To run an authenticated scanAuthenticated scans are performed from inside the machine using a user account with appropriate privileges. or run an AlienApp for Forensics and Response actionIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. for the assets in your USM Anywhere environment, you must perform a series of preparatory tasks on your host systems, specific to the operating system.
For each asset with the required configuration, you must also assign a credential set in USM Anywhere that is used for authentication on the host system. For information about these credentials, see
Make sure that the host system meets these requirements.
- Network connectivity between the USM Anywhere instance and port 5985
- The Windows host must accept remote connects for the Windows RM service over a private or domain network
Important: For each machine where you want to run authenticated scans, you must start the Windows RM service using the administrative user account that you configure in USM Anywhere for the asset.
For a Windows server that is hardened according to CIS benchmarks, such as the CIS AMI for Microsoft Windows Server 2016 available in the AWS Marketplace, there are local group policies that block these connectivity requirements. For these servers, you must open the port and re-enable WinRM and remote access on each boot of the server.
To start the Windows RM service
Open a Windows command prompt and run the command winrm qc.
Accept the default settings.
The command starts the Windows RM service and configures a listener for the port 5985.
For more information about WinRM, you can refer to these articles:
- OpenSSH server must be installed on your Linux host.
- Network connectivity between the USM Anywhere Sensor and the SSH port on the Linux host.
Installing the OpenSSH Server
Refer to the vendor documentation for your Linux distribution for instructions on how to install and configure OpenSSH Server.
- Fedora — https://docs.fedoraproject.org/en-US/Fedora/25/html/System_Administrators_Guide/ch-OpenSSH.html
Debian — https://wiki.debian.org/SSH
- FreeBSD — https://www.freebsd.org/doc/handbook/openssh.html