Enforce credential alias usage [New in Security Center 1.3 and updated in 1.5]

Washington DC Platform security

Release

washingtondc

ft:locale

en-US

ft:publication_title

Washington DC Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Enforce credential alias usage [New in Security Center 1.3 and updated in 1.5]

Release version: Washingtondc

Updated March 20, 2025

1 minute to read

Learn how to secure your credentials from unauthorized use by configuring the MID Server property.

The Management, Instrumentation, and Discovery (MID) Server is a Java application that runs as a Windows service or UNIX daemon on your local network. MID Server properties are listed in the [ecc_agent_property] table. You can access them in your instance by navigating to MID Server > Properties. Credential aliases allow an administrator to use specific credentials on Discovery schedules. Credential aliases provide more granular control over which credential a Discovery table is allowed to use. To remediate this security vulnerability, set alias_filtering_behavior to strict to prevent unnecessary exposure of credentials with elevated privileges. See MID Server properties for more details.

More information


Attribute	Description
Configuration name	alias_filtering_behavior
Configuration type	MID Server Properties (/ecc_agent_property_list.do)
Data type	string
Recommended value	strict
Default value	loose
Category	Access control
Security risk	Severity score: 2 CVSS score: Low Security risk details: When this hardening setting is not set to strict, then all credentials are used regardless of their aliases for Discovery tables which increases the chance of unauthorized access.
Dependencies and prerequisites	None
References	MID Server Credential aliases for Discovery