Configuration

Complete the following steps to configure the Tenable App For QRadar.

To configure the Tenable App For Qradar:

  1. Log in to the IBM QRadar SIEM Console.

  2. Click the button.

    The Menu options appear.

  3. Click Admin.

    The Admin options appear.

  4. Scroll to the Tenable section.

  5. Click Tenable App Settings.

    The Tenable Configuration appears.

  6. Depending on the Tenable product you want to configure, do one of the following:

    • Click Add Tenable.io Account.
    • Click Add Tenable.sc Account.

  7. Configure the settings for your product.

    Required User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

    1. In the Hostname box, enter the the domain name used to access Tenable.io.
    2. In the Access Key box, enter the API access key for Tenable.io. For information on generating API keys see the Generate API Key section in the Tenable.io User Guide.
    3. In the Secret Key box, enter the API secret key for Tenable.io. For information on generating API keys see the Generate API Key section in the Tenable.io User Guide.

    4. In the Authorized Service Token box, enter your Qradar authorized service token. Authorized tokens are found under User Management in the Authorized Services section.

      See the IBM QRadar SIEM website for steps on creating an authorized service token.

    5. (Optional) Connect to Tenable.io using a proxy.

      • Click the Enable/Disable Proxy toggle.
      • Type an IP/Hostname.
      • Type a Port.
      • (Optional) Select the Require Authentication for Proxy check box.

      • If you required authentication for proxy, type the proxy Username, Password, and Confirm Password.

    Required User Role: Security Analyst

    1. In the Address box, enter the IP address used to access Tenable.sc.
    2. In the Username box, enter your Tenable.sc username.
    3. In the Password box, enter your Tenable.sc password.

    4. In the Authorized Service Token box, enter your Qradar authorized service token. Authorized tokens are found under User Management in the Authorized Services section.

      See the IBM QRadar SIEM website for steps on creating an authorized service token.

    1. (Optional) Connect to Tenable.sc using a proxy.

      • Click the Enable/Disable Proxy toggle.
      • Type an IP/Hostname.
      • Type a Port.
      • (Optional) Select the Require Authentication for Proxy check box.

      • If you required authentication for proxy, type the proxy Username, Password, and Confirm Password.

  8. Click Save.

    The Tenable Configuration window appears and displays a success message.