Configure Right-Click Scanning

QRadar users and administrators can initiate a scan against an IP address by right-clicking on it. In the right-click menu, two buttons, “Tenable.sc scan” and “Tenable.io scan”, initiate a scan against that IP on Tenable.sc or Tenable.io. The user can see the latest scan status of the initiated scan in the dashboard.

To use the right-click scanning for IBM QRadar SIEM:

1. In the QRadar dashboard, click the Log Activity tab in the upper-left.

   The events and log items page appears.

   

2. Under the Source IP column, right-click on any IP address.

   The pop-up menu options appear.

   

3. Click More Options (if available).

   The Admin options appear.

   

4. Click Tenable.sc scan or Tenable.io scan.

   A Tenable Scan Details pop-up window opens and the scan initiates.

   After successfully initiating, the pop-up window shows information such as:

   Scan Name, Scan ID, Scan Description, Scan Result ID or History ID, Platform, IP Address, and Scan Status.

5. The scan details will be reflected in the dashboard.

Note: You will not be able to launch a scan multiple times on the same, or different, IP addresses until the previous scan is completed for Tenable.io.