Configure Right-Click Scanning
QRadar users and administrators can initiate a scan against an IP address by right-clicking on it. In the right-click menu, two buttons, “Tenable.sc scan” and “Tenable.io scan”, initiate a scan against that IP on Tenable.sc or Tenable.io. The user can see the latest scan status of the initiated scan in the dashboard.
To use the right-click scanning for IBM QRadar SIEM:
-
In the QRadar dashboard, click the Log Activity tab in the upper-left.
The events and log items page appears.
-
Under the Source IP column, right-click on any IP address.
The pop-up menu options appear.
-
Click More Options (if available).
The Admin options appear.
-
Click Tenable.sc scan or Tenable.io scan.
A Tenable Scan Details pop-up window opens and the scan initiates.
After successfully initiating, the pop-up window shows information such as:
Scan Name, Scan ID, Scan Description, Scan Result ID or History ID, Platform, IP Address, and Scan Status.
- The scan details will be reflected in the dashboard.
Note: You will not be able to launch a scan multiple times on the same, or different, IP addresses until the previous scan is completed for Tenable.io.