Configure Right-Click Scanning

In QRadar you can initiate a scan against an IP address by right-clicking on it. In the right-click menu, two buttons, Tenable Security Center scan and Tenable Vulnerability Management scan, initiate a scan against that IP on Tenable Security Center or Tenable Vulnerability Management. You can see the latest scan status of the initiated scan in the dashboard.

To use the right-click scanning for IBM QRadar SIEM:

1. In the QRadar dashboard, click the Log Activity tab in the upper-left.

   The events and log items page appears.

   

2. Under the Source IP column, right-click on any IP address.

   The pop-up menu options appear.

   

3. Click More Options (if available).

   The Admin options appear.

4. Click Tenable Security Center scan or Tenable Vulnerability Management scan.

   A Tenable Scan Details pop-up window opens and the scan initiates.

   After successfully initiating, the pop-up window shows information such as Scan Name, Scan ID, Scan Description, Scan Result ID or History ID, Platform, IP Address, and Scan Status.

5. The scan details are reflected in the dashboard.

Note: You are not able to launch a scan multiple times on the same, or different, IP addresses until the previous scan is completed for Tenable Vulnerability Management.

Tip: You can check your active scans launched from the IBM QRadar SIEM integration in the Tenable App Dashboard tab in the QRadar user interface.