Configure Right-Click Scanning
QRadar users and administrators can initiate a scan against an IP address by right-clicking on it. In the right-click menu, two buttons, “Tenable.sc scan” and “Tenable.io scan”, initiate a scan against that IP on Tenable Security Center or Tenable Vulnerability Management. The user can see the latest scan status of the initiated scan in the dashboard.
To use the right-click scanning for IBM QRadar SIEM:
In the QRadar dashboard, click the Log Activity tab in the upper-left.
The events and log items page appears.
Under the Source IP column, right-click on any IP address.
The pop-up menu options appear.
Click More Options (if available).
The Admin options appear.
Click Tenable.sc scan or Tenable.io scan.
A Tenable Scan Details pop-up window opens and the scan initiates.
After successfully initiating, the pop-up window shows information such as:
Scan Name, Scan ID, Scan Description, Scan Result ID or History ID, Platform, IP Address, and Scan Status.
- The scan details will be reflected in the dashboard.
Note: You will not be able to launch a scan multiple times on the same, or different, IP addresses until the previous scan is completed for Tenable Vulnerability Management.
Tip: You can check your active scans launched from the IBM QRadar SIEM integration in the Tenable App Dashboard tab in the QRadar user interface.