Configure Right-Click Scanning

QRadar users and administrators can initiate a scan against an IP address by right-clicking on it. In the right-click menu, two buttons, “Tenable.sc scan” and “Tenable.io scan”, initiate a scan against that IP on Tenable.sc or Tenable.io. The user can see the latest scan status of the initiated scan in the dashboard.

To use the right-click scanning for IBM QRadar SIEM:

  1. In the QRadar dashboard, click the Log Activity tab in the upper-left.

    The events and log items page appears.

  2. Under the Source IP column, right-click on any IP address.

    The pop-up menu options appear.

  3. Click More Options (if available).

    The Admin options appear.

  4. Click Tenable.sc scan or Tenable.io scan.

    A Tenable Scan Details pop-up window opens and the scan initiates.

    After successfully initiating, the pop-up window shows information such as:

    Scan Name, Scan ID, Scan Description, Scan Result ID or History ID, Platform, IP Address, and Scan Status.

  5. The scan details will be reflected in the dashboard.

Note: You will not be able to launch a scan multiple times on the same, or different, IP addresses until the previous scan is completed for Tenable.io.