Tenable Identity Exposure Configuration

Complete the following steps to configure the Tenable Identity Exposure App For QRadar.

To create a log source, through the Log Source Management application for ingesting data, from the Tenable platform:

  1. Go to the QRadar Log Source Management application in the Admin panel.

    The Log Source Management page appears.

  2. Click + New Log Source in the upper-right.

    The Add a Single Log Source page appears.

  3. Select Tenable.ad as the Log Source type.

  4. Select Syslog as the protocol type.

  5. In the Configure Log Source Parameters section, enter the name of the log source in the Name box.

    1. Enable the log source by clicking the Enabled/Disabled switch to Enabled.
    2. Select TenableadCustom_ext as the log source extension.
    3. Disable Coalescing Events by clicking the Enabled/Disabled switch to Disabled.

  6. In the Configure Protocol Parameters section, enter the Log Source Identifier. This Identifier is the hostname/IP address from the data to be forwarded.

  7. Click Finish.