Tenable.ad Log Extension for QRadar


Tenable.ad features allow users to anticipate threats, detect breaches, and respond to incidents and attacks. Through its policies and alerts mechanism, Tenable.ad generates real-time alerts that are accurate, actionable, and customized for each network and its unique needs.

Tenable.ad reports these alerts to QRadar via Syslog. For each individual policy, users can decide whether an alert should be sent to QRadar via Syslog; this offers them maximum control over which information is being sent.

Installing the Tenable.ad Extension

In order to integrate Tenable.ad with your QRadar system, you need to download the Tenable.ad extension from the IBM X-Force Exchange and install it.

To download and install the extension:

  1. In the IBM QRadar console, open the Admin tab.
  2. In the System Configuration section, click on Extension Management.

  3. In the Extension Management window, click Add and select the TenableotCustom_ext archive file.
  4. Select the Install Immediately checkbox to install the extension immediately.

    Before the extension is installed, a preview list of the content items appears.

Configuring a Tenable.ad Log Source

To configure Tenable.ad as a log source:

  1. In the Data Sources section of the Admin tab, click on Log Sources.

  2. In the Log Source window click on Add.

    The Add a log source window opens.

  3. In the Log Source Type field, select Tenable.ad.
  4. In the Log Source Extension field, select TenableadCustom_ext.

  5. Fill in the additional fields as needed and click Save.

For information on how to send alerts to QRadar, see Sending Tenable.ad Alerts to QRadar.