Tenable Identity Exposure Log Extension for QRadar

Overview

Tenable Identity Exposure features allow users to anticipate threats, detect breaches, and respond to incidents and attacks. Through its policies and alerts mechanism, Tenable Identity Exposure generates real-time alerts that are accurate, actionable, and customized for each network and its unique needs.

Tenable Identity Exposure reports these alerts to QRadar via Syslog. For each individual policy, users can decide whether an alert should be sent to QRadar via Syslog; this offers them maximum control over which information is being sent.

Installing the Tenable Identity Exposure Extension

In order to integrate Tenable Identity Exposure with your QRadar system, you need to download the Tenable Identity Exposure extension from the IBM X-Force Exchange and install it.

To download and install the extension:

1. In the IBM QRadar console, open the Admin tab.

2. In the System Configuration section, click on Extension Management.

   

3. In the Extension Management window, click Add and select the TenableotCustom_ext archive file.

4. Select the Install Immediately checkbox to install the extension immediately.

   Before the extension is installed, a preview list of the content items appears.

Configuring a Tenable Identity Exposure Log Source

To configure Tenable Identity Exposure as a log source:

1. In the Data Sources section of the Admin tab, click on Log Sources.

   

2. In the Log Source window click on Add.

   

   The Add a log source window opens.

   

3. In the Log Source Type field, select Tenable.ad.

4. In the Log Source Extension field, select TenableadCustom_ext.

5. Fill in the additional fields as needed and click Save.

For information on how to send alerts to QRadar, see Sending Tenable Identity Exposure Alerts to QRadar.