Configure QRadar with Tenable Vulnerability Management

Required Tenable Vulnerability Management User Role: Basic, VM Scan Operator, VM Standard, VM Scan Manager, or Administrator

Complete the following steps to configure the Tenable App For QRadar to sync data from Tenable Vulnerability Management to QRadar.

To configure the Tenable App For Qradar:

  1. Log in to the IBM QRadar SIEM Console.
  2. Click the button.

    The Menu options appear.

  3. Click Admin.

    The Admin options appear.

  4. Scroll to the Tenable section.
  5. Click Tenable App Settings.

    The Tenable Configuration appears.

  6. Click Add Tenable Vulnerability Management Account.

  7. Configure the settings for Tenable Vulnerability Management.

    1. In the Address box, enter the the domain name used to access Tenable Vulnerability Management.
    2. In the Access Key box, enter the API access key for Tenable Vulnerability Management. For information on generating API keys see the Generate API Key section in the Tenable Vulnerability Management User Guide.
    3. In the Secret Key box, enter the API secret key for Tenable Vulnerability Management. For information on generating API keys see the Generate API Key section in the Tenable Vulnerability Management User Guide.
    4. In the Rule based Scan Name box, enter a scan name that exists in Tenable Vulnerability Management.

      Note: If a scan does not exist, you must create one. The scan needs to be associated to the Tenable user that Qradar logs into the Tenable product with. This scan is used for the rule-based scan function.

    5. In the Right Click Scan Name box, enter a scan name that exists in Tenable Vulnerability Management.

      Note: If a scan does not exist, you must create one. The scan needs to be associated to the Tenable user that Qradar logs into the Tenable product with. This scan is used for the right-click scan function.

      Note: This scan can be the same as the Rule Based Scan Name.

    6. In the Authorized Service Token box, enter your QRadar authorized service token. Authorized tokens are found under User Management in the Authorized Services section.

      See the IBM QRadar SIEM website for steps on creating an authorized service token.

    7. (Optional) Click the toggle to enable or disable SSL verification.
    8. (Optional) Connect to Tenable Vulnerability Management using a proxy.

      • Click the toggle to Enable/Disable Proxy.
      • Type an IP/Hostname.
      • Type a Port.
      • (Optional) Select the Require Authentication for Proxy check box.
      • If you required authentication for proxy, type the proxy Username, Password, and Confirm Password.

  8. Click Save.

    The Tenable Configuration window appears and displays a success message.

  9. Create an Offense Rule to generate offenses for the offense rule. For steps on creating offense rules, see the IBM QRadar SIEM documentation.