Tenable.ot Configuration

Complete the following steps to configure the Tenable.ot App For QRadar v2.0.

To create a log source, through the Log Source Management application for ingesting data, from the Tenable platform:

1. Go to the QRadar Log Source Management application in the Admin panel.

   

   The Log Source Management page appears.

   

2. Click + New Log Source in the upper-right.

   The Log Source Management page appears.

3. Select Tenable.ot Platform as the Log Source type.

   

4. Select Syslog as the protocol type.

   

5. In the Configure Log Source Parameters section, enter the name of the log source in the Name box.

   

   1. Enable the log source by clicking the Enabled/Disabled switch to Enabled.
   2. Select TenableotPlatformCustom_ext as the log source extension.

   3. Disable Coalescing Events by clicking the Enabled/Disabled switch to Disabled

      

6. In the Configure Protocol Parameters section, enter the Log Source Identifier. This Identifier is the hostname/IP address from the data to be forwarded.

7. Click Finish.