Configure QRadar with Tenable Security Center
Required User Role: Security Analyst
Note: In Tenable App for QRadar v2 and later, you must authenticate using an API Access Key and Secret Key. For more information, see the Generate API section in the Tenable Security Center User Guide.
To configure TenableApp For Qradar v4.2.1:
- Log in to the IBM QRadar SIEM console.
-
Click the button.
The Menu options appear.
-
Click Admin.
The Admin options appear.
- Scroll to the Tenable section.
-
Click Tenable App Settings.
The Tenable Configuration appears.
-
Click Add Tenable Security Center Account.
-
Configure the settings for Tenable Security Center.
- In the Address box, enter the IP address used to access Tenable Security Center.
- In the Access Key box, enter your generated Tenable Security Center access key. For more information, see Enable API Key Authentication and Generate API Keys.
- In the Secret Key box, enter your generated Tenable Security Center secret key. For more information, see Enable API Key Authentication and Generate API Keys.
-
In the Rule based Scan Name box, enter a scan name that exists in Tenable Security Center.
Note: If a scan does not exist, you must create one. The scan needs to be associated to the Tenable user that Qradar logs into the Tenable product with. This scan is used for the rule-based scan function.
-
In the Right Click Scan Name box, enter a scan name that exists in Tenable Security Center.
Note: If a scan does not exist, you must create one. The scan needs to be associated to the Tenable user that Qradar logs into the Tenable product with. This scan is used for the right-click scan function.
Note: This scan can be the same as the Rule Based Scan Name.
-
In the Authorized Service Token box, enter your Qradar authorized service token. Authorized tokens are found under User Management in the Authorized Services section.
See the IBM QRadar SIEM website for steps on creating an authorized service token.
- (Optional) Click the toggle to enable or disable SSL verification. It may be required to enter the hostname of the machine hosting Tenable Security Center in the Address box.
-
(Optional) Connect to Tenable Security Center using a proxy.
- Click the Enable/Disable Proxy toggle.
- Type an IP/Hostname.
- Type a Port.
- (Optional) Select the Require Authentication for Proxy check box.
-
If you required authentication for proxy, type the proxy Username, Password, and Confirm Password.
-
Click Save.
The Tenable Configuration window appears and displays a success message.
- Create an Offense Rule to generate offenses for the offense rule. For steps on creating offense rules, see the IBM QRadar SIEM documentation.