Welcome to Tenable for IBM QRadar SIEM

Last Updated: July 15, 2025

This document provides information and steps for integrating Tenable Vulnerability Management, Tenable Identity Exposure, Tenable OT Security, and Tenable Security Center applications with IBM QRadar Security Information and Event Management (SIEM).

IBM QRadar SIEM (QRadar) is a network security management platform that provides situational awareness and compliance support. It collects, processes, aggregates, and stores network data in real time. QRadar has a modular architecture that provides real-time visibility of your IT infrastructure that you can use for threat detection and prioritization. You can use the customized Tenable applications in QRadar. to obtain vulnerability summaries for Tenable Vulnerability Management, Tenable Identity Exposure, Tenable OT Security, or Tenable Security Center that correspond to the source IP address for each offense.

How It Works

1. QRadar VM:

   1. Get vulnerabilities from Tenable and import them into QVM.

2. Tenable App for QRadar:

   1. For a given machine on an Offense:

      1. Get a summary of Vulnerabilities.

      2. Initiate a scan with a right-click.

      3. Scan a host during an investigation.

   2. Parse Tenable OT Security events with Embedded Device Support Module (DSM).

   3. Parse Tenable Exposure Management events with Embedded Device Support Module (DSM).

For additional information about IBM QRadar SIEM, see the IBM QRadar SIEM website.