Tenable.io Configuration

Required User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Complete the following steps to configure the Tenable App For QRadar v2.0.

To configure the Tenable App For Qradar v2.0:

  1. Log in to the IBM QRadar SIEM Console.
  2. Click the button.

    The Menu options appear.

  3. Click Admin.

    The Admin options appear.

  4. Scroll to the Tenable section.
  5. Click Tenable App Settings.

    The Tenable Configuration appears.

  6. Click Add Tenable.io Account.

  7. Configure the settings for Tenable.io.

    1. In the Address box, enter the the domain name used to access Tenable.io.
    2. In the Access Key box, enter the API access key for Tenable.io. For information on generating API keys see the Generate API Key section in the Tenable.io User Guide.
    3. In the Secret Key box, enter the API secret key for Tenable.io. For information on generating API keys see the Generate API Key section in the Tenable.io User Guide.
    4. In the Rule based Scan Name box, enter a scan name that exists in Tenable.io.

      If a scan does not exist, you must create one with the associated QRadar credentials in Tenable.io.This scan is used for the rule based scan function.

    5. In the Right Click Scan Name box, enter a scan name that exists in Tenable.io.

      If a scan does not exist, you must create one with the associated QRadar credentials in Tenable.io. This scan is used for the right click scan function.

      Note: This scan can be the same as the Rule Based Scan Name.

    6. In the Authorized Service Token box, enter your QRadar authorized service token. Authorized tokens are found under User Management in the Authorized Services section.

      See the IBM QRadar SIEM website for steps on creating an authorized service token.

    7. (Optional) Click the toggle to enable or disable SSL verification.
    8. (Optional) Connect to Tenable.io using a proxy.

      • Click the toggle to Enable/Disable Proxy.
      • Type an IP/Hostname.
      • Type a Port.
      • (Optional) Select the Require Authentication for Proxy check box.
      • If you required authentication for proxy, type the proxy Username, Password, and Confirm Password.

  8. Click Save.

    The Tenable Configuration window appears and displays a success message.

  9. Create an Offense Rule to generate offenses for the offense rule. For steps on creating offense rules, see the IBM QRadar SIEM documentation.