Required User Role: Security Analyst
Note: In Tenable App for QRadar v2 and later, you must authenticate using an API Access Key and Secret Key. For more information, see the Generate API section in the Tenable.sc User Guide.
Complete the following steps to configure the Tenable App For QRadar v2.0.
To configure TenableApp For Qradar v2.0:
- Log in to the IBM QRadar SIEM console.
Click the button.
The Menu options appear.
The Admin options appear.
- Scroll to the Tenable section.
Click Tenable App Settings.
The Tenable Configuration appears.
Click Add Tenable.sc Account.
Configure the settings for Tenable.sc.
- In the Address box, enter the IP address used to access Tenable.sc.
- In the Access Key box, enter your Tenable.sc username.
- In the Secret Key box, enter your Tenable.sc password.
In the Rule based Scan Name box, enter a scan name that exists in Tenable.sc.
If a scan does not exist, you must create one with the associated QRadar credentials in Tenable.sc. This scan is used for the rule based scan function.
In theRight Click Scan Name box, enter a scan name that exists in Tenable.sc.
If a scan does not exist, you must create one with the associated QRadar credentials in Tenable.sc. This scan is used for the right click scan function.
Note: This scan can be the same as the Rule Based Scan Name.
In the Authorized Service Token box, enter your Qradar authorized service token. Authorized tokens are found under User Management in the Authorized Services section.
See the IBM QRadar SIEM website for steps on creating an authorized service token.
- (Optional) Click the toggle to enable or disable SSL verification.
(Optional) Connect to Tenable.sc using a proxy.
- Click the Enable/Disable Proxy toggle.
- Type an IP/Hostname.
- Type a Port.
- (Optional) Select the Require Authentication for Proxy check box.
If you required authentication for proxy, type the proxy Username, Password, and Confirm Password.
The Tenable Configuration window appears and displays a success message.
- Create an Offense Rule to generate offenses for the offense rule. For steps on creating offense rules, see the IBM QRadar SIEM documentation.