Adding a Nmap Remote Result Import
A remote results import retrieves completed Nmap scan reports over SSH.
Scans must be generated in XML format using the
-oX option on your Nmap scanner. After you add your
Nmap scanner, you must assign a scan schedule to specify the frequency
that the vulnerability data is imported from scanner.
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
- In the Scanner Name field, type a name to identify your Nmap scanner.
- From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
- From the Type list, select Nessus Scanner.
- From the Collection Type list, select Remote Results Import.
- In the Server Hostname field, type the hostname or IP address of the remote system that hosts the Nmap client. We suggest that administrators host Nmap on a UNIX-based system with SSH enabled.
- Choose one of the following authentication options:
To authenticate with a user name and password:
In the Server Username field, type the username required to access the remote system hosting the Nmap client.
In the Login Password field, type the password associated with the user name.
The password must not contain the ! character. This character could cause authentication failures over SSH.
If the scanner is configured to use a password, the SSH scanner server to that connects to JSA must support password authentication.
If it does not, SSH authentication for the scanner fails. Ensure the following line is displayed in your
/etc/ssh/sshd_configfile: PasswordAuthentication yes.
If your scanner server does not use OpenSSH, see the vendor documentation for the scanner configuration information.
Enable Key Authorization
To authenticate with a key-based authentication file:
Select the Enable Key Authentication check box.
In the Private Key File field, type the directory path to the key file.
The default is directory for the key file is
/opt/qradar/conf/vis.ssh.key. If a key file does not exist, you must create the vis.ssh.key file.
- In the Remote Folder field, type the directory location of the scan result files.
- In the Remote File Pattern field, type a regular
expression (regex) required to filter the list of files specified
in the remote folder. All matching files are included in the processing.
The default regex pattern to retrieve Nmap results is .*\.xml. The .*\.xml pattern imports all xml result files in the remote folder.
Scan reports imported and processed are not deleted from the remote folder. We suggest that you schedule a cron job to delete previously processed scan reports.
- To configure a CIDR range for your scanner:
In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
- Click Save.
- On the Admin tab, click Deploy Changes.
You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan