Adding an eEye REM SNMP Scan
You can add a scanner to collect vulnerability data over SNMP from eEye REM or CS Retina scanners.
To use CVE identifiers and descriptions, you
must copy the
from your eEye REM scanner to the managed host responsible for listening
for SNMP data. If your managed host is in a distributed deployment,
you must copy the
the Console first and SSH the file to
/opt/qradar/conf/audits.xml on the managed host. The default location of
audits.xml on the eEye scanner is
%ProgramFiles(x86)%\eEye Digital Security\Retina CS\Applications\RetinaManager\Database\audits.xml.
To receive the most up-to-date CVE information, periodically
update JSA with the latest
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
- In the Scanner Name field, type a name to identify your SecureScout server.
- From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
- From the Type list, select eEye REM Scanner.
- From the Import Type list, select SNMP.
- In the Base Directory field, type a location
to store the temporary files that contain the eEye REM scan data.
The default directory is /store/tmp/vis/eEye/.
- In the Cache Size field, type the number of
transactions you want to store in the cache before the SNMP data is
written to the temporary file. The default is 40.
The default value is 40 transactions.
- In the Retention Period field, type the time
period, in days, that the system stores scan information.
If a scan schedule did not import data before the retention period expires, the scan information from the cache is deleted.
- Select the Use Vulnerability Data check box to correlate eEye vulnerabilities to Common Vulnerabilities and Exposures (CVE) identifiers and description information.
- In the Vulnerability Data File field, type
the directory path to the eEye
- In the Listen Port field, type the port number
that is used to monitor for incoming SNMP vulnerability information
from your eEye REM scanner.
The default port is 1162.
- In the Source Host field, type the IP address of the eEye scanner.
- From the SNMP Version list, select the SNMP
The default protocol is SNMPv2.
- In the Community String field, type the SNMP community string for the SNMPv2 protocol, for example, Public.
- From the Authentication Protocol list, select the algorithm to authenticate SNMPv3 traps.
- In the Authentication Password field, type
the password that you want to use to authenticate SNMPv3 communication.
The password must include a minimum of 8 characters.
- From the Encryption Protocol list, select the SNMPv3 decryption algorithm.
- In the Encryption Password field, type the password to decrypt SNMPv3 traps.
- To configure a CIDR range for your scanner:
Type the CIDR range for the scan or click Browse to select a CIDR range from the network list.
- Click Save.
- On the Admin tab, click Deploy Changes.
Select one of the following options:
If you do not use SNMPv3 or use low-level SNMP encryption, you are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.
If your SNMPv3 configuration uses AES192 or AES256 encryption, you must install the unrestricted Java cryptography extension on each Console or managed host that receives SNMPv3 traps. See Installing the Java Cryptography Extension on JSA.