Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding an IBM AppScan Enterprise Vulnerability Scanner

 

You can add a scanner to define which scan reports in IBM Security AppScan are collected by JSA.

If your AppScan installation is set up to use HTTPS, a server certificate is required. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:

  • Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using SCP or SFTP.

  • SSH into the Console or managed host and retrieve the certificate by using the following command: /opt/qradar/bin/getcert.sh <IP or Hostname> <optional port - 443 default>. A certificate is then downloaded from the specified host name or IP and placed into /opt/qradar/conf/trusted_certificates directory in the appropriate format.

You can add multiple IBM AppScan scanners to JSA, each with a different configuration. Multiple configurations provide JSA the ability to import AppScan data for specific results. The scan schedule determines the frequency with which scan results are imported from the REST web service in IBM AppScan Enterprise.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your IBM AppScan Enterprise scanner.
  5. From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
  6. From the Type list, select IBM AppScan Scanner.
  7. In the ASE Instance Base URL field, type the full base URL of the AppScan Enterprise instance. HTTP and HTTPS are supported in the URL address.

    Example: XML API - http://myasehostname/ase

    Example: JSON API - http://myasehostname/ase/api

  8. From the API Type list, select one of the following options:
    • XML (Before v9.02)— If your version of AppScan Enterprise is earlier than v9.02, select this option. This API type uses the AppScan XML REST web service.

    • JSON (v9.0.2 and later)— If your version of AppScan Enterprise is version 9.02 or later, select this option. This API type uses the AppScan JSON REST web service.

  9. If you selected XML (Before v9.02) as the API Type, select one of the following options from the Authentication Type list:
    • Windows Authentication (AppScan Enterprise 9.0 and previous)— Select this option to use Windows Authentication with the REST web service.

    • AppScan Enterprise Authentication— Select this option to use AppScan Enterprise Authentication with the REST web service.

  10. In the Username field, type the user name to retrieve scan results from AppScan Enterprise.
  11. In the Password field, type the password to retrieve scan results from AppScan Enterprise.
  12. In the Report Name Pattern field, type a regular expression (regex) to filter the list of vulnerability reports available from AppScan Enterprise.

    By default, the Report Name Pattern field contains .* as the regex pattern. The .* pattern imports all scan reports that are published to JSA. All matching files from the file pattern are processed by JSA. You can specify a group of vulnerability reports or an individual report by using a regex pattern.

  13. Configure a CIDR range for your scanner:
    1. Type the CIDR range for the scanner or click Browse to select a CIDR range from the network list.

    2. Click Add.

  14. Click Save.
  15. On the Admin tab, click Deploy Changes.

You are now ready to create a scan schedule for IBM AppScan Enterprise. See Scheduling a Vulnerability Scan.