Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Positive Technologies MaxPatrol Scanner

 

Add a Positive Technologies MaxPatrol scanner to your JSA deployment.

Ensure that the following prerequisites are met:

  • The Positive Technologies MaxPatrol system is configured to export JSA compatible XML vulnerability reports.

  • An SFTP or SMB share is set up and contains the exported XML vulnerability reports.

The following table describes Positive Technologies MaxPatrol scanner parameters when you select SFTP as the import method:

Table 1: Positive Technologies MaxPatrol Scanner SFTP Properties

Parameter

Description

Remote Hostname

The IP address or host name of the server that has the scan results file.

Login Username

The user name that JSA uses to log in to the server.

Enable Key Authentication

Specifies that JSA authenticates with a key-based authentication file.

Remote directory

The location of the scan result files.

Private Key File

The full path to the file that contains the private key. If a key file does not exist, you must create the vis.ssh.key file.

Note: The vis.ssh.key file must have vis qradar ownership.

For example:

# ls -al /opt/qradar/conf/vis.ssh.key
-rw------- 1 vis qradar 1679 Aug 7
06:24 /opt/qradar/conf/vis.ssh.key

File Name Pattern

The regular expression (regex) required to filter the list of files in the Remote Directory. The .*\.xml pattern imports all XML files in the remote directory.

The following table describes Positive Technologies MaxPatrol scanner parameters when you select SMB Share as the import method:

Table 2: Positive Technologies MaxPatrol Scanner SMB Share Properties

Parameter

Description

Hostname

The IP address or host name of the SMB Share.

Login Username

The user name that JSA uses to log in to SMB Share.

Domain

The domain that is used to connect to the SMB Share.

SMB Folder Path

The full path to the share from the root of the SMB host. Use forward slashes, for example, /share/logs/.

File Name Pattern

The regular expression (regex) required to filter the list of files in the Remote Directory. The .*\.xml pattern imports all xml files in the remote directory.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify the Positive Technologies MaxPatrol scanner.
  5. From the Managed Host list, select the managed host that manages the scanner import.
  6. From the Type list, select Positive Technologies MaxPatrol Scanner.
  7. Configure the parameters.
  8. Configure a CIDR range for the scanner.
  9. Click Save.
  10. On the Admin tab, click Deploy Changes.

For more information about how to create a scan schedule, see Scheduling a Vulnerability Scan.

Related Documentation