Adding an IBM Guardium Vulnerability Scanner
Adding a scanner allows JSA to collect SCAP vulnerability files from IBM InfoSphere Guardium.
Administrators can add multiple IBM Guardium scanners to JSA, each with a different configuration. Multiple configurations provide JSA the ability to import vulnerability data for specific results. The scan schedule determines the frequency with which the SCAP scan results are imported from IBM InfoSphere Guardium.
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
- In the Scanner Name field, type a name to identify your IBM Guardium scanner.
- From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
- From the Type list, select IBM Guardium SCAP Scanner.
- Choose one of the following authentication options:
To authenticate with a user name and password:
In the Login Username field, type a username that has access to retrieve the scan results from the remote host.
In the Login Password field, type the password associated with the user name.
Enable Key Authorization
To authenticate with a key-based authentication file:
Select the Enable Key Authentication check box.
In the Private Key File field, type the directory path to the key file.
The default is directory for the key file is
/opt/qradar/conf/vis.ssh. If a key file does not exist, you must create the vis.ssh key file.
vis.ssh.keyfile must have
# ls -al /opt/qradar/conf/vis.ssh.key -rw------- 1 vis qradar 1679 Aug 7 06:24 /opt/qradar/conf/vis.ssh.key
- In the Remote Directory field, type the directory location of the scan result files.
- In the File Name Pattern field, type a regular
expression (regex) required to filter the list of SCAP vulnerability
files specified in the Remote Directory field. All matching
files are included in the processing.
By default, the Report Name Pattern field contains .*\.xml as the regex pattern. The .*\.xml pattern imports all xml files in the remote directory.
- In the Max Reports Age (Days) field, type the maximum file age for your scan results file. Files that are older than the specified days and timestamp on the report file are excluded when the schedule scan starts. The default value is 7 days.
- To configure the Ignore Duplicates option:
Select this check box to track files that have already been processed by a scan schedule. This option prevents a scan result file from being processed a second time.
Clear this check box to import vulnerability scan results each time the scan schedule starts. This option can lead to multiple vulnerabilities being associated with an asset.
If a result file is not scanned within 10 days, the file is removed from the tracking list and is processed the next time the scan schedule starts.
- To configure a CIDR range for your scanner:
In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
- Click Save.
- On the Admin tab, click Deploy Changes.
You are now ready to create a scan schedule for IBM InfoSphere Guardium. See Scheduling a Vulnerability Scan