Adding an AXIS Vulnerability Scan
Add an AXIS scanner configuration to collect specific reports or start scans on the remote scanner.
The following table describes AXIS scanner parameters when you select SFTP as the import method:
Table 1: AXIS Scanner - SFTP Properties
The IP address or host name of the server that has the scan results files.
The user name that JSA uses to log in to the server.
Enable Key Authentication
Specifies that JSA authenticates with a key-based authentication file.
The location of the scan result files.
Private Key File
The full path to the file that contains
the private key. If a key file does not exist, you
must create the
# ls -al /opt/qradar/conf/vis.ssh.key -rw------- 1 vis qradar 1679 Aug 7 06:24 /opt/qradar/conf/vis.ssh.key
File Name Pattern
The regular expression (regex) required to filter the list of files that are in the Remote Directory. The .*\.xml pattern imports all XML files from the remote directory.
The following table describes AXIS scanner parameters when you select SMB Share as the import method:
Table 2: AXIS Scanner - SMB Share Properties
The IP address or host name of the SMB Share.
The user name that JSA uses to log in to SMB Share.
The domain that is used to connect to the SMB Share.
SMB Folder Path
The full path to the share from the root of the SMB host. Use forward slashes, for example, /share/logs/.
File Name Pattern
The regular expression (regex) required to filter the list of files in the Remote Directory. The .*\.xml pattern imports all xml files in the remote directory.
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
- In the Scanner Name field, type a name to identify the AXIS scanner.
- From the Managed Host list, select the managed host that manages the scanner import.
- From the Type list, select Axis Scanner.
- From the Import Method list, select SFTP or SMB Share.
- Configure the parameters.
- Configure a CIDR range for the scanner.
- Click Save.
- On the Admin tab, click Deploy Changes.
For more information about how to create a scan schedule, see Scheduling a Vulnerability Scan.