Adding a Rapid7 Nexpose Scanner Remote File Import
Before you add this scanner, make sure that you have a server certificate that supports HTTPS connections. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:
Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using SCP or SFTP.
Use SSH to log in to the Console or managed host and retrieve the certificate by using the following command: /opt/qradar/bin/getcert.sh <IP or Hostname> <optional port - 443 default>. A certificate is then downloaded from the specified host name or IP and placed into /opt/qradar/conf/ trusted_certificates directory in the appropriate format.
JSA uses remote files to import site vulnerability data from your Rapid7 Nexpose scanner.
Remote file imports collect vulnerabilities for a site from a remote file that is downloaded. The Rapid7 Nexpose XML file that contains the site and vulnerability information must be copied from your Rapid7 Nexpose appliance to the Console or managed host you specify when the scanner is added to JSA. The destination directory on the managed host or Console must exist before the Rapid7 Nexpose appliance can copy site reports. The site files can be copied to the managed host or Console by using Secure Copy (SCP) or Secure File Transfer Protocol (SFTP).
The import directory that is created on the managed host or JSA Console must have the appropriate owner and permission set on it for the VIS user within JSA. For example, chown -R vis:qradar <import_directory_path> and chmod 755 <import_directory_path> set the owner of the import directory path to VIS user with adequate read-write-execute permissions.
Site files that are imported are not deleted from the import folder, but renamed to .processed0. Administrators can create a cron job to delete previously processed site files.
You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.