Before you add this scanner, a server certificate
is required to support HTTPS connections. JSA supports certificates
with the following file extensions: .crt, .cert, or .der. To
copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:
Manually copy the certificate to the
/opt/qradar/conf/trusted_certificates directory by using SCP or SFTP.
SSH into the Console or managed host and retrieve the
certificate by using the following command: /opt/qradar/bin/getcert.sh <IP or Hostname> <optional
port - 443 default>. A certificate is then downloaded
from the specified host name or IP and placed into
/opt/qradar/conf/trusted_certificates directory in the appropriate format.
API imports enable JSA to import ad hoc report
data for vulnerabilities on your sites from Rapid7 NeXpose scanners.
The site data the scan schedule imports depends on the site name.
- Click Admin > System Configuration.
- Click the VA Scanners icon, and then click Add.
- Type a Scanner Name to identify your Rapid7
NeXpose scanner.
-
From
the Managed Host
list,
select an option that is based on one of the following platforms:
- Select Rapid7 Nexpose Scanner from the Type list.
- From the Import Type list, select Import
Site Data - Local File.
- In the Remote Hostname field, type the IP address
or host name of the Rapid7 NeXpose scanner.
- In the Login Username field, type the user
name that is used to access the Rapid7 NeXpose scanner. The login
must be a valid user. The user name can be obtained from the Rapid7
NeXpose user interface or from the Rapid7 NeXpose administrator.
- In the Login Password field, type the password
to access the Rapid7 NeXpose scanner.
- In the Port field, type the port that is used
to connect to the Rapid7 NeXpose Security Console. The port number
is the same port to connect to the Rapid7 NeXpose user interface.
- In the Site Name Pattern field, type the regular
expression (regex) to determine which Rapid7 NeXpose sites to include
in the scan. All sites that match the pattern are included when the
scan schedule starts. The default value regular expression is .* to import all site names.
- In the Cache Timout (Minutes) field, type the
length of time the data from the last generated scan report is stored
in the cache.
If the cache timeout limit expires, new vulnerability data is
requested from the API when the scheduled scan starts.
- Enter the path to the local directory to store downloaded
XML reports.
- To configure a CIDR range for the scanner complete the
following steps:
In the text field, type the CIDR range for the
scan or click Browse to select a CIDR range from the network
list.
Click Add.
- Click Save.
- On the Admin tab, click Deploy Changes.