Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Adding a Tenable SecurityCenter Scan

Verify the location of the API on your Tenable SecurityCenter.

A server certificate is required to support HTTPS connections. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:

  • Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using SCP or SFTP.

  • SSH into the Console or managed host and retrieve the certificate by using the following command: /opt/qradar/bin/getcert.sh <IP or Hostname> <optional port - 443 default>. A certificate is then downloaded from the specified hostname or IP and placed into /opt/qradar/conf/trusted_certificates directory in the appropriate format.

You can add a Tenable SecurityCenter scanner to enable JSA to collect host and vulnerability information through the Tenable API.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify the scanner.
  5. From the Managed Host list, select an option that is based on one of the following platforms:

    • On the JSA Console, select the managed host that is responsible for communicating with the scanner device.

  6. From the Type list, select Tenable SecurityCenter.
  7. In the Server Address field, type the IP address of the Tenable SecurityCenter.
  8. In the API Location field, type the path to the API on the Tenable SecurityCenter.

    The default path to the API file for SecurityCenter Version 4 is sc4/request.php.

    The default path to the API file for SecurityCenter Version 5 is rest.

  9. From the API Version list, select the version for your SecurityCenter.
    Tip:

    Support for Tenable SecurityCenter (Tenable.sc) on JSA is limited to the versions supported by Tenable. For more information, see Tenable Software Release Lifecycle Matrix.
  10. In the User Name field, type the username to access the Tenable SecurityCenter API.
  11. In the Password field, type the password to access the Tenable SecurityCenter API.
  12. Enable or disable the Allow Untrusted Certificates parameter, which is based on the certificate type you use.

    If you enable the Allow Untrusted Certificates parameter, the scanner can accept selfsigned and otherwise untrusted certificates that are located within the /opt/qradar/conf/trusted_certificates/ directory. If you disable the parameter, the scanner trusts only certificates that are signed by a trusted signer.

    Tip:

    By default, this parameter is enabled for existing scanners and disabled for new scanners.
  13. Configure a CIDR range for the scanner.

    1. In the CIDR ranges field, type the CIDR range for the scan or click Browse to select a CIDR range from the network list.

    2. Click Add.

  14. Click Save.
  15. On the Admin tab, click Deploy Changes.

You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.

Related Documentation