Nmap scanner overview

QRadar® uses SSH to communicate with the Nmap server to either start remote Nmap scans or download the completed Nmap scan results.

Restriction: Although there is an NMap binary on each QRadar host, it is reserved for internal QRadar use only. Configuring an NMap vulnerability scanner to use a QRadar Console or QRadar managed host as the remote NMap scanner is not supported and can cause instabilities.

When administrators configure an Nmap scan, a specific Nmap user account can be created for the QRadar system. A unique user account ensures that QRadar possesses the credentials that are required to log in and communicate with the Nmap server. After the user account creation is complete, administrators can test the connection from QRadar to the Nmap client with SSH to verify the user credentials. This test ensures that each system can communicate before the system attempt to download vulnerability scan data or start a live scan.

The following options are available for data collection of vulnerability information from Nmap scanners: