netVigilance SecureScout scanner overview

QRadar® can collect vulnerability data from an SQL database on the SecureScout scanner by polling for data with JDBC.

netVigilance SecureScout NX and SecureScout SP store scan results in an SQL database. This database can be a Microsoft MSDE or SQL Server database. To collect vulnerabilities, QRadar connects to the remote database to locate the latest scan results for a given IP address. The data returned updates the asset profile in QRadar with the asset IP address, discovered services, and vulnerabilities. QRadar supports SecureScout scanner software version 2.6.

We suggest that administrators create a special user in your SecureScout database for QRadar to poll for vulnerability data.

The database user you create must have select permissions to the following tables:
  • HOST
  • JOB
  • JOB_HOST
  • SERVICE
  • TCRESULT
  • TESTCASE
  • PROPERTY
  • PROP_VALUE
  • WKS
  • IPSORT - The database user must have execute permission for this table.

To add a scanner configuration, seeAdding a netVigilance SecureScout scan.