Adding an eEye REM JDBC scan

You can add a scanner to collect vulnerability data over JDBC from eEye REM or CS Retina scanners.

Before you begin

Before you configure QRadar® to poll for vulnerability data, we suggest you create a database user account and password for QRadar. If you assign the user account read-only permission to the RetinaCSDatabase, you can restrict access to the database that contains the eEye vulnerabilities. The JDBC protocol enables QRadar to log in and poll for events from the MSDE database. Ensure that no firewall rules block communication between the eEye scanner and the Console or managed host responsible for polling with the JDBC protocol. If you use database instances, you must verify port 1433 is available for the SQL Server Browser Service to resolve the instance name.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify the eEye scanner.
  5. From the Managed Host list, select an option that is based on one of the following platforms:
    • On the QRadar Console, select the managed host that is responsible for communicating with the scanner device.
    • On QRadar on Cloud, if the scanner is hosted in the cloud, the QRadar Console can be used as the managed host. Otherwise, select the data gateway that is responsible for communicating with the scanner device.
  6. From the Type list, select eEye REM Scanner.
  7. From the Import Type list, select JDBC.
  8. In the Hostname field, type the IP address or the host name of the eEye database.
  9. In the Port field, type 1433.
  10. Optional. In the Database Instance field, type the database instance for the eEye database.

    If a database instance is not used, leave this field blank.

  11. In the Username field, type the username required to query the eEye database.
  12. In the Password field, type the password required to query the eEye database.
  13. In the Domain field, type the domain required, if required, to connect to the eEye database.

    If the database is configured for Windows and inside a domain, you must specify the domain name.
  14. In the Database Name field, type RetinaCSDatabase as the database name.
  15. Select the Use Named Pipe Communication check box if named pipes are required to communicate to the eEye database. By default, this check box is clear.
  16. Select the Use NTLMv2 check box if the eEye scanner uses NTLMv2 as an authentication protocol. By default, this check box is clear.

    The Use NTLMv2 check box forces MSDE connections to use the NTLMv2 protocol when communicating with SQL servers that require NTLMv2 authentication. The Use NTLMv2 check box is selected, it has no effect on MSDE connections to SQL servers that do not require NTLMv2 authentication.
  17. To configure a CIDR range for the scanner:
    1. In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
    2. Click Add.
  18. Click Save.
  19. On the Admin tab, click Deploy Changes.

What to do next

You are now ready to create a scan schedule. See Scheduling a vulnerability scan.