You can add a scanner to collect vulnerability data over JDBC from eEye REM or CS Retina
scanners.
Before you begin
Before you configure QRadar® to
poll for vulnerability data, we suggest you create a database user
account and password for QRadar.
If you assign the user account read-only permission to the RetinaCSDatabase,
you can restrict access to the database that contains the eEye vulnerabilities.
The JDBC protocol enables QRadar to
log in and poll for events from the MSDE database. Ensure that no
firewall rules block communication between the eEye scanner and the
Console or managed host responsible for polling with the JDBC protocol.
If you use database instances, you must verify port 1433 is available
for the SQL Server Browser Service to resolve the instance name.
Procedure
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
- In the Scanner Name field, type
a name to identify the eEye scanner.
-
From the Managed Host list, select an option that is based on one of the
following platforms:
- On the QRadar
Console, select the
managed host that is responsible for communicating with the scanner device.
- On QRadar on Cloud, if the scanner is
hosted in the cloud, the QRadar Console can be
used as the managed host. Otherwise, select the data gateway that is responsible for communicating
with the scanner device.
- From the Type list, select eEye
REM Scanner.
- From the Import Type list, select JDBC.
- In the Hostname field, type the
IP address or the host name of the eEye database.
- In the Port field, type 1433.
- Optional. In the Database Instance field,
type the database instance for the eEye database.
If a database instance is not used, leave this field blank.
- In the Username field, type the
username required to query the eEye database.
- In the Password field, type the
password required to query the eEye database.
- In the Domain field, type the domain
required, if required, to connect to the eEye database.
If
the database is configured for Windows and inside a domain, you must
specify the domain name.
- In the Database Name field, type RetinaCSDatabase as
the database name.
- Select the Use Named Pipe Communication check
box if named pipes are required to communicate to the eEye database.
By default, this check box is clear.
- Select the Use NTLMv2 check box
if the eEye scanner uses NTLMv2 as an authentication protocol. By
default, this check box is clear.
The Use NTLMv2
check box forces MSDE connections to use the NTLMv2 protocol when
communicating with SQL servers that require NTLMv2 authentication.
The Use NTLMv2 check box is selected, it has no effect on MSDE connections
to SQL servers that do not require NTLMv2 authentication.
- To configure a CIDR range for the scanner:
- In the text field, type the CIDR range you want this
scanner to consider or click Browse to select
a CIDR range from the network list.
- Click Add.
- Click Save.
- On the Admin tab, click Deploy
Changes.
What to do next
You are now ready to create a scan schedule. See Scheduling a vulnerability scan.