Adding a nCircle IP360 scanner
QRadar® uses a Secure Shell (SSH) to access a remote server (SSH export server) to retrieve and interpret the scan data from nCircle IP360 appliances. QRadar supports VnE Manager version IP360-6.5.2 to 188.8.131.52.
This configuration requires the target settings that you recorded when you exported the XML2 scan data to the remote server.
Before you begin
If the scanner is configured to use a password, the SSH scanner server to which QRadar connects must support password authentication. If it does not, SSH authentication for the scanner fails. Make sure the following line is displayed in your sshd_config file, which is typically found in the /etc/ssh directory on the SSH server:
About this task
PasswordAuthentication yes. If your scanner server does not use OpenSSH, the configuration can differ. For more information, see the vendor documentation for your scanner.
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
Configure the following nCircle IP360 parameters:
Parameter Description Scanner Name The name to identify your nCircle IP360 instance. Managed HostFrom the Managed Host list, select an option that is based on one of the following platforms:
- On the QRadar Console, select the managed host that is responsible for communicating with the scanner device.
- On QRadar on Cloud, if the scanner is hosted in the cloud, the QRadar Console can be used as the managed host. Otherwise, select the data gateway that is responsible for communicating with the scanner device.
Type nCircle IP360 SSH Server Host Name The IP address or host name of the remote server that hosts the scan result files. SSH Port The port number to connect to the remote server. Remote Directory The location of the scan result files. File Pattern The regular expression (regex) to filter the list of files that are specified in the Remote Directory field. To list all XML2 format files that end with XML, use the following entry: XML2.*\.xml
- Configure the remaining parameters.
- To configure a CIDR range for your scanner:
- Type the CIDR range that you want this scanner to consider or click Browse to select a CIDR range from the network list.
- Click Add.
- Click Save.
- On the Admin tab, click Deploy Changes.