Adding a nCircle IP360 scanner

QRadar® uses a Secure Shell (SSH) to access a remote server (SSH export server) to retrieve and interpret the scan data from nCircle IP360 appliances. QRadar supports VnE Manager version IP360-6.5.2 to 6.8.2.8.

Before you begin

This configuration requires the target settings that you recorded when you exported the XML2 scan data to the remote server.

About this task

If the scanner is configured to use a password, the SSH scanner server to which QRadar connects must support password authentication. If it does not, SSH authentication for the scanner fails. Make sure the following line is displayed in your sshd_config file, which is typically found in the /etc/ssh directory on the SSH server: PasswordAuthentication yes. If your scanner server does not use OpenSSH, the configuration can differ. For more information, see the vendor documentation for your scanner.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. Configure the following nCircle IP360 parameters:
    Parameter Description
    Scanner Name The name to identify your nCircle IP360 instance.
    Managed Host
    From the Managed Host list, select an option that is based on one of the following platforms:
    • On the QRadar Console, select the managed host that is responsible for communicating with the scanner device.
    • On QRadar on Cloud, if the scanner is hosted in the cloud, the QRadar Console can be used as the managed host. Otherwise, select the data gateway that is responsible for communicating with the scanner device.
    Type nCircle IP360
    SSH Server Host Name The IP address or host name of the remote server that hosts the scan result files.
    SSH Port The port number to connect to the remote server.
    Remote Directory The location of the scan result files.
    File Pattern The regular expression (regex) to filter the list of files that are specified in the Remote Directory field. To list all XML2 format files that end with XML, use the following entry: XML2.*\.xml
  5. Configure the remaining parameters.
  6. To configure a CIDR range for your scanner:
    1. Type the CIDR range that you want this scanner to consider or click Browse to select a CIDR range from the network list.
    2. Click Add.
  7. Click Save.
  8. On the Admin tab, click Deploy Changes.