QRadar® uses
a Secure Shell (SSH) to access a remote server (SSH export server)
to retrieve and interpret the scan data from nCircle IP360 appliances. QRadar supports
VnE Manager version IP360-6.5.2 to 6.8.2.8.
Before you begin
This configuration requires the target settings that you recorded when you exported
the XML2 scan data to the remote server.
About this task
If the scanner is configured to use a password, the SSH scanner server to which
QRadar connects must support password authentication. If it does not, SSH authentication
for the scanner fails. Make sure the following line is displayed in your
sshd_config file, which is typically found in the
/etc/ssh directory on the SSH server:
PasswordAuthentication yes
. If your scanner server does not use
OpenSSH, the configuration can differ. For more information, see the vendor
documentation for your scanner.
Procedure
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
-
Configure the following nCircle IP360 parameters:
Parameter |
Description |
Scanner Name |
The name to identify your nCircle IP360 instance. |
Managed Host |
From the Managed Host list, select an option that is based on one of the
following platforms:
- On the QRadar
Console, select the
managed host that is responsible for communicating with the scanner device.
- On QRadar on Cloud, if the scanner is
hosted in the cloud, the QRadar Console can be
used as the managed host. Otherwise, select the data gateway that is responsible for communicating
with the scanner device.
|
Type |
nCircle IP360 |
SSH Server Host Name |
The IP address or host name of the remote server that hosts the scan
result files. |
SSH Port |
The port number to connect to the remote server. |
Remote Directory |
The location of the scan result files. |
File Pattern |
The regular expression (regex) to filter the list of files that are
specified in the Remote Directory field. To list
all XML2 format files that end with XML, use the following entry:
XML2.*\.xml |
-
Configure the remaining parameters.
- To configure a CIDR range for your scanner:
-
Type the CIDR range that you want this scanner to consider or click
Browse to select a CIDR range from the
network list.
- Click Add.
- Click Save.
- On the Admin tab, click Deploy
Changes.