QRadar® can
poll IBM® InfoSphere® SiteProtector appliances for vulnerability
data with JDBC.
About this task
Administrators can add multiple IBM
SiteProtector scanners to IBM
QRadar, each with a different
configuration. Multiple configurations provide QRadar with the ability to query
SiteProtector and only import results from specific CIDR ranges. The scan schedule determines the
frequency with which the database on the SiteProtector scanner is queried for vulnerability
data.
Procedure
- Click the Admin tab.
- Click the VA Scanners icon.
- Click Add.
- In the Scanner Name field, type
a name to identify the IBM SiteProtector scanner.
-
From the Managed Host list, select an option that is based on one of the
following platforms:
- On the QRadar
Console, select the
managed host that is responsible for communicating with the scanner device.
- On QRadar on Cloud, if the scanner is
hosted in the cloud, the QRadar Console can be
used as the managed host. Otherwise, select the data gateway that is responsible for communicating
with the scanner device.
- From the Type list, select IBM
SiteProtector Scanner.
- In the Hostname field, type the
IP address or host name of the IBM SiteProtector that contains vulnerabilities
to import.
- In the Port field, type 1433 as
the port for the IBM SiteProtector database.
- In the Username field, type the
username required to query the IBM SiteProtector database.
- In the Password field, type the
password required to query the IBM SiteProtector database.
- In the Domain field, type the domain
required, if required, to connect to the IBM SiteProtector database.
If the database is configured for Windows and inside
a domain, you must specify the domain name.
- In the Database Name field, type RealSecureDB as
the database name.
- In the Database Instance field,
type the database instance for the IBM SiteProtector database. If
you are not using a database instance, you can leave this field blank.
-
Select the Use Named Pipe Communication if named pipes are required to
communicate to the IBM SiteProtector database. If you are using SQL authentication, disable Named
Pipe Communication. By default, this check box is clear.
- Select the Use NTLMv2 check box
if the IBM SiteProtector uses NTLMv2 as an authentication protocol.
By default, this check box is clear.
The Use NTLMv2
check box forces MSDE connections to use the NTLMv2 protocol when
communicating with SQL servers that require NTLMv2 authentication.
The Use NTLMv2 check box is selected, it has no effect on MSDE connections
to SQL servers that do not require NTLMv2 authentication.
- To configure a CIDR range for the scanner:
- In the text field, type the CIDR range for the scan
or click Browse to select a CIDR range from
the network list.
- Click Add.
- Click Save.
- On the Admin tab, click Deploy
Changes.
What to do next
You are now ready to create a scan schedule. See Scheduling a vulnerability scan