Adding a Tenable.io scanner to QRadar

Add a Tenable.io scanner in IBM® QRadar® to enable QRadar to collect host and vulnerability information through the Tenable.io API.

Before you begin

You are a Tenable.io user, and you must have the Tenable.io API Public key and Secret key. For more information, see Obtaining the Tenable.io API Access key and Secret key.

Procedure

  1. On the Admin tab, click the VA Scanners icon in the Data Sources section, and then click Add.
  2. In the Scanner Name field, type a name to identify your Tenable.io scanner.
  3. From the Managed Host list, select an option that is based on one of the following platforms:
    • On the QRadar Console, select the managed host that is responsible for communicating with the scanner device.
    • On QRadar on Cloud, if the scanner is hosted in the cloud, the QRadar Console can be used as the managed host. Otherwise, select the data gateway that is responsible for communicating with the scanner device.
  4. From the Type list, select Tenable.io.
  5. In the API End point field, type cloud.tenable.com.
  6. In the Access Key field, type the Tenable.io Access key value that you recorded when you completed the Obtaining the Tenable.io API Access key and Secret key procedure.
  7. In the Secret Key field, type the Tenable.io Secret key value that you recorded when you completed the Obtaining the Tenable.io API Access key and Secret key procedure.
  8. Select the Severity level(s) for which you want to filter the results.
  9. Configure a CIDR range for the Tenable.io scanner. In the CIDR range field, type the CIDR range for the scan, or click Browse to select a CIDR range from the network list.
    Important: For large CIDR ranges or for a large amount of data, the range must be broken down to smaller ranges.
  10. Click Add, and then click Save.
  11. On the Admin tab, click Deploy Changes.

What to do next

You are now ready to create a scan schedule. See Scheduling a vulnerability scan.