Adding an AXIS vulnerability scan

Add an AXIS scanner configuration to collect specific reports or start scans on the remote scanner.

About this task

The following table describes AXIS scanner parameters when you select SFTP as the import method:

Table 1. AXIS scanner - SFTP properties
Parameter	Description
Remote Hostname	The IP address or host name of the server that has the scan results files.
Login Username	The user name that QRadar uses to log in to the server.
Enable Key Authentication	Specifies that QRadar authenticates with a key-based authentication file.
Login Password	The password that QRadar uses to log in to the SFTP Server.
Private Key File	The full path to the file that contains the private key. If a key file does not exist, you must create the vis.ssh.key file. Important: The vis.ssh.key file must have `vis qradar` ownership. For example, # ls -al /opt/qradar/conf/vis.ssh.key -rw------- 1 vis qradar 1679 Aug 7 06:24 /opt/qradar/conf/vis.ssh.key
Remote directory	The location of the scan result files.
File Name Pattern	The regular expression (regex) required to filter the list of files that are in the Remote Directory. The `.*\.xml` pattern imports all XML files from the remote directory.
Max Report Age (days)	The maximum age of a report to retrieve during bulk data imports through file.
Ignore Duplicates	Specify whether to ignore duplicate vulnerabilities or not.
Enable strict HostKey Checking	Require the public key of the target host to match with an entry in the Host Key list parameter.
HostKey	Provide Base64 encoded host keys to accept when connecting to the target host. Supported host key type is: ssh-rsa This key can be obtained by running the OpenSSH command `ssh-keyscan` in Linux or `ssh-keyscan.exe` in Windows. The key can also be obtained by getting the public key from the target system directly from the location. For example, /root/.ssh/known_hosts or /etc/ssh/ssh_host_rsa_key.pub Important: You must use the Base64 hash only and not the hostname or algorithm. For example, AAAAB3NzaC1yc2EAAAADAQABAAABAQCkT8TfV0oPWOVihTKKtORG2DQVbbFocUvGct9lN4auSIADp4Ubi\nOzm44k0mIZtMOGfYBTHVzyI6A9nCROLiMrJ00QzwG1IihYwaTqlYbZJ3FSiSY2tz1G2C51SG9OeziDMxcnEY2cHkwGSrGowydz20KPbgzTedOQCp41PafmMlb7TMmJtjU23cfCmPAQQHWIFOLWe1hg3RMtWfj1sE+Fe7Tu+/XZvT4GPSM5YQECXIzXmrhENWo+tIlnCGq01sLNPQ2Fo8qI97uAOm0kx/wkWfJLEj9dsHl7kO6D1x3YESVrr+e\nOc2xDvAStJIb4qCks2CGZDI1I2pivoqjX+JTRL

The following table describes AXIS scanner parameters when you select SMB Share as the import method:

Table 2. AXIS scanner - SMB Share properties
Parameter	Description
Hostname	The IP address or host name of the SMB Share.
Login Username	The user name that QRadar uses to log in to SMB Share.
Domain	The domain that is used to connect to the SMB Share.
SMB Folder Path	The full path to the share from the root of the SMB host. Use forward slashes, for example, `/share/logs/`.
File Name Pattern	The regular expression (regex) required to filter the list of files in the Remote Directory. The `.*\.xml` pattern imports all xml files in the remote directory.

Procedure

Click the Admin tab.
Click the VA Scanners icon.
Click Add.
In the Scanner Name field, type a name to identify the AXIS scanner.
From the Managed Host list, select an option that is based on one of the following platforms:
- On the QRadar Console, select the managed host that is responsible for communicating with the scanner device.
- On QRadar on Cloud, if the scanner is hosted in the cloud, the QRadar® Console can be used as the managed host. Otherwise, select the data gateway that is responsible for communicating with the scanner device.
From the Type list, select Axis Scanner.
From the Import Method list, select SFTP or SMB Share.
Configure the parameters.
Configure a CIDR range for the scanner.
Click Save.
On the Admin tab, click Deploy Changes.

What to do next

For more information about how to create a scan schedule, see Scheduling a vulnerability scan.