Install the QRadar® plug-in
Before you can access the QRadar® vulnerability data from the BigFix console, you must install the QRadar® plug-in in BigFix. To install the QRadar® plug-in, you run a Fixlet®. There is a separate installation Fixlet® available for Windows and Linux. When running the installation Fixlet®, you must target the BigFix server. After you have installed the QRadar® plug-in, you can access the Manage Vulnerable Computers dashboard from the BigFix Endpoint Protection domain.
Before you begin
- Ensure that the
BES Server Plugin Service
is installed on the BigFix server and is configured correctly. - Create a new console user for the installation of the QRadar® plug-in and assign master operator privileges to that user.
- After you install the
BES Server Plugin Service
on the server, enable encryption of the credentials for the BigFix REST API by running theConfigure REST API credentials for BES Server Plugin Service
Task from Fixlets and Tasks node of the All Content domain.- Click the Configure REST API credentials for BES Server Plugin Service Task. The user interface from which you must start the encryption enablement Task is displayed.
- Enter the user name and password for the master operator user that you created. This creates an encrypted password.
- Click Take Action and specify the server where you are installing the
QRadar® plug-in, which is the
BigFix server.Note: The Configure REST API credentials for BES Server Plugin Service Task remains relevant after you run it. You can check the action history to confirm that it runs successfully.
- Ensure that the BigFix agent is version 9.2.6 or later is installed on the BigFix server.
About this task
To enable QRadar® and BigFix to communicate, you must complete some short configuration steps in QRadar®. For information about how to complete the QRadar® configuration, see the QRadar and BigFix integration setup documentation. From within BigFix, you must run a Fixlet® to install the QRadar® plug-in. This section describes how to install the QRadar® plug-in in BigFix. After you install the plug-in and complete the configuration that is required in QRadar®, QRadar® posts vulnerability scan data to the BigFix server using the REST API.
Complete the following steps to install the QRadar® plug-in.
Procedure
- From the BigFix console, go to the Endpoint Protection domain.
- Click Manage Vulnerabilities, then Setup and Maintenance, and then Fixlets and Tasks.
-
Depending on the operating system on which you are installing the dashboard service, select the
Install or Update the QRadar Plugin on Windows
orInstall or Update the QRadar Plugin on Linux
Fixlet®. - Review the information in the Fixlet® description and if necessary, complete any prerequisite information described.
- Click Take Action. From the Take Action dialog box, target the BigFix server.
- Click OK to run the installation Fixlet®.
Results
- On Microsoft™ Windows™ systems, the plug-in is installed in the C:\Program Files (x86)\BigFix Enterprise\BES Server\Applications\qrplugin directory.
- On Linux™ systems, the plug-in is installed in the /var/opt/BESServer/Applications/qrplugin directory.