Install the QRadar® plug-in

Before you can access the QRadar® vulnerability data from the BigFix console, you must install the QRadar® plug-in in BigFix. To install the QRadar® plug-in, you run a Fixlet®. There is a separate installation Fixlet® available for Windows and Linux. When running the installation Fixlet®, you must target the BigFix server. After you have installed the QRadar® plug-in, you can access the Manage Vulnerable Computers dashboard from the BigFix Endpoint Protection domain.

Before you begin

Before installing the QRadar® plug-in, complete the following prerequisite steps as necessary:
  • Ensure that the BES Server Plugin Service is installed on the BigFix server and is configured correctly.
  • Create a new console user for the installation of the QRadar® plug-in and assign master operator privileges to that user.
  • After you install the BES Server Plugin Service on the server, enable encryption of the credentials for the BigFix REST API by running the Configure REST API credentials for BES Server Plugin Service Task from Fixlets and Tasks node of the All Content domain.
    1. Click the Configure REST API credentials for BES Server Plugin Service Task. The user interface from which you must start the encryption enablement Task is displayed.
    2. Enter the user name and password for the master operator user that you created. This creates an encrypted password.
    3. Click Take Action and specify the server where you are installing the QRadar® plug-in, which is the BigFix server.
      Note: The Configure REST API credentials for BES Server Plugin Service Task remains relevant after you run it. You can check the action history to confirm that it runs successfully.
  • Ensure that the BigFix agent is version 9.2.6 or later is installed on the BigFix server.

About this task

To enable QRadar® and BigFix to communicate, you must complete some short configuration steps in QRadar®. For information about how to complete the QRadar® configuration, see the QRadar and BigFix integration setup documentation. From within BigFix, you must run a Fixlet® to install the QRadar® plug-in. This section describes how to install the QRadar® plug-in in BigFix. After you install the plug-in and complete the configuration that is required in QRadar®, QRadar® posts vulnerability scan data to the BigFix server using the REST API.

Complete the following steps to install the QRadar® plug-in.

Procedure

  1. From the BigFix console, go to the Endpoint Protection domain.
  2. Click Manage Vulnerabilities, then Setup and Maintenance, and then Fixlets and Tasks.
  3. Depending on the operating system on which you are installing the dashboard service, select the Install or Update the QRadar Plugin on Windows or Install or Update the QRadar Plugin on Linux Fixlet®.
  4. Review the information in the Fixlet® description and if necessary, complete any prerequisite information described.
  5. Click Take Action. From the Take Action dialog box, target the BigFix server.
  6. Click OK to run the installation Fixlet®.

Results

After the Fixlet® runs successfully, the dashboard service starts automatically. To open the dashboard on the console, go to the Endpoint Protection domain, and click Manage Vulnerable Computers.
The plug-in is installed in the following location on the BigFix server:
  • On Microsoft Windows systems, the plug-in is installed in the C:\Program Files (x86)\BigFix Enterprise\BES Server\Applications\qrplugin directory.
  • On Linux systems, the plug-in is installed in the /var/opt/BESServer/Applications/qrplugin directory.