IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Does IBM QRadar CE Support Vulnerability Scanning?

    Posted 7 hours ago

    Hello everyone,

    I hope you're doing well.

    We are currently using the IBM QRadar SIEM Community Edition (CE) and have been successfully collecting logs from our firewalls for the past 15 days.

    However, we noticed that the "Vulnerabilities" section is completely blank, and only the "Offenses" section is showing data. This led us to wonder:

    Does QRadar Community Edition support internal vulnerability scanning at all?
    Or do we need to integrate an external vulnerability scanner such as Nessus, OpenVAS, or others?

    We would appreciate any clarification or suggestions regarding the capabilities of QRadar CE related to vulnerability management.

    Thanks in advance for your guidance.



    ------------------------------
    Ashwin Gedekar
    System Security Engineer
    Comtel Infosystem, Mumbai Bharat (India)
    ------------------------------


  • 2.  RE: Does IBM QRadar CE Support Vulnerability Scanning?

    Posted 7 hours ago

    For reference



    ------------------------------
    Ashwin Gedekar
    ------------------------------

    Original Message


  • 3.  RE: Does IBM QRadar CE Support Vulnerability Scanning?

    Posted 7 hours ago
    Edited by Jonathan Pechta 5 hours ago

    QRadar used to offer a product calls QRadar Vulnerability Manager (QVM), which was a scanner product that could scan and display CVEs and mitigation for assets monitored by QRadar. The Vulnerabilities tab was used to display this information. I'm guessing that the license generated for CE still includes QVM components in it, which is why the tab is displaying. QVM went end of market with the release of 7.5.0 Update Package 6. 

    So, the functionality used to be there to scan and import data as QRadar had a scanner like Nessus, Rapid7, etc that you could use to view custom risk scores that tied back to events and flows. This functionality can no longer be leveraged in QRadar after 7.5.0 Update Package 6. 

    You can add assets to QRadar through Nessus, Qualys, Rapid7 imports still and the scan results are added to the Assets tab. QVM added an extra layer for custom risk scores, dashboards, reporting, etc that is now deprecated, which was represented and configured from the Vuln tab. 

    You are likely on the default QRadar license from the install that lasts 30 days, which includes all components. The license issued for QRadar Community Edition (CE) is only for the Console. When you install the QRadar ISO, there is a default license applied and users need to upload the license from the Community Edition download page and apply that license as after 30 days, components will start to expire. 

    https://www.ibm.com/docs/en/qradar-on-cloud?topic=manager-overview-qradar-vulnerability



    ------------------------------
    Jonathan Pechta
    IBM Security - Community of Practice Lead
    jonathan.pechta1@ibm.com
    ------------------------------

    Original Message


Related Content