IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Supercharge QVM with QVI and OpenVAS NVT

By THIBAULT BARILLON posted Tue January 08, 2019 06:58 AM

  
With 2019 upon us we're pleased to release two exciting extensions for QRadar Vulnerability Manager (QVM): the QRadar Vulnerability Insights app and the QVM Engine for OpenVAS Network Vulnerability Tests (NVT).

QRadar Vulnerability Insights

Based on the intelligence and capabilities of QVM to contextualise and prioritise vulnerabilities based on SIEM context, Network Modelling and Patch Management, QVI provides insights into the Vulnerability Management Program in a single pane of glass. From exploited to patched vulnerabilities, QVI brings actionable insights on the state and progress of the vulnerability management program.
QVI also provides comparative reporting capabilities: to help better assess the success of scanning campaigns, organisations often need to compare the findings of a scan profile from one interval to another. This is made available in a convenient excel format, including all the raw data for users keen on building their own reports or tailor the findings to their own requirements.

But, less talk, see for yourself:


QVM Engine for OpenVAS NVT

Forked from the then open source Nessus many years ago, OpenVAS has settled as the open source reference for Vulnerability Assessment.
It boasts over sixty thousand Network Vulnerability Tests (NVT) written in the Nessus Attack Scripting Language.
With the QVM Engine for OpenVAS NVT, QVM is able to run all these tests to identify vulnerabilities.
It has specifically been designed to run alongside QVM tools and provide coverage for unauthenticated tests, minimise impact on target systems as well as QRadar systems.

The icing on the cake? No workflow changes are required. The NVT are refreshed nightly during QRadar Auto Updates and they're running "under the hood" as part of QVM scans. To avoid any confusion, none of the pre-existing scan profiles are affected and these capabilities are available in a new scan policy called "Full Scan Plus", a clone of the existing Full Scan policy, with the additional OpenVAS NVT.

Download


More information and downloads available on the App Exchange:

Download QRadar Vulnerability Insights
Download QVM Engine for OpenVAS NVT
0 comments
45 views

Permalink

https://community.ibm.com/community/user/blogs/thibault-barillon/2019/01/08/supercharge-qvm-with-qvi-and-openvas-nvt