IBM QRadar Vulnerability Manager Version 7.3.2 User Guide IBM Note Before you use this information and the product that it supports, read the information in “Notices” on page 127. Product information This document applies to IBM® QRadar® Security Intelligence Platform V7.3.2 and subsequent releases unless superseded by an updated version of this document. © Copyright International Business Machines Corporation 2012, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction........................................................................................................ vii Chapter 1. What's new for users in QRadar Vulnerability Manager V7.3.2................1 Chapter 2. Installations and deployments.............................................................. 3 Vulnerability processor and scanner appliance activation keys.................................................................4 Vulnerability backup and recovery.............................................................................................................. 4 Ports used for communication between QRadar and QRadar Vulnerability Manager managed hosts.....5 Options for moving the vulnerability processor in your QRadar Vulnerability Manager deployment....... 5 Deploying a dedicated QRadar Vulnerability Manager processor appliance........................................6 Moving your vulnerability processor to a managed host or console.....................................................7 Verifying that a vulnerability processor is deployed............................................................................. 7 Removing a vulnerability processor from your console or managed host............................................7 Options for adding scanners to your QRadar Vulnerability Manager deployment.....................................8 Deploying a dedicated QRadar Vulnerability Manager scanner appliance...........................................9 Deploying a vulnerability scanner to a QRadar console or managed host........................................... 9 Scanning the assets in your DMZ.........................................................................................................10 Supported web browsers .................................................................................................................... 11 QRadar Vulnerability Manager high-availability scans............................................................................. 12 Extending the QRadar Vulnerability Manager temporary license............................................................ 13 QRadar Vulnerability Manager high-availability scans............................................................................. 13 Chapter 3. Overview of QRadar Vulnerability Manager.......................................... 15 Vulnerability scanning............................................................................................................................... 15 Categories of QRadar Vulnerability Manager vulnerability checks.......................................................... 15 Checks made by QRadar Vulnerability Manager.......................................................................................16 Vulnerability management dashboard......................................................................................................22 Reviewing vulnerability data on the default vulnerability management dashboard..........................22 Creating a customized vulnerability management dashboard........................................................... 22 Creating a dashboard for patch compliance........................................................................................22 Chapter 4. Vulnerability scanning setup and best practices...................................25 Scan policy types....................................................................................................................................... 26 Scan duration and ports scanning.............................................................................................................27 Tune your asset discovery configuration.................................................................................................. 29 Tune your asset discovery performance .................................................................................................. 29 Web application scanning..........................................................................................................................30 Scanner placement in your network......................................................................................................... 30 Dynamic scanning......................................................................................................................................31 Network bandwidth for simultaneous asset scans...................................................................................31 Network interface cards on scanners....................................................................................................... 32 Vulnerability management overview.........................................................................................................32 Vulnerability scan notifications................................................................................................................. 33 Triggering scans of new assets................................................................................................................. 33 Configuring environmental risk for an asset............................................................................................. 34 External scanning FAQ...............................................................................................................................35 Chapter 5. Scan configuration.............................................................................. 37 Creating a scan profile............................................................................................................................... 37 Creating an external scanner scan profile........................................................................................... 38 iii Creating a benchmark profile...............................................................................................................39 Running scan profiles manually...........................................................................................................39 Rescanning an asset by using the right-click menu option.................................................................40 Scan profile details...............................................................................................................................40 Scan scheduling......................................................................................................................................... 41 Scanning domains monthly..................................................................................................................42 Scheduling scans of new unscanned assets....................................................................................... 42 Reviewing your scheduled scans in calendar format..........................................................................43 Network scan targets and exclusions....................................................................................................... 44 Excluding assets from all scans...........................................................................................................45 Managing scan exclusions....................................................................................................................45 Scan protocols and ports...........................................................................................................................45 Scanning a full port range.................................................................................................................... 45 Scanning assets with open ports......................................................................................................... 46 Configuring a permitted scan interval....................................................................................................... 47 Scanning during permitted times.........................................................................................................48 Managing operational windows........................................................................................................... 48 Disconnecting an operational window.................................................................................................48 Dynamic vulnerability scans......................................................................................................................49 Associating vulnerability scanners with CIDR ranges.........................................................................49 Scanning CIDR ranges with different vulnerability scanners..............................................................50 Scan policies.............................................................................................................................................. 50 Scan policy automatic updates for critical vulnerabilities.................................................................. 51 Modifying a pre-configured