IBM Security QRadar Vulnerability Manager Configuration and Usage

Similar documents
IBM Security QRadar Vulnerability Manager Version User Guide

IBM Security QRadar Vulnerability Manager Version User Guide IBM

Extreme Networks Security Vulnerability Manager User Guide

Juniper Secure Analytics

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

NMS300 Network Management System

IBM Security QRadar Vulnerability Manager

Vulnerability Management

IBM. Vulnerability scanning and best practices

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

Extreme Networks Security Analytics G2 Vulnerability Manager

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Juniper Secure Analytics Release Notes

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

IBM Security QRadar SIEM Version MR1. Administration Guide

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Security IBM Corporation IBM Corporation

Configuration Information

GFI Product Manual. Administration and Configuration Manual

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

Configuration Information

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

White Paper. Managing Risk to Sensitive Data with SecureSphere

SecureGRC TM - Cloud based SaaS

QRadar SIEM and FireEye MPS Integration

GFI White Paper PCI-DSS compliance and GFI Software products

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

IBM Security QRadar Version Vulnerability Assessment Configuration Guide IBM

What is Security Intelligence?

Symantec Security Information Manager 4.8 Release Notes

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

IBM Security SiteProtector System Configuration Guide

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Security and Compliance Suite Evaluator s Guide. August 11, 2015

IBM Security SiteProtector System Configuration Guide

LifeSize UVC Manager TM Deployment Guide

What is Windows Intune? The Windows Intune Administrator Console. System Overview

4. Getting started: Performing an audit

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

Symantec Virtual Machine Management 7.1 User Guide

Kaseya 2. User Guide. Version 1.1

IBM Proventia Network Enterprise Scanner

IBM Security QRadar Version Troubleshooting System Notifications Guide

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Automate PCI Compliance Monitoring, Investigation & Reporting

How To Manage Sourcefire From A Command Console

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IBM Security QRadar Risk Manager Version Getting Started Guide IBM

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Q1 Labs Corporate Overview

Secunia Vulnerability Intelligence Manager (VIM) 4.0

Monitor Solution Best Practice v3.2 part of Symantec Server Management Suite

Software Vulnerability Assessment

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

McAfee Vulnerability Manager 7.0.2

Juniper Networks Management Pack Documentation

Vistara Lifecycle Management

IBM Endpoint Manager Version 9.1. Patch Management for Red Hat Enterprise Linux User's Guide

End-user Security Analytics Strengthens Protection with ArcSight

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Complete Patch Management

IBM Security QRadar SIEM Version (MR1) Tuning Guide

IBM Security QRadar Version (MR1) WinCollect User Guide

SapphireIMS 4.0 BSM Feature Specification

Qualys PC/SCAP Auditor

Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

IBM Information Server

Leveraging Best Practices for SolarWinds IP Address Manager

The webinar will begin shortly

Netwrix Auditor for Exchange

Deployment Guide: Transparent Mode

Policy Compliance. Getting Started Guide. January 22, 2016

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

Managing Vulnerability Assessment

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

MALWAREBYTES PLUGIN DOCUMENTATION

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Secret Server Qualys Integration Guide

VMware vcenter Operations Manager Administration Guide

Introduction to Google Apps for Business Integration

Security and Compliance Suite

Elastic Detector on Amazon Web Services (AWS) User Guide v5

Introduction to Network Discovery and Identity

Clavister InSight TM. Protecting Values

i>clicker v7 Gradebook Integration: Blackboard Learn Instructor Guide

Datasheet FUJITSU Cloud Monitoring Service

Network Detective. Network Detective Inspector RapidFire Tools, Inc. All rights reserved Ver 3D

NETWORK PRINT MONITOR User Guide

RSA SecurID Ready Implementation Guide

Security Event Management. February 7, 2007 (Revision 5)

Vulnerability Control Product Tour

Transcription:

IBM Security QRadar Vulnerability Manager Configuration and Usage -Mangesh Patil -Praphullachandra Mujumdar 7/13/15 1 2015 IBM Corporation

Agenda : 1. Introducing IBM Security QRadar Vulnerability Manager 2. Advantages of IBM Security QRadar Vulnerability Manager 3. Accessing Vulnerabilities Tab 4. Vulnerability Dashboard 5. QVM Processor and QVM Scanner 6. Scanning the Assets in DMZ 7. IBM Security QRadar Vulnerability Manager Integrations 8. Vulnerability Scanning 9. Authenticated Patch Scan 10. Scan Policies 11. Vulnerability Scan Investigations 12. Management of Vulnerabilities 13. Investigating high risk Assets and Vulnerabilities 14. Vulnerability Exception Rules 15. Vulnerability Remediation 16. Vulnerability Reports 17. Vulnerability Research, News, and Advisories 18. Log Collection for Support 19. Few Commonly Observed Issues 20. Q & A Session 2 2015 IBM Corporation

The Security Intelligence Timeline : 3 2015 IBM Corporation

IBM Security QRadar Vulnerability Manager : IBM Security QRadar Vulnerability Manager is a network scanning platform that detects vulnerabilities within the applications, systems, and devices on your network or within your DMZ. QRadar Vulnerability Manager uses security intelligence to help you manage and prioritize your network vulnerabilities. For example, you can use QRadar Vulnerability Manager to continuously monitor vulnerabilities, improve resource configuration, and identify software patches. You can also, prioritize security gaps by correlating vulnerability data with network flows, log data, firewall, and intrusion prevention system (IPS) data. You can maintain real-time visibility of the vulnerabilities that are detected by the built-in QRadar Vulnerability Manager scanner and other third-party scanners. 4 2015 IBM Corporation

Advantages of IBM Security QRadar Vulnerability Manager : Helps prevent security breaches by discovering and highlighting over 70,000 known dangerous default settings, mis-configurations, software features and vendor flaws. Provides a consolidated vulnerability view across major vulnerability products and technologies. Adds context to identify key vulnerabilities and reduce false positives. Integrates with IBM QRadar Security Intelligence Platform for easy installation, faster time to value and reduced deployment cost. Performs intelligent, customizable scheduled and event-driven scanning, asset discovery and asset profiling for 360-degree, enterprise-wide visibility to your network. 5 2015 IBM Corporation

Accessing Vulnerabilities Tab : You access IBM Security QRadar Vulnerability Manager by using the Vulnerabilities tab. Depending on the product that you install and whether you upgrade QRadar or install a new system, the Vulnerabilities tab might not be displayed. 1. If you install QRadar SIEM, the Vulnerabilities tab is enabled by default with a temporary license key. 2. If you install QRadar Log Manager, the Vulnerabilities tab is not enabled. 3. Depending on how you upgrade QRadar, the Vulnerabilities tab might not be Enabled. To use QRadar Vulnerability Manager after an install or upgrade you must upload and allocate a valid license key. For more information, you can refer Administration Guide. 6 2015 IBM Corporation

Vulnerability Tab : ( System and License management ) : 7 2015 IBM Corporation

Vulnerability Tab : ( System and License management ) : 8 2015 IBM Corporation

Vulnerability Dashboard : 9 2015 IBM Corporation

QVM Processor and Scanner : IBM QRadar Vulnerability Manager has the following deployable components One processor : It handles scan profiles, results, and vulnerability information It often runs on the console; some appliances allow the processor to run on a managed host It is not supported on data nodes It uses HTTPS to poll results from the cloud-based scanner It listens on port 9999 for TCP connections One or more scanners : They scan the assets All appliances except data nodes can run the scanner The number of scanners is not currently limited by license Firewalls must permit unidirectional TCP connections from each scanner to port 9999 of the appliance running the processor, in addition to the ports used by other QRadar components 102015 IBM Corporation

QVM processor and QVM scanner appliance Activation Keys : You can scan and process your vulnerabilities by using dedicated QRadar Vulnerability Manager managed host appliances. When you install a processor or scanner managed host appliance, you must type a valid activation key. The activation key is a 24-digit, four part, alphanumeric string that you receive from IBM. The activation key specifies which software modules apply for each appliance type: 1. The QRadar Vulnerability Manager processor appliance includes vulnerability processing and scanning components. 2. The QRadar Vulnerability Manager scanner appliance includes only a vulnerability scanning component. For more information about installing a managed host appliance, refer Installation Guide. 112015 IBM Corporation

If required, you can move the vulnerability processor from your QRadar console to a dedicated QRadar Vulnerability Manager managed host appliance. For example, you might move your vulnerability processing capability to a managed host to minimize disk space impact on your QRadar console. NOTE : You can have only one vulnerability processor in your deployment. Also, you must deploy the vulnerability processor only on a QRadar console or QRadar Vulnerability Manager managed host processor appliance. 1. Deploy a dedicated QRadar Vulnerability Manager processor appliance : Install a dedicated QRadar Vulnerability Manager managed host processor appliance. Add the managed host processor appliance to your deployment by using the deployment editor. When you select the managed host option in the deployment editor, the processor is automatically removed from the QRadar console. 2. Move the vulnerability processor from your console to your managed host : If the vulnerability processor is on your QRadar console, then later you can move your vulnerability processor to a previously installed QRadar Vulnerability Manager managed host processor appliance. 122015 IBM Corporation

Scanning the Assets in DMZ : In IBM Security QRadar Vulnerability Manager, you can connect to an external scanner and scan the assets in your DMZ for vulnerabilities. To scan the assets in your DMZ, you must configure your network and inform IBM of the assets that you want to scan. If you want to scan the assets in the DMZ for vulnerabilities, you do not need to deploy a scanner in your DMZ. You must configure QRadar Vulnerability Manager with a hosted IBM scanner that is located outside your network. Detected vulnerabilities are processed by the processor on either your Qradar console or QRadar Vulnerability Manager managed host. Procedure : 1. Configure your network and assets for external scans. 2. Configure QRadar Vulnerability Manager to scan your external assets. To scan the assets in your DMZ, you must configure your network and inform IBM of the assets that you want to scan. Procedure : 1. Configure outbound internet access on port 443. 2. Send the following information to QRadar-QVM-HostedScanner@hursley.ibm.com: 132015 IBM Corporation a. Your organization's external IP address. Restriction: The IP address must be configured before you can run external scans. b. The IP address range of the assets in your DMZ.

IBM Security QRadar Vulnerability Manager Integrations : IBM Security QRadar Vulnerability Manager integrates with other security products to help you manage and prioritize your security risks. -- IBM Security QRadar Risk Manager You can integrate QRadar Vulnerability Manager with QRadar Risk Manager by defining and monitoring asset or vulnerability risk policies. When the risk policies that you define in QRadar Risk Manager either pass or fail, then the vulnerability risk scores in QRadar Vulnerability Manager are adjusted. -- IBM Endpoint Manager integration Depending on whether you installed and integrated IBM Endpoint Manager, QRadar Vulnerability Manager provides different information to help you remediate vulnerabilities. -- IBM Security SiteProtector integration QRadar Vulnerability Manager integrates with IBM Security SiteProtector to help direct Intrusion Prevention System (IPS) policy. When you configure SiteProtector, the vulnerabilities that are detected by scans are automatically forwarded to SiteProtector. SiteProtector receives vulnerability data from QRadar Vulnerability Manager scans that are performed only after the integration is configured. 142015 IBM Corporation

Vulnerability Scanning : In IBM Security QRadar Vulnerability Manager, all network scanning is controlled by the scan profiles that you create. You can create multiple scan profiles and configure each profile differently depending on the specific requirements of your network. Scan profiles : Use scan profiles to do the following tasks: 1. Specify the network nodes, domains, or virtual domains that you want to scan. 2. Specify the network assets that you want to exclude from scans. 3. Create operational windows, which define the times at which scans can run. 4. Manually run scan profiles or schedule a scan to run at a future date. 5. Use centralized credentials to run Windows, UNIX, or Linux operating systems. 6. Scan the assets from a saved asset search 152015 IBM Corporation

Scan profiles : 162015 IBM Corporation

Running Scan Profile : 172015 IBM Corporation

Initiating Scan by right- click : 182015 IBM Corporation

Rules can trigger Scan : Use rules to trigger a scan if a new asset appears on the network. 192015 IBM Corporation

Authenticated Patch Scan : In IBM Security QRadar Vulnerability Manager, you can scan using community names and run authenticated patch scans for Windows, Linux, and UNIX operating systems. -- To scan Linux operating systems by using secure authentication, you can configure public key encryption between your console or managed host and your scan targets. Centralized credential sets : When you run authenticated scans, you can use a central list that stores the login credentials for your Linux, UNIX, or Windows operating systems. Your system administrator must configure the list of credentials. 202015 IBM Corporation

Scan Policies : In IBM Security QRadar Vulnerability Manager, a scan policy is associated with a scan profile and is used to control a vulnerability scan. For example, you can configure the scanning protocol, scanned ports, or the scan tools that are used during a scan. You can create a new scan policy or copy and modify a pre-configured policy that is distributed with QRadar Vulnerability Manager. If your scanning requirements change, you can modify the scan policy in one central location, rather than updating each scan profile. Pre-configured scan policies : The following pre-configured scan policies are distributed with Qradar Vulnerability Manager: 1. Full scan 2. Discovery scan 3. Database scan 4. Patch scan 5. PCI scan 6. Web scan 212015 IBM Corporation

Vulnerability Scan Investigations : In IBM Security QRadar Vulnerability Manager, you can investigate summary asset and vulnerability data for each scan. Scan Result Page : 1. The progress of a scan and the scanning tools that are queued and running. 2. The status of a scan. For example, a scan with a status of Stopped indicates that the scan completed successfully or was canceled. 3. The degree of risk that is associated with each completed scan profile. Risk is indicated by the Score column and shows the total Common Vulnerability Scoring System (CVSS) score for the completed scan profile. 4. The total number of assets that were found by the scan. 5. The total number of vulnerabilities that were discovered by the completed scan profile. 6. The total number of open services that were discovered by the completed scan profile. 222015 IBM Corporation

Asset risk levels and vulnerability categories : Risk score : Each vulnerability that is detected on your network has a risk score that is calculated by using the Common Vulnerability Scoring System (CVSS) base score. A high risk score provides an indication of the potential for a vulnerability exploitation Vulnerability counts and categories : The Scan Results Hosts page shows the total number of vulnerabilities and open services that were discovered on every scanned asset. Asset, vulnerability, and open services data : Summary information about the asset that you scanned, includes the operating system and network group. A list of the vulnerabilities or open services that were discovered on the scanned asset. Various ways of categorizing and ordering your list of vulnerabilities or open services for example, Risk, Severity, and Score. To identify the assets with the highest number of vulnerabilities, click the Vulnerability Instances column heading to order your assets. Vulnerability risk and PCI severity : In IBM Security QRadar Vulnerability Manager, you can review the risk and payment card industry (PCI) severity for each vulnerability that is found by a scan. You can review the following information: 1. The risk level that is associated with each vulnerability. 2. The number of assets in your network on which the specific vulnerability was found. 232015 IBM Corporation

Management of Vulnerabilities : You can email the configured asset technical owners to alert them of the scan schedule. You can also email reports to asset owners. In IBM Security QRadar Vulnerability Manager, you can manage, search, and filter your vulnerability data to help you focus on the vulnerabilities that pose the greatest risk to your organization. The vulnerability data that is displayed is based on the vulnerability status information that is maintained in the QRadar asset model. This information includes vulnerabilities that are found by the QRadar Vulnerability Manager scanner and the vulnerabilities that are imported from external scanning products. 242015 IBM Corporation

Manage your vulnerabilities to provide the following information: 1. A network view of your current vulnerability posture. 2. Identify vulnerabilities that pose the greatest risk to your organization and assign vulnerabilities to QRadar users for remediation. 3. Establish how widely your network is impacted by vulnerabilities and display detailed information about the network assets that contain vulnerabilities. 4. Decide which vulnerabilities pose less risk to your organization and create vulnerability exceptions. 5. Display historical information about the vulnerabilities on your network. 6. Display vulnerability data by network, asset, vulnerability, open service, or vulnerability instance. Vulnerability Instances : In IBM Security QRadar Vulnerability Manager, you can display the vulnerabilities on each of the scanned assets in your network. Each vulnerability might be listed multiple times because the vulnerability exists on several of your assets -- Network vulnerabilities : review vulnerability data that is grouped by network. -- Asset vulnerabilities : display summary vulnerability data that is grouped by each scanned asset. -- Open service vulnerabilities : display vulnerability data that is grouped by open service. 252015 IBM Corporation

Manage Vulnerabilities : By Network Manage Vulnerabilities : By Vulnerability 262015 IBM Corporation

Manage Vulnerabilities : By Open Services 272015 IBM Corporation

Investigating high risk Assets and Vulnerabilities : In IBM Security QRadar Vulnerability Manager, you can investigate high risk vulnerabilities that might be susceptible to exploitation. Procedure : 1. Click the Vulnerabilities tab. 2. In the navigation pane, click Manage Vulnerabilities. 3. On the By Vulnerability Instances page, click the Risk Score column heading to sort the vulnerabilities by risk score. 4. To investigate the CVSS metrics that are used to derive the risk score, hover your mouse on the Risk Score field. 5. Identify the vulnerability that has the highest score and click the Vulnerability link. 6. In the Vulnerability Details window, investigate the vulnerability: a. To view the IBM Security Systems website, click the X-Force link. b. To view the National Vulnerability Database website, click the CVE c. To open the Patching window for the vulnerability, click the Plugin Details link d. The Solution text box contains detailed information about how to remediate a vulnerability 282015 IBM Corporation

Prioritizing high risk vulnerabilities by applying risk policies : In IBM Security QRadar Vulnerability Manager, you can alert administrators to higher risk vulnerabilities by applying risk policies to your vulnerabilities. When you apply a risk policy, the risk score of a vulnerability is adjusted, allowing administrators to prioritize more accurately the vulnerabilities that require immediate attention. Configuring custom display colors for risk scores : Configure custom color coding for IBM Security QRadar Vulnerability Manager risk scores to view color-coded risk scores in QRadar Vulnerability Manager interfaces. 292015 IBM Corporation

Vulnerability Exception Rules : In IBM Security QRadar Vulnerability Manager, you can configure exception rules to minimize the number of false positive vulnerabilities. When you apply exception rules to vulnerabilities, you reduce the number of vulnerabilities that are displayed in search results. If you apply an exception rule, the vulnerability is no longer displayed in Qradar Vulnerability Manager search results. However, the vulnerability is not removed from QRadar Vulnerability Manager. If you receive new information about a vulnerability, you can update or remove an existing vulnerability exception rule. NOTE : If you delete a vulnerability exception rule, no warning is displayed. The vulnerability is immediately deleted. 302015 IBM Corporation

Vulnerability Remediation : In QRadar Vulnerability Manager, you can assign vulnerabilities to a technical user for remediation. You can assign vulnerabilities to your technical user by using two methods. 1. Assign individual vulnerabilities to a technical user for remediation. 2. Assign a technical user as the owner of asset groups You can automatically email reports to your technical users with the details of vulnerabilities that they are responsible for fixing. You can configure the remediation times for different types of vulnerabilities. You can update the remediation times for vulnerabilities that are based on their risk and severity. 312015 IBM Corporation

Vulnerability Reports : In IBM Security QRadar Vulnerability Manager, you can generate or edit an existing report, or use the report wizard to create, schedule, and distribute a new report. QRadar Vulnerability Manager contains several default reports. When you assign vulnerabilities to a technical user for remediation, you can generate a report that emails the technical user. The email contains information about the vulnerabilities that the technical user must remediate. An emailed report reminds your administrators that vulnerabilities are assigned to them and require remediation. Reports can be scheduled monthly, weekly, daily, or hourly. In IBM Security QRadar Vulnerability Manager, you can generate a compliance report for your PCI (payment card industry) assets. For example, generate a report for assets that store credit card or other sensitive financial information. The compliance report demonstrates that you took all the security precautions necessary to protect your assets. 322015 IBM Corporation

Locating prepared templates for vulnerability reports : Reports for vulnerabilities work the same as other reports : Navigate to the Reports tab Display the prepared report templates for vulnerability management 332015 IBM Corporation

Vulnerability Research, News, and Advisories : You can use IBM Security QRadar Vulnerability Manager to remain aware of the vulnerability threat level and manage security in your organization. A vulnerability library contains common vulnerabilities that are gathered from a list of external sources. The most significant external resource is the National Vulnerability Database (NVD). You can research specific vulnerabilities by using a number of criteria for example, vendor, product, and date range. You might be interested in specific vulnerabilities that exist in products or services that you use in your enterprise. QRadar Vulnerability Manager also provides a list of security-related news articles and advisories, gathered from an external list of resources and vendors. Articles and advisories are a useful source of security information from around the world. Articles also help you to keep up-to-date with current security risks. In IBM Security QRadar Vulnerability Manager, you can view the vulnerability advisories that are issued by software vendors. Use advisory information to help you identify the risks in your technology, and understand the implications of the risk. You can search the vulnerability news and advisories that are issued by software vendors. 342015 IBM Corporation

Log Collection for Support : a. Collect get_logs from both QVM Processor and Console : Run following commad to collect the get_logs. # /opt/qradar/support/get_logs.sh -os Upload the logs for support review. b. Collecting QVM DB dump : # pg_dump -p15433 fusionvm -U postgres > /root/fusionvm.sql Zip-up the fusionvm.sql and share with support. c. If possible; attach snap shots of the issue for better understanding of issue. 352015 IBM Corporation

Issues observed and initial remediation : a. Error message returned when attempting to upload QVM license. ( APAR IV67786 ) A QVM license that contains an identical serial number as the console license cannot upload into System and License Management. The error message generated is: "The uploaded license key is identical to another key: 'null'. Contact q1pd@us.ibm.com to request a replacement QVM license. Issue resolved in QRadar SIEM to 7.2.5.0 b. Scan Summary report displays information from previously scanned target. When a previously used QVM scan profile is edited to scan a different target, the Scan Summary Report will display the results from the new target and the previous target that was scanned prior to the scan profile being edited. Use a newly created scan profile when required to scan a new target. 362015 IBM Corporation

c. QRadar system notification that refers to ''QVMScanCompleteListener has reached full capacity. QVM - QRadar system notification that appears as: 127.0.0.1 [assetprofiler.assetprofiler] [AssetStatisticsWorkerThread] com.q1labs.assetprofile.changepublisher.assetchangepublisher: [WARN] [NOT:0010004107] [127.0.0.1/- -] [-/- -]Asset Change Listener Queue com.q1labs.assetprofile.qvm.erule.qvmscancompletelistener has reached full capacity on disk and is dropping incoming asset events. Expect data loss. This message is benign and is caused by a race condition of an unexpected shutdown of one process prior to another during a Deploy. Issue already resolved in 7.2.4, however still you get the notifications contact Support for help. 372015 IBM Corporation

d. Inaccurate Vulnerability Scan takes place when LOW bandwidth is set in a scan profile. If a scan profile is created that has "Low" bandwidth set then not all hosts are discovered correctly which means an accurate vulnerability scan does not take place. Use medium or full bandwidth in scan profile. 382015 IBM Corporation

Vulnerabilities Report tables do not display correctly in PDF and RTF : Columns in some Vulnerabilities Report tables are cut off in PDF and RTF documents. Some table columns in the resultant PDF or RTF document are not displayed when you create a PDF or RTF report with the following parameters: Chart type - Vulnerabilities Graph type - Table Data to use - Current Group by Instance The large number of table columns cannot fit on a standard landscape US Letter page. Work around: Do not use the PDF or RTF output for this type of report. View Vulnerabilities Reports that use Group by Instance in a spreadsheet or XML format. To export the report, select XLS or XML as the report format in the Report Wizard. 392015 IBM Corporation

Reference Links :: Opening PMR : http://www.ibm.com/support IBM Support Portal for QRadar : http://www- 947.ibm.com/support/entry/portal/overview/software/security_systems/ibm_security_qradar_siem Product Documentation : http://www-01.ibm.com/support/docview.wss?uid=swg27044166 Security Forums : https://www.ibm.com/developerworks/community/forums/html/category?id=33333333-0000-0000-0000-000000000528 https://www.ibm.com/developerworks/community/groups/service/html/communityview? communityuuid=48a78681-82cc-434f-9c78-3e9117bfd466 Opening Feature Request : http://www-01.ibm.com/support/docview.wss?uid=swg21641764 402015 IBM Corporation 40 7/13/15

Questions & Answers 412015 IBM Corporation

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information