IBM Support

QRadar xSeries Appliances: Integrated Management Module (IMM) Common Ports (Updated)

Troubleshooting


Problem

Compliance audits might identify open ports on QRadar xSeries appliances due to Intergated Management Modules (IMM) that have listeners open for remotely managing xSeries Hardware. These ports might be identified during a port scan.

Symptom

Scan report returned by IBM or third-party scanners might return results during a security audit that the following ports are listening on IBM Security QRadar xSeries Appliances:

  • UDP 427
  • TCP 443
  • TCP 3389
  • TCP 3900
  • TCP 5900

Cause

The root cause is scanner products that locate open ports required by the IBM Integrated Management Module (IMM) for managing IBM xSeries appliances. The following products have identified the IMM port values as open listening ports: QRadar Vulnerability Manager, Nessus, and Nmap scanners.

Diagnosing The Problem

Investigations can show port 427, 443, 3389, 3900 and 5900 as open when the QRadar appliance is scanned during routine security audits.

Resolving The Problem

During a security audit, an administrator requested information on ports UDP 427, TCP 443, TCP 3389, TCP 3900, and TCP 5900 that were identified as open ports during a scan. The ports identified during the scan belonged to the Integrated Management Module (IMM).

The ports required for IMM are listed at the following website:
TCP/IP ports on the CMM and IMM2 management processors

Port descriptions:



[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.3;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
27 October 2021

UID

swg21662075