Network scan targets and exclusions

In IBM® QRadar® Vulnerability Manager, you can provide information about the assets, domains, or virtual webs on your network that you want to scan.

You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your local sales representative or IBM Customer Support (www.ibm.com/support/).

Use the Details tab on the Scan Profile Configuration page to specify the network assets that you want to scan.

You can exclude a specific host or range of hosts that must never be scanned. For example, you might restrict a scan from running on critical servers that are hosting your production applications. You might also want to configure your scan to target only specific areas of your network.

QRadar Vulnerability Manager integrates with QRadar by providing the option to scan the assets that form part of a saved asset search.

Scan targets

You can specify your scan targets by defining a CIDR range, IP address, IP address range, or a combination of all three.

Domain scanning

You can add domains to your scan profile to test for DNS zone transfers on each of the domains that you specify.

A host can use the DNS zone transfer to request and receive a full zone transfer for a domain. Zone transfer is a security issue because DNS data is used to decipher the topology of your network. The data that is contained in a DNS zone transfer is sensitive and therefore any exposure of the data might be perceived as a vulnerability. The information that is obtained might be used for malicious exploitation such as DNS poisoning or spoofing.

Scans that used saved asset searches

You can scan the assets and IP addresses that are associated with a QRadar saved asset search.

Any saved searches are displayed in the Asset Saved Search section of the Details tab.

For more information about saving an asset search, see the Users Guide for your product.

Exclude network scan targets

In Excluded Assets section of the Domain and Web App tab, you can specify the IP addresses, IP address ranges, or CIDR ranges for assets that must not be scanned. For example, if you want to avoid scanning a highly loaded, unstable, or sensitive server, exclude these assets.

When you configure a scan exclusion in a scan profile configuration, the exclusion applies only to the scan profile.

Virtual webs

You can configure a scan profile to scan different URLs that are hosted on the same IP address.

When you scan a virtual web, QRadar Vulnerability Manager checks each web page for SQL injection and cross site scripting vulnerabilities.