Creating and triggering an endpoint assessment scan

Edit online

Use the Vulnerability Management component of IBM Data Risk Manager to create and run the assessment scan in IBM QRadar Security Intelligence Platform to identify endpoint vulnerabilities.

Before you begin

Ensure that IBM Data Risk Manager is integrated with IBM QRadar Security Intelligence Platform. For more information about integration, see Integrating IBM QRadar Security Intelligence Platform with IBM Data Risk Manager.

Procedure

  1. Log on to IBM Data Risk Manager Application Suite (https://<IDRM-Server-IP-Address>:8443/albatross/a3suite).
  2. Click the application menu icon Application menu icon.
  3. Click Vulnerability Management.
  4. Select a program from the list.
  5. Click Create New Assessment.
  6. On the Create New Assessment page, set the following options and click Create Assessment.
    Option Description
    Assessment Name IBM QRadar Security Intelligence Platform endpoint assessment name.
    Scan Type Scan type, for example, Server Vulnerability Scanner.
    Run on IBM QRadar Security Intelligence Platform adapter instance for running the vulnerability assessment process.
  7. Under Scope of Assessment, add data sources to the transaction based on the scope or last scan days. You can add multiple data sources.
  8. Click Add Scope to Transaction.
  9. Under Pending Transactions on the Transaction View, click the Start Process icon Start process icon.
  10. Select Scan Now.

    To schedule the scan later, select Scan Later.

    To save transaction details after completion of the process under Pending Transactions for reuse, select Replica.

  11. To run the process, click the Trigger Assessment icon Trigger assessment icon.