Asset management

IBM® Security Risk Manager provides a unified view where you manage an inventory of assets, their risk attributes, and other related details that are used for risk score computation. The entities such as databases, applications, assets, IP addresses, and hostnames are collectively referred to as assets in Risk Manager. The broader view of asset risk information helps you to easily identify critical risks and prioritize mitigation activities.

Threat and asset data

The threat events that are detected on the assets are imported into Risk Manager inventory from the source products for which you configured the data source connections by using the Universal Data Insights service. You can import threat events only from the connections that you are entitled to access the data sources. If you are an admin user for the data sources, you can access all the data source connections and import the data.

Asset details and the associated vulnerability information are imported into Risk Manager inventory from various source products for which you created and configured the connections by using the Connected Assets and Risk service. In Risk Manager, you can also create and manage logical assets to evaluate risks.

Integration with VMS

Risk Manager is integrated with IBM X-Force® Red Vulnerability Management Services (VMS) to obtain enriched vulnerability data that is sourced from various products. VMS uses the Common Vulnerabilities and Exposures (CVE) ID of the vulnerabilities and provides the enriched vulnerability data with more attributes that helps to better prioritize the vulnerability management activities. The enriched data is imported into Risk Manager through the Connected Assets and Risk service at regular intervals. Risk Manager uses the following attributes from VMS to assess the risk from the detected vulnerabilities.

Weaponized exploits: Vulnerabilities with exploits.
Exploit code: Vulnerabilities for which the weaponized code is not needed for exploitation. A weaponized code is a program that is used to exploit a vulnerability.
Attack chain: Vulnerabilities that have an attack chaining capability. An attack chain is a sequence of events that are involved in a security attack.
Actions on objectives: Vulnerabilities with actions on objectives.
Threat score: Security threat score for the vulnerabilities.

In the basic version of Risk Manager, the basic version of VMS is enabled by default to enrich only 250 unique vulnerabilities per day. To enable the VMS subscription for availing the continuous enrichment service, you must have the credentials to access VMS. The VMS credentials must be assigned to the application account.

Integration with Case Management

Risk Manager is integrated with the Case Management application to manage cases that are created to implement the suggested actions to mitigate the identified risks. The asset risk score is updated based on the remediation actions that you implemented.