Microsoft SCCM scanner overview

IBM® QRadar® imports scan reports from Microsoft System Center Configuration Manager (SCCM) scanners.

The Microsoft SCCM scanner collects the following information:

  • Asset information
    • name
    • NetBIOS name, OS and version
    • IP addresses
    • MAC addresses
  • Installed patches
  • Pending patches
    Note: Pending patches might or might not have a vulnerability reference.
To integrate a Microsoft SCCM scanner, complete the following steps:
  1. On your Microsoft SCCM scanner, configure WMI enablement.
  2. If automatic updates are not enabled on your QRadar Console, download and install the Microsoft SCCM RPM.
  3. On your QRadar Console, add a Microsoft SCCM scanner.
  4. On your QRadar Console, create a scan schedule to import scan result data.