Supported vulnerability scanners
Vulnerability data can be collected from several manufacturers and vendors of security products. If the scanner deployed in your network is not listed in this document, you can contact your sales representative to review support for your appliance.
What do you do if the product version or device you have is not listed in the IBM QRadar Vulnerability Assessment Configuration Guide?
Sometimes a version of a vendor product or a device is not listed as supported. If the product or device is not listed, follow these guidelines:
- Version not listed
- If the scanner is for a product that is officially supported by IBM® QRadar®, but the version that is listed in the IBM QRadar Vulnerability Assessment Configuration Guide appears to be out-of-date, try the scanner to see whether it works. The product versions that are listed in the guide are versions that are tested by IBM, but newer untested versions might also work. In most cases, no changes are necessary, or at most a minor update might be all that is required. Software updates by vendors might on rare occasions add or change event formats that break the scanner, requiring an RFE for the development of a new integration. This scenario is the only case where an RFE is required. In either event, open a support ticket for a review of the log source to troubleshoot and rule out any potential issues that are not related to the software version.
- Device not listed
- When a device is not officially supported, open a request for enhancement (RFE) to have your
device become officially supported by following these steps:
- Go to the IBM Security SIEM RFE page (https://ibm.biz/BdRPx5).
- Log in to the support portal page.
- Click the Submit tab and type the necessary information.
If you have vulnerability data from a scanner, attach it to the RFE and include the product version of the scanner that generated the vulnerability data.
|Beyond Security||Automated Vulnerability Detection System (AVDS)||AVDS Management V12 (minor version 129) and above||Beyond Security AVDS Scanner||File import of vulnerability data with SFTP|
|Digital Defense Inc||AVS||N/A||Digital Defense Inc AVS||HTTPS|
|eEye Digital Security||eEye REM||REM V3.5.6||eEye REM Scanner||SNMP trap listener|
|eEye Retina CS||Retina CS V3.0 to V4.0||Database queries over JDBC|
|Generic||Axis||N/A||Axis Scanner||File import of vulnerability data with SFTP|
|IBM||IBM AppScan® Enterprise||V8.6 to V22.214.171.124||IBM AppScan Scanner||IBM REST web service with HTTP or HTTPS|
|IBM||InfoSphere® Guardium®||v9.0 and above||IBM Guardium SCAP Scanner||File import of vulnerability data with SFTP|
|IBM||BigFix®||V8.2x to V9.5.2||IBM BigFix Scanner||SOAP-based API with HTTP or HTTPS|
|IBM||InfoSphere SiteProtector||V2.9.x||IBM SiteProtector Scanner||Database queries over JDBC|
Now known as IBM BigFix
|Juniper Networks||NetScreen Security Manager (NSM) Profiler||2007.1r2||Juniper NSM Profiler Scanner||Database queries over JDBC|
Note: The McAfee Vulnerability Manager scanner for QRadar is deprecated.
|Microsoft||Microsoft System Center Configuration Manager (SCCM)||Microsoft Windows||Microsoft SCCM||DCOM must be configured and enabled|
|nCircle or Tripwire||IP360||VnE Manager V6.5.2 to V6.8.28||nCircle ip360 Scanner||File import of vulnerability data with SFTP|
|netVigilance||SecureScout||V2.6||SecureScout Scanner||Database queries over JDBC|
|Open source||NMap||V3.7 to V6.0||NMap Scanner||File import of vulnerability data over SFTP with SSH command execution|
|Outpost24||API over HTTPS|
|Qualys||QualysGuard||V4.7 to V8.1||Qualys Scanner||APIv2 over HTTPS|
|Qualys||QualysGuard||V4.7 to V8.1||Qualys Detection Scanner||API Host Detection List over HTTPS|
V4.x to V6.5
|Rapid7 Nexpose Scanner||Remote Procedure Call (RPC) over HTTPS|
|Local file import of XML file over SCP or SFTP to a local directory|
|Saint Corporation||Security Administrator's Integrated Network Tool (SAINT)||V7.4.x||Saint Scanner||File import of vulnerability data over SFTP with SSH command execution|
|Tenable||SecurityCenter||V4 and V5||Tenable SecurityCenter||JSON request over HTTPS|
Tenable provides an integration with QRadar by using its Tenable.sc and Tenable.io platforms to address the needs of enterprise customers. For more information about Nessus APIs, see the A Clarfication about Nessus Professional blog by Tenable (https://www.tenable.com/blog/a-clarification-about-nessus-professional).
As of December 2018, Tenable officially removed support for Nessus APIs. As a result, Tenable does not support direct integration between Nessus and IBM QRadar.