Supported vulnerability scanners

Vulnerability data can be collected from several manufacturers and vendors of security products. If the scanner deployed in your network is not listed in this document, you can contact your sales representative to review support for your appliance.

What do you do if the product version or device you have is not listed in the IBM QRadar Vulnerability Assessment Configuration Guide?

Sometimes a version of a vendor product or a device is not listed as supported. If the product or device is not listed, follow these guidelines:

Version not listed
If the scanner is for a product that is officially supported by IBM® QRadar®, but the version that is listed in the IBM QRadar Vulnerability Assessment Configuration Guide appears to be out-of-date, try the scanner to see whether it works. The product versions that are listed in the guide are versions that are tested by IBM, but newer untested versions might also work. In most cases, no changes are necessary, or at most a minor update might be all that is required. Software updates by vendors might on rare occasions add or change event formats that break the scanner, requiring an RFE for the development of a new integration. This scenario is the only case where an RFE is required. In either event, open a support ticket for a review of the log source to troubleshoot and rule out any potential issues that are not related to the software version.
Device not listed
When a device is not officially supported, open a request for enhancement (RFE) to have your device become officially supported by following these steps:
  1. Go to the IBM Security SIEM RFE page (https://ibm.biz/BdRPx5).
  2. Log in to the support portal page.
  3. Click the Submit tab and type the necessary information.
Note:

If you have vulnerability data from a scanner, attach it to the RFE and include the product version of the scanner that generated the vulnerability data.

Table 1. Supported vulnerability scanners

Vendor

Scanner name

Supported versions

Configuration name

Connection type

Beyond Security Automated Vulnerability Detection System (AVDS) AVDS Management V12 (minor version 129) and above Beyond Security AVDS Scanner File import of vulnerability data with SFTP
Digital Defense Inc AVS N/A Digital Defense Inc AVS HTTPS
eEye Digital Security eEye REM REM V3.5.6 eEye REM Scanner SNMP trap listener
eEye Retina CS Retina CS V3.0 to V4.0 Database queries over JDBC
Generic Axis N/A Axis Scanner File import of vulnerability data with SFTP
IBM IBM AppScan® Enterprise V8.6 to V9.0.3.10 IBM AppScan Scanner IBM REST web service with HTTP or HTTPS
IBM InfoSphere® Guardium® v9.0 and above IBM Guardium SCAP Scanner File import of vulnerability data with SFTP
IBM BigFix® V8.2x to V9.5.2 IBM BigFix Scanner SOAP-based API with HTTP or HTTPS
IBM InfoSphere SiteProtector V2.9.x IBM SiteProtector Scanner Database queries over JDBC
IBM

Tivoli®

Now known as IBM BigFix

     
Juniper Networks NetScreen Security Manager (NSM) Profiler 2007.1r2 Juniper NSM Profiler Scanner Database queries over JDBC
2007.2r2
2008.1r2
2009r1.1
2010.x
McAfee Vulnerability Manager
Note: The McAfee Vulnerability Manager scanner for QRadar is deprecated.
     
Microsoft Microsoft System Center Configuration Manager (SCCM) Microsoft Windows Microsoft SCCM DCOM must be configured and enabled
nCircle or Tripwire IP360 VnE Manager V6.5.2 to V6.8.28 nCircle ip360 Scanner File import of vulnerability data with SFTP
netVigilance SecureScout V2.6 SecureScout Scanner Database queries over JDBC
Open source NMap V3.7 to V6.0 NMap Scanner File import of vulnerability data over SFTP with SSH command execution
Outpost24 Outpost24 HIAB V4.1

OutScan V4.1

Outpost24 API over HTTPS
Qualys QualysGuard V4.7 to V8.1 Qualys Scanner APIv2 over HTTPS
Qualys QualysGuard V4.7 to V8.1 Qualys Detection Scanner API Host Detection List over HTTPS
Rapid7 Nexpose

V4.x to V6.5

Rapid7 Nexpose Scanner Remote Procedure Call (RPC) over HTTPS
Local file import of XML file over SCP or SFTP to a local directory
Saint Corporation Security Administrator's Integrated Network Tool (SAINT) V7.4.x Saint Scanner File import of vulnerability data over SFTP with SSH command execution
Tenable SecurityCenter V4 and V5 Tenable SecurityCenter JSON request over HTTPS
Tenable Nessus

Tenable provides an integration with QRadar by using its Tenable.sc and Tenable.io platforms to address the needs of enterprise customers. For more information about Nessus APIs, see the A Clarfication about Nessus Professional blog by Tenable (https://www.tenable.com/blog/a-clarification-about-nessus-professional).

As of December 2018, Tenable officially removed support for Nessus APIs. As a result, Tenable does not support direct integration between Nessus and IBM QRadar.