Configure data collection and saved searches to view vulnerability information on the app
dashboard.
Before you begin
Verify that the following saved searches are created in IBM®
QRadar® Vulnerability Manager.
Exploited Instances
Remediated Vulnerabilities Last 90 Days
Patched Instances
Procedure
Click the Admin tab.
On the navigation menu, click Apps > QRadar Vulnerability Insights.
Click QVI Configuration.
The following image shows the configuration screen:
Paste the authorized service token that you created into the Security
Token field.
To schedule data collection, set the Enable Scheduled Data Collection
switch to on.
Tip: In QRadar deployments that manage more than 1 million vulnerability instances,
schedule the data sync weekly, rather than daily. This is due to the time taken to sync a large
number of vulnerabilities to the QVI App. To check the number of active vulnerabilities on the
QRadar system, select the Vulnerabilities tab and click on Manage
Vulnerabilities.
To start data collection, click Run now.
Tip: In larger networks, when you click Run now to start the data
collection, it might take some time to get all the results back. Wait until the searches are
finished before you try to view the data, and run your searches at less busy times to save
resources.
To check status, click Refresh Status.
Tip: If the data collection fails, click Check logs to
investigate the issue.
Select a saved search to match each of the corresponding labels in the Saved
Searches List.
For any saved searches that are not created by default, create the saved search in QRadar Vulnerability Manager.
You
must create the Patched Instances, Exploited Instances,
and Remediated vulnerabilities last 90 days saved searches. The remaining saved
searches are created in QRadar Vulnerability Manager by
default.
The following list shows the saved searches that you use:
Patched Instances
Exploited Instances
Remediated vulnerabilities last 90 days
Default All
New Early Warnings
Vulnerabilities Published Last 30 Days
Default Passwords
Optional:
To enable Trending Vulnerabilities on the dashboard, turn on
X-Force Configuration, type your IBM X-Force® Exchange API Key and Password.
Optional:
To configure a proxy server for communication with IBM X-Force Exchange, turn on Proxy
Configuration, and enter the following information for your proxy server: