Configuring the QRadar Vulnerability Insights app

Configure data collection and saved searches to view vulnerability information on the app dashboard.

Before you begin

Verify that the following saved searches are created in IBM® QRadar® Vulnerability Manager.
  • Exploited Instances
  • Remediated Vulnerabilities Last 90 Days
  • Patched Instances

Procedure

  1. Click the Admin tab.
  2. On the navigation menu, click Apps > QRadar Vulnerability Insights.
  3. Click QVI Configuration.
    The following image shows the configuration screen:
    Figure 1. Configuration screen
    QVI Configuration settings
  4. Paste the authorized service token that you created into the Security Token field.
  5. To schedule data collection, set the Enable Scheduled Data Collection switch to on.
    Tip: In QRadar deployments that manage more than 1 million vulnerability instances, schedule the data sync weekly, rather than daily. This is due to the time taken to sync a large number of vulnerabilities to the QVI App. To check the number of active vulnerabilities on the QRadar system, select the Vulnerabilities tab and click on Manage Vulnerabilities.
  6. To start data collection, click Run now.
    Tip: In larger networks, when you click Run now to start the data collection, it might take some time to get all the results back. Wait until the searches are finished before you try to view the data, and run your searches at less busy times to save resources.
  7. To check status, click Refresh Status.
    Tip: If the data collection fails, click Check logs to investigate the issue.
  8. Select a saved search to match each of the corresponding labels in the Saved Searches List.

    For any saved searches that are not created by default, create the saved search in QRadar Vulnerability Manager.

    You must create the Patched Instances, Exploited Instances, and Remediated vulnerabilities last 90 days saved searches. The remaining saved searches are created in QRadar Vulnerability Manager by default.

    The following list shows the saved searches that you use:
    • Patched Instances
    • Exploited Instances
    • Remediated vulnerabilities last 90 days
    • Default All
    • New Early Warnings
    • Vulnerabilities Published Last 30 Days
    • Default Passwords
  9. Optional: To enable Trending Vulnerabilities on the dashboard, turn on X-Force Configuration, type your IBM X-Force® Exchange API Key and Password.
    Obtaining an API Key and Password (https://api.xforce.ibmcloud.com/doc/#auth).
  10. Optional: To configure a proxy server for communication with IBM X-Force Exchange, turn on Proxy Configuration, and enter the following information for your proxy server:
    • Protocol
    • IP Address
    • Port
    • User name
    • Password
  11. Click Save.