Vulnerability search parameters
In IBM® QRadar® Vulnerability Manager, you can search your vulnerability data and save the searches for later use.
The following table is not a complete list of vulnerability search parameters, but a subset of the available options.
Select any of the parameters to search and display vulnerability data.
| Option | Description |
|---|---|
| Access Complexity | The complexity of the attack that is required to exploit a vulnerability. |
| Access Vector | The network location from where a vulnerability can be exploited. |
| Asset saved search | The host, IP address, or range of IP addresses associated with a saved asset search. For more information about saving asset searches, see the Users Guide for your product. |
| Assets with Open Service | Assets that have specific open services. For example, HTTP, FTP, and SMTP. |
| Authentication | The number of times an attacker must authenticate against a target to exploit a vulnerability. |
| Availability Impact | The level that resource availability can be compromised if a vulnerability is exploited. |
| Confidentiality Impact | The level of confidential information that can be obtained if a vulnerability is exploited. |
| Days since asset found | The elapsed number of days since the asset with the vulnerability was discovered on your network. Assets can be discovered either by an active scan or passively by using log or flow analysis. |
| Days since associated vulnerability service traffic | Displays vulnerabilities on assets with associated layer 7 traffic to or from an asset, based on the elapsed number of days since the traffic was detected. |
| Domain | If you configured IBM QRadar for multi-domain systems, use this option to specify the domain you want to search for vulnerabilities. |
| By Open Service | Search for vulnerabilities that are associated with particular open services such as, HTTP, FTP, and SMTP. |
| External Reference of type | Vulnerabilities that have an associated HCL BigFix Fixlet. By using this parameter, you can show only those vulnerabilities without an available patch. |
| Impact | The potential impact to your organization. For example, access control loss, downtime, and reputation loss. |
| Include early warnings | Include newly published vulnerabilities that are detected in your network and are not present in any scan results. |
| Include vulnerability exceptions | Those vulnerabilities with an exception rule applied. |
| Integrity Impact | The level to which system integrity might be compromised if a vulnerability is exploited. |
| Only include assets with risk | Vulnerabilities that pass or fail specific risk policies that are defined and monitored in IBM QRadar Risk Manager. Note: You
must monitor at least one question in the Policy Monitor page
on the Risks tab to use this search parameter.
|
| Only include assets with risk passed | Vulnerabilities that pass specific risk policies that are defined and monitored in QRadar Risk Manager. |
| Only include early warnings | Include only newly published vulnerabilities that are detected in your network and are not present in any scan results. |
| Only include Vulnerability Exceptions | Include only vulnerabilities with an exception rule applied in your search. |
| Overdue by Days | Search for vulnerabilities that are overdue for remediation by a specified number of days. |
| Patch Status | Filter vulnerabilities by patch status. For more information, see Identifying the patch status of your vulnerabilities. |
| PCI Severity | Search for vulnerabilities by the PCI Severity level (High, Medium, or Low) assigned by the PCI compliance service. Vulnerabilities assigned a High or Medium PCI Severity level fail PCI compliance. |
| Quick Search | You can search for a vulnerabilities title, description, solution, and external reference ID. In the Quick Search field, you can use AND, OR, and NOT operators, and brackets. |
| Risk | Search for vulnerabilities by risk level (High, Medium, Low, Warning). |
| Unassigned | Search for vulnerabilities with no assigned user to remediate them. |
| Vulnerability External Reference | Vulnerabilities that are based on an imported list of vulnerability IDs, for example CVE ID. For more information about Reference Sets, see the Administration Guide for your product. |
| Vulnerability has a virtual patch from vendor | Vulnerabilities that can be patched by an intrusion prevention system. |
| Vulnerability state | The status of the vulnerability since the last scan of your network or specific network assets. For example, when you scan assets, the vulnerabilities that are discovered are either New, Pre-existing, Fixed, or Existing. |
| Vulnerability with risk | Filter vulnerabilities by risk policy results. You must monitor at least one question in the Policy Monitor page on the Risks tab to use this search parameter. |