QRadar public servers

To provide you with the most current security information, IBM® QRadar® requires access to a number of public servers and RSS feeds.

Public servers

Table 1. Public servers that QRadar must access. This table lists descriptions for the IP addresses or host names that QRadar accesses.
IP address or hostname Description
194.153.113.31 IBM QRadar Vulnerability Manager DMZ scanner
194.153.113.32 QRadar Vulnerability Manager DMZ scanner
auto-update.qradar.ibmcloud.com/ QRadar auto-update servers.

For more information about auto-update servers, see QRadar: Important auto update server changes for administrators (https://www.ibm.com/support/pages/node/6244622).

update.xforce-security.com X-Force® Threat Feed update server
license.xforce-security.com X-Force Threat Feed licensing server

RSS feeds for QRadar products

Table 2. RSS feeds . The following list describes the requirements for RSS feeds that QRadar uses. Copy URLs into a text editor and remove page breaks before pasting into a browser.
Title URL Requirements
Security Intelligence http://feeds.feedburner.com/SecurityIntelligence QRadar and an Internet connection
Security Intelligence Vulns / Threats http://securityintelligence.com/topics/vulnerabilities-threats/feed QRadar and an Internet connection
IBM My Notifications http://www-945.events.ibm.com/systems/support/myfeed/xmlfeeder.wss?feeder.requid=

feeder.create_feed&feeder.feedtype=RSS&feeder.uid=270006EH0R&feeder.subscrid=

S14b5f284d32&feeder.subdefkey=swgother&feeder.maxfeed=25

 QRadar and an Internet connection
Security News http://IP_address_of_QVM_processor

:8844/rss/research/news.rss

 IBM QRadar Vulnerability Manager processor is deployed
Security Advisories http://IP_address_of_QVM_processor

:8844/rss/research/advisories.rss

 QRadar Vulnerability Manager processor is deployed
Latest Published Vulnerabilities http://IP_address_of_QVM_processor

:8844/rss/research/vulnerabilities.rss

 QRadar Vulnerability Manager processor deployed
Scans Completed http://IP_address_of_QVM_processor

:8844/rss/scanresults/completedScans.rss

 QRadar Vulnerability Manager processor is deployed
Scans In Progress http://IP_address_of_QVM_processor

:8844/rss/scanresults/runningScans.rss

 QRadar Vulnerability Manager processor is deployed