Creating saved searches for QRadar Vulnerability Insights

QRadar® Vulnerability Insights extracts vulnerability data from QRadar Vulnerability Manager by using saved searches.

About this task

Four saved searches that are listed in the in QRadar Vulnerability Insights Saved Searches List are created by default and you need only to select them.

Three saved searches are not created in QRadar by default and you must create them so that they are added to your Saved Searches List.

Procedure

  1. Click the Vulnerabilities tab.
  2. In the navigation pane, click Manage Vulnerabilities.
  3. On the toolbar, select Search > New Search , and then enter the criteria for your search.
  4. On the toolbar, click Save Search Criteria.

    The following list describes the three saved searches that you must create for the app:

    Patched Instances

    You must create this saved search by using the following criteria:

    • Patch Status Equals Fixed
    • Include Vulnerability Exceptions Equals No
    • Include Early Warning Equals NO
    • Vulnerability State is Existing
    Exploited Instances

    You must create this saved search by using the following criteria:

    • Days Since Exploit Attempt Greater than or equal to 0
    • Include Vulnerability Exceptions Equals No
    • Include Early Warning Equals NO
    • Vulnerability State is Existing
    Remediated Vulnerabilities Last 90 Days
    You must create this saved search by using the following criteria:
    • Vulnerability State is Fixed
    • Days since vulnerability last seen less than or equal to 90
    • Include Vulnerability Exceptions Equals No
    • Include Early Warnings Equals No
    By default the following four saved searches that the QRadar Vulnerability Insights app uses to get data are created in QRadar by default. You need only to select them on the configuration screen.
    Default All
    • Include Vulnerability Exceptions Equals No
    • Include Early Warning Equals NO
    • Vulnerability State is Existing
    New Early Warnings
    • Only Include Early Warnings Equals Yes
    • Days Since Vulnerabilities Discovered Less than or equal to 1
    Vulnerabilities Published Last 30 Days
    Days Since Vulnerabilities Published Less than or equal to 30
    Default Passwords
    • Include Vulnerability Exceptions Equals No
    • Include Early Warning Equals NO
    • Vulnerability State is Existing
    • Quick Search Equals default AND password
    Note: The data that is displayed on the tiles in the QRadar Vulnerability Insights graph is derived by the saved searches. You can customize the data that is returned by editing the saved search filters to suit your requirements.