Installations and deployments

Depending on the product that you install and whether you upgrade IBM® QRadar® or install a new system, the Vulnerabilities tab might not be displayed.

You access IBM® Security QRadar Vulnerability Manager by using the Vulnerabilities tab:

  • If you install QRadar SIEM, the Vulnerabilities tab is enabled by default with a temporary license key.
  • If you install QRadar Log Manager, the Vulnerabilities tab is not enabled. You can purchase the license for QRadar Vulnerability Manager separately and enable it by using a license key.

For more information about upgrading, see the IBM QRadar Upgrade Guide.

QRadar Vulnerability Manager license

To use QRadar Vulnerability Manager after an install or upgrade, you must upload and allocate a valid license key. For more information, see the Administration Guide. The license for QRadar Vulnerability Manager license is applied and processed in real time to QRadar Vulnerability Manager scanned assets that have at least one IP address. The QRadar Vulnerability Manager scan must fall within the configured retention time for the IP address of the asset.

  1. From the Admin tab, click the Asset Profiler Configuration
  2. Find the Asset IP Retention (In Days) row to edit the asset IP retention value.
  3. Change the retention value or check that it is suitable for your needs. The default asset IP retention value is 120 days.

QRadar Vulnerability Manager and QRadar Risk Manager licenses

IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are combined into one offering and both are enabled through a single base license. The combined offering provides an integrated network scanning and vulnerability management workflow. With the base license, you are entitled to use QRadar Vulnerability Manager to scan up to 256 assets. You can integrate QRadar Risk Manager with up to 50 standard configuration sources. If you are entitled to either QRadar Vulnerability Manager or QRadar Risk Manager, you are automatically entitled to the base license allowance for the other product. You require extra licenses to scan more than 256 assets or to integrate with more than 50 configuration sources.

Vulnerability processing and scanning deployments

When you install and license QRadar Vulnerability Manager, a vulnerability processor is automatically deployed on your QRadar console. A processor is not automatically deployed if you use a software activation key on your QRadar console.

The vulnerability processor provides a scanning component by default. If required, you can deploy more scanners, either on dedicated QRadar Vulnerability Manager managed host scanner appliances or QRadar managed hosts. For example, you can deploy a vulnerability scanner on an Event Collector or QRadar QFlow Collector.

If required, you can move the vulnerability processor to a different managed host in your deployment. You might move the processor to preserve disk space on your QRadar console.

Restriction: You can have only one vulnerability processor in your deployment. You can move the vulnerability processor only to a dedicated QRadar Vulnerability Manager processor appliance. You can't add a vulnerability processor to the QRadar Flow Processor 1728 appliance.
You can add the vulnerability processor to the following QRadar appliances: 600, 700, 8099, 8024, 8000, 3124, 8026, 2100, 3199, 3126, 8021, and 3100.

Auto updates and vulnerability information

When you run the auto update, you get the most recent vulnerability metadata and scan tools that are available. Configure your auto updates through an internet connection or from a local offline server. Typically, vulnerability metadata and scan tools are updated weekly.

As a best practice, ensure that you run auto updates after you install a QRadar software update. Run auto update from the Admin tab, by clicking the Auto Update icon.

For more information about installing QRadar auto updates, see the IBM QRadar Administration Guide.