Categories of QRadar Vulnerability Manager vulnerability checks

IBM QRadar Vulnerability Manager checks for multiple types of vulnerabilities in your network.

Vulnerabilities are categorized into the following broad categories:

Risky default settings
Software features
Misconfiguration
Vendor flaws

Risky default settings

By leaving some default settings in place, you can make your network vulnerable to attacks. The following situations are examples that can make your network vulnerable:

Leaving sample pages or scripts on an IIS installation
Not changing the default password on a 3Com Hub/Switch
Leaving "public" or "private" as an SNMP community name on an SNMP enabled device
Not setting the sa login password on an MS-SQL server

Software features

Some software settings for systems or applications are designed to aid usability but these settings can introduce risk to your network. For example, the Microsoft NetBIOS protocol is useful in internal networks, but if it is exposed to the Internet or an untrusted network segment it introduces risk to your network.

The following examples are software features or commands that can expose your network to risk:

ICMP time stamp or netmask requests
Sendmail expand or verify commands
Ident protocol services that identify the owner of a running process.

Misconfiguration

In addition to identifying misconfigurations in default settings, QRadar Vulnerability Manager can identify a broader range of misconfigurations such as in the following cases:

SMTP Relay
Unrestricted NetBios file sharing
DNS zone transfers
FTP World writable directories
Default administration accounts that have no passwords
NFS World exportable directories

Vendor flaws

Vendor flaws is a broad category that includes events such as buffer overflows, string format issues, directory transversals, and cross-site scripting. Vulnerabilities that require a patch or an upgrade fix are included in this category.