Asset profile configuration

IBM QRadar automatically discovers the assets on your network, which are discovered by passive monitoring of QFlow flow data, and active monitoring of vulnerability scan data. QRadar then builds an asset profile, which displays the services that run on each asset.

The asset profile data is used for correlation purposes to help reduce false positives. For example, if an attack attempts to exploit a specific service that runs on a specific asset, QRadar determines whether the asset is vulnerable to this attack by correlating the attack against the asset profile.

Note: Flow data, vulnerability assessment (VA) scanners, or log sources that provide identity must be configured so that asset profiles are displayed in the user interface. If no flow data or scanners exist, no data is compiled for an asset profile.

You can define specific IP addresses (servers) as assets by importing existing assets in comma-separated value (CSV) format. Adding an asset profile helps you to identify an IP address by name and provide a description and weight for that asset.

For more information about managing assets, see the IBM QRadar Administration Guide.