Assigning a technical user as the owner of asset groups

In IBM QRadar Vulnerability Manager, you can configure groups of assets and automatically assign their vulnerabilities to technical users.

After you assign a technical user and scan the assets, all vulnerabilities on the assets are assigned to the technical user for remediation.

The remediation times for vulnerabilities can be configured using the Remediation Times option, depending on their risk or severity.

If you add a new asset to your network, and it is contained in a technical user's asset group, vulnerabilities on the asset are automatically assigned to the technical user.

You can automatically email reports to your technical users with the details of vulnerabilities that they are responsible for fixing.

The Remediation Times, Schedule and Risk Preferences options are enabled only for administrative users, and non-administrative users who have no associated domain.

Before you begin

If you want to configure a group of assets that are identified by a saved asset search, you must search your assets and save the results.

For more information about searching assets and saving the results, see the User Guide for your product.

Procedure

  1. Click the Vulnerabilities tab.
  2. In the navigation pane, click Vulnerability Assignment.
  3. On the toolbar, click Add.
  4. Type a name, email address, and CIDR range.

    To automatically assign a technical user in the New Asset Owner window, the only mandatory fields are Name, Email, and CIDR. If multi-domain environments are enabled, select a domain association for that particular asset owner.

  5. If you configured IBM QRadar for multiple domains, select the relevant domain from the Domain list.
  6. To filter the list of assets in your CIDR range by asset name, type a text string in the Asset Name Filter field.
  7. To filter the list of assets in your CIDR range by operating system, type a text string in the OS Filter field.
  8. Optional: To assign the technical user to the assets that are associated with a saved asset search, click Asset Search. The Asset Search option is disabled if domains have been configured in the Domain Management page.
  9. Click Save.
  10. Optional: On the toolbar, click Remediation Times.

    You can configure the remediation time for each type of vulnerability, depending on their risk and severity.

    For example, you might need high risk vulnerabilities to be fixed within 5 days.

  11. Optional: On the toolbar, click Schedule.

    By default, the technical user contact for your assets is updated every 24 hours.

    New assets added to your deployment and falling within the CIDR range that you specified are automatically updated with the technical contact that you specified.

    Important: The schedule applies to the associations you made between technical users and groups of assets.
  12. Optional: Click Update Now, to immediately set the owner of your assets.

    Depending on the size of your deployment, it might take an extended time to update your assets.

  13. Click Save.

    Any vulnerabilities that are already assigned to a technical user for remediation are updated with the new technical user.

  14. If vulnerabilities were not previously assigned to a technical user, you must scan the assets that you assigned to the technical user.
    Important: Scanning the assets ensures that any vulnerabilities assigned to a technical user exist on the asset.