IBM Guardium scanner overview

IBM® InfoSphere® Guardium® appliances are capable of exporting database vulnerability information that can be critical to protecting customer data.

IBM Guardium audit processes export the results of tests that fail the Common Vulnerability and Exposures (CVE) tests generated when running security assessment tests on your IBM Guardium appliance. The vulnerability data from IBM Guardium must be exported to a remote server or staging server in Security Content Automation Protocol (SCAP) format. IBM QRadar can then retrieve the scan results from the remote server storing the vulnerability using SFTP.

IBM Guardium only exports vulnerability from databases containing failed CVE test results. If there are no failed CVE tests, IBM Guardium may not export a file at the end of the security assessment. For information on configuring security assessment tests and creating an audit process to export vulnerability data in SCAP format, see your IBM InfoSphere Guardium documentation.

After you have configured your IBM Guardium appliance, you are ready to configure QRadar to import the results from the remote server hosting the vulnerability data. You must add an IBM Guardium scanner to QRadar and configure the scanner to retrieve data from your remote server. The most recent vulnerabilities are imported by QRadar when you create a scan schedule. Scan schedules allow you to determine the frequency with which QRadar requests data from the remote server host your IBM Guardium vulnerability data.