Question & Answer
How do you configure the asset risk score so as not to overwhelm the system?
The asset risk score can only be triggered in order not to overwhelm the BigFix server with a high volume of vulnerability data, at the same time not to filter out data sent by the sum risk score (asset risk score).
When configuring QRadar Vulnerability Manger integration with BigFix, the primary thing that is taken into consideration is the vulnerability risk score. If the vulnerability risk score is more than the value you set, then it is checked for the condition asset risk score. When set properly you will be able to see the correct data being sent to BigFix.
- The Asset risk score property is
- The Vulnerability risk score property is
Example: When then the vulnerability risk score is set to 5, then only the assets with asset risk score more than 5000 will be seen in the BigFix. When the risk score it set to zero all assets will be seen and will overwhelm BigFix.
The only usage of property
qvm.adaptor.minimum.asset.riskscore (which might be applied in cases) is when you have numerous vulnerability data imported into BigFix and might prevent an overwhelm of data on the BigFix side.
Note: This property is implemented only in the case we have scanned a lot of assets with a lot of high and critical vulnerabilities, in order not to send all these data that might overwhelm the BigFix server.
For more information on BigFix integration with QRadar please look at this link.
IBM BigFix integration
Where do you find more information?
Was this topic helpful?
31 August 2018