IBM Support

QRadar: BigFix and QVM Integration with Domain Authentication



The Knowledge Center guide explains how to configure encryption communication between BigFix and QRadar. However, the importation of vulnerability fix status updates from BigFix into QRadar does not work.


The error found in the /var/log/iem-cron.log file is as follows:

        at com.sun.proxy.$Proxy30.getRelevanceResult(Unknown Source)
        at com.q1labs.qvm.iem.BigfixClient.getRelevanceResultResponse(
        at com.q1labs.qvm.iem.BigfixClient.getSiteIds(
        at com.q1labs.qvm.iem.BigfixClient.getFixletList(
        at com.q1labs.qvm.iem.BigfixClient.getFixletList(
        at com.q1labs.qvm.iem.FixletLoader.loadCurrentFixlets(
        at com.q1labs.qvm.iem.FixletResultReaderApp.loadActionResults(
        at com.q1labs.qvm.iem.FixletResultReaderApp.main(
Caused by: java.lang.ClassNotFoundException:


This can be caused by using domain authentication in BigFix for user authentication.

Resolving The Problem

The guide describes how to configure BigFix to send encrypted data to QRadar. In step 2b of the guide, you are told to type ./ and enter host name, host port, user name, and password for the BigFix server. For the username you would use domain\username, since the user account to log in to BigFix is domain authenticated.

Configuring encrypted communication between IBM BigFix and QRadar

However, the import of vulnerability fix status updates from BigFix into QRadar does not work.

The "\" character in the username must be escaped to successfully allow log in to BigFix from QRadar.

To resolve this issue.

  1. Log in to the QRadar Console by using an SSH session.
  2. If QVM is not running from the Console, connect to the Managed Host by using SSH.
  3. Change directories to /opt/qvm/iem/
    cd /opt/qvm/iem/
  4. Backup the file by using this command.
  5. Using VI editor open
  6. Change the webreports.username parameter
    webreports.username= domain\username
    webreports.username= domain\\username
  7. Save the changes by typing
    esc :wq
  8. Change directories to /opt/qvm/adapter/config/
    cd /opt/qvm/adapter/config/
  9. Backup the file by using this command.
    cp plugin-bigfix.propertiess.bak
  10. Using VI editor open
  11. Change the parameter domainusername
    to domain\\username
  12. Save the changes by typing
    esc :wq

The vulnerability import should be successful the next time the cronjob runs the script (every 15 minutes by default).

Where do you find more information?

[{"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018