IBM Support

QRadar: Clean Vulnerability Ports check box and Scheduled Scans

Question & Answer


Question

What does the "Clean Vulnerability Ports" check box affect when scheduling a vulnerability assessment (VA) scan?

Answer

When scheduling a vulnerability scan from the VA Scanners panel, there is the option to Clean Vulnerability Ports on some scanners when administrators define a scan schedule. This functionality removes vulnerabilities that are associated to an IP address before the new scan results are imported. This ensures that when an administrator schedules a scan, older vulnerabilities that have been resolved are not displayed in the user interface when the next scan result is imported in to QRadar.



How to enable Clean Vulnerability Ports
Administrators can use this option to ensure that IP addresses are cleared of previous vulnerabilities before the next scan import begins. If this option is not enabled, you need to manually remove the vulnerabilities in QRadar after you resolve them.

  1. Log in to the QRadar User Interface > click the Admin tab.
  2. Click the Vulnerability Scanners icon.
  3. Highlight a Scanner > Schedule.
  4. Click Add.

  5. After entering the values in the appropriate text boxes click the Clean Vulnerability Ports Check box.
    Note: The option Clean Vulnerability Ports is not available on all scanners.



Where do you find more information?



[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"VA Scanners","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF025","label":"Platform Independent"}],"Version":"7.2;7.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21989099