Feature spotlights

Security breach prevention

By sensing over 70,000 known dangerous default settings, misconfigurations and software flaws, IBM® QRadar® Vulnerability Manager helps you take corrective action before an attack occurs. Using a Payment Card Industry (PCI) certified scanner to detect vulnerabilities, it accepts input from third-party scanners, risk management products and external databases, including IBM X-Force® Threat Intelligence and the National Vulnerabilities Database, to provide a combined view of vulnerabilities.

Integration with IBM QRadar Security Intelligence Platform

Seamlessly integrates with QRadar SIEM and leverages IBM Sense Analytics™ to obtain up-to-date asset, topology, and configuration data for proactive vulnerability and risk management. It contains an automated policy engine that can evaluate actual or potential network traffic and quantify the risk of an exploit by calculating attack paths to vulnerable assets. You will be able to simulate threat propagation and evaluate the impact of a configuration change before it is made.

Single, consolidated view of vulnerabilities

An intuitive user interface provides complete visibility across dynamic, multi-layered networks. You can easily select a dashboard view and click through related tabs to review security offenses, log events, network flows, asset status, configurations, reports, risks and vulnerabilities. With QRadar Vulnerability Manager you can make faster, more informed decisions with a single, consolidated view of scan results.

Remediation and mitigation activity prioritization

QRadar Vulnerability Manager uses security intelligence to filter vulnerabilities so you can understand how to prioritize remediation and mitigation activities. By maintaining a current network view of all discovered vulnerabilities, including details such as when the vulnerabilities were found, what scan jobs reported them and to whom the vulnerability is assigned for remediation or mitigation, it helps your security teams prioritize tasks for remediation.

Regulatory compliance automation

QRadar Vulnerability Manager helps ensure compliance by conducting regular network scans and maintaining detailed audit trails. It categorizes each vulnerability with a severity rating and an exposure score. In addition to scanning assets both internally and externally, QRadar Vulnerability Manager enables security teams to create tickets to manage remediation activities and specify exceptions with a full audit trail.

Customer case study

  • Case study image

    Strengthening security posture with indepth global intelligence

    McGill University Health Centre
    Read the case study

How customers use it

  • Centralized insights into vulnerabilities


    Having a single, consolidated view of scan results to make faster, more informed decisions.


    Gain a unified view of all vulnerabilities, enhanced with context from your security analytics platform.

  • Vendor agnostic vulnerability management

    Vendor agnostic vulnerability management


    Building a vulnerability management practice that is vendor agnostic.


    Manage vulnerability data from multiple third-party sources without disruption if you choose to replace scanning tools.

  • Closed loop patch management integration


    Prioritizing remediation and mitigation activities.


    Leverage validated integrations to fully automate a closed loop vulnerability assessment, prioritization, and endpoint patch management process.

  • Real-time risk analysis and on-demand scanning

    Real-time risk analysis and on-demand scanning


    QRadar Vulnerability Manager lets you assess your risk posture through attack path simulation and policy monitoring, plus trigger targeted scans on-demand to validate potential threats.


    QRadar Vulnerability Manager lets you assess your risk posture through attack path simulation and policy monitoring, plus trigger targeted scans on-demand to validate potential threats.

Technical details

Software requirements

Software requirements can be found here:

    Hardware requirements

    Hardware requirements can be found here: