Dynamic vulnerability scans

In IBM® QRadar® Vulnerability Manager, you can configure a scan to use certain vulnerability scanners for specific CIDR ranges in your network. For example, your scanners might have access only to certain areas of your network.

During a scan, QRadar Vulnerability Manager determines which scanner to use for each CIDR, IP address, or IP range that you specify in your scan profile.

You must have the correct license capabilities to perform the following scanning operations. If you need assistance to obtain a new or updated license key, contact your local sales representative or IBM Customer Support (www.ibm.com/support/).

Dynamic scanning and domains

If you configured domains in the Domain Management window on the Admin tab, you can associate scanners with the domains that you added.

For example, you might associate different scanners each with a different domain, or with different CIDR ranges within the same domain. QRadar dynamically scans the configured CIDR ranges that contain the IP addresses you specify on all domains that are associated with the scanners on your system. Assets with the same IP address on different domains are scanned individually if the CIDR range for each domain includes that IP address. If an IP address is not within a configured CIDR range for a scanner domain, QRadar scans the domain that is configured for the Controller scanner for the asset.

Setting up dynamic scanning

To use dynamic scanning, you must do the following actions:

  1. Add vulnerability scanners to your QRadar Vulnerability Manager deployment. For more information, see Options for adding scanners to your QRadar Vulnerability Manager deployment.
  2. Associate vulnerability scanners with CIDR ranges and domains.
  3. Configure a scan of multiple CIDR ranges and enable Dynamic server selection in the Details tab of the Scan Profile Configuration page.