IBM Support

QRadar: BigFix and QVM integration

Question & Answer


Question

How do you configure the asset risk score so as not to overwhelm the system?

Cause

The asset risk score can only be triggered in order not to overwhelm the BigFix server with a high volume of vulnerability data, at the same time not to filter out data sent by the sum risk score (asset risk score).

Answer

When configuring QRadar Vulnerability Manger integration with BigFix, the primary thing that is taken into consideration is the vulnerability risk score. If the vulnerability risk score is more than the value you set, then it is checked for the condition asset risk score. When set properly you will be able to see the correct data being sent to BigFix.

  • The Asset risk score property is qvm.adaptor.minimum.asset.riskscore.
  • The Vulnerability risk score property is qvm.adaptor.minimum.vuln.riskscore.

Example: When then the vulnerability risk score is set to 5, then only the assets with asset risk score more than 5000 will be seen in the BigFix. When the risk score it set to zero all assets will be seen and will overwhelm BigFix.

The only usage of property qvm.adaptor.minimum.asset.riskscore (which might be applied in cases) is when you have numerous vulnerability data imported into BigFix and might prevent an overwhelm of data on the BigFix side.

Note: This property is implemented only in the case we have scanned a lot of assets with a lot of high and critical vulnerabilities, in order not to send all these data that might overwhelm the BigFix server.

For more information on BigFix integration with QRadar please look at this link.

IBM BigFix integration


Where do you find more information?



[{"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
31 August 2018

UID

swg21995599