IBM Support

QRadar Vulnerability Manager: End of service product notification

News


Abstract

QRadar Vulnerability Manager Scanner is scheduled for end of service (end of life) on 30 April 2023. To help guide you through this transition before the end of service date, IBM is partnering with Tenable to help prevent a gap in vulnerability scanning capabilities. This technical note includes important dates, Tenable information, links, and descriptions on how update packages remove QRadar Vulnerability Manager features.

Content

Technical note updates


  • 19 June 2023: Updated to add a link to 7.5.0 Update Package 6. For direct download links and release notes, see QRadar Software 101.
  • 2 June 2023: Updated technical note to add a note about keeping a nightly configuration backup before you upgrade to 7.5.0 UP6. Removed the section about the installation menu changes the installation UI changes are planned for a future release. Updated the summary at the end of the technical note about future releases planned to remove the FusionVM database.
  • 5 April 2023: Initial reminder for users that QRadar Vulnerability Manager (QVM) is end of service on 30 April 2023. This content includes important dates and pending changes as users upgrade to QRadar versions without QRadar Vulnerability Manager services.

End of service

IBM announced the end of service for QRadar Vulnerability Manager end of service in November 2020. To help customers transition, IBM and Tenable are working to make the migration process as smooth as possible by offering industry-leading solutions, best-in-class integrations, and professional services incentives exclusively for IBM customers.
Key Dates for QRadar Vulnerability Manager (QVM)
  • End of purchases: 10 November 2020
  • End of renewals: 30 April 2022
  • End of service: 30 April 2023
  • QRadar 7.5.0 Update Package 6 release: 19 June 2023

    Note: For direct download links and release notes, see QRadar Software 101.
How end of service affects users
  1. QVM no longer includes vulnerability scanning. Administrators need to transition scan functionality to a 3rd party scanner, such as Tenable.
  2. Stand-alone QVM is no longer available as an offering.
  3. QRadar Vulnerability Manager API endpoints are deprecated in QRadar 7.5.0 Update Package 6.
  4. Auto updates no longer provide new scan RPMs for QRadar Vulnerability Manager.
  5. Support assistance is available for users with cases opened before the end of service date. As no further software updates are provided for QRadar Vulnerability Manager after V7.5.0 Update Package 5, support is limited to assisting users with configuration issues.
  6. Users can open QRadar Support cases for Assets non-QVM functionality. For example,
    • Vulnerability Assessment scan data imports and scan configuration errors. For more information, see Supported vulnerability scanners.
    • Asset tab and user interface issues.
      Note: Application issues developed by IBM Technology Partners, such as Tenable must start troubleshooting with the app development team.
    • Search or report issues related to assets.
  7. Upgrades to QRadar 7.5.0 Update Package 6 remove QVM functionality, services, deployed scanners, and user interface components from QRadar.

Affected products


For a list of affected products, see Software withdrawal and support discontinuance: IBM Security QRadar Vulnerability Manager.

Product changes

The following sections provide information on changes to QRadar when administrators install QRadar 7.5.0 Update Package 6. QRadar Vulnerability Manager is functional until administrators apply QRadar 7.5.0 Update Package 6 upgrades.

Important: Upgrade precheck added for administrators

Administrators who begin an upgrade to QRadar 7.5.0 Update Package 6 with QRadar Vulnerability Manager licensed are alerted with a patch warning message.

Before you begin

  • Administrators can confirm they have a nightly configuration backup before you upgrade to 7.5.0 Update Package 6.
  • Review all sections in this technical note to ensure you are aware of the user interface and product changes.
     
Applying patch will remove QVM scanning capability. Please read details carefully about 
the overall impact to QVM before you proceed. https://ibm.biz/qvmendoflife

Choices:
  1) Go ahead with the patch
  2) Abort patch

Do you want to proceed with the patch?
>_

Results
Selecting option 1 begins the upgrade and removes QRadar Vulnerability Manager scan components and functionality from QRadar SIEM. After the installer begins, administrators cannot halt or abort the upgrade, unless QRadar detects a pre-patch issue to halts the installer. There are no options to forcefully exit the upgrade to QRadar 7.5.0 Update Package 6 after the update starts. Attempting to power down the host during the upgrade can cause a critical upgrade failures and might corrupt the QRadar Console. 

Vulnerabilities tab changes

The Vulnerabilities tab is available in the user interface after the upgrade to 7.5.0 Update Package 6 completes. The navigation menu is updated to remove Scan Results, Administrative, Research - News, and Research - Advisories from the user interface.
image-20230329001935-2

Assets tab changes

The Assets tab is available in the user interface after the upgrade to 7.5.0 Update Package 6 completes with changes to right-click functionality and the Vulnerability Details screen.

  • The Assets tab removes the IP address right-click option, Run Vulnerability Scan from the user interface. Administrators can run on demand (ad-hoc) asset scans with the Tenable App or other complete scan data imports in the Vulnerability Assessment user interface. However, the right-click option to scan an asset with QRadar Vulnerability Manager is removed.
    image-20230329003136-4
    Note: For information about the Tenable app, ad-hoc, or rule-based scanning, see Tenable on the IBM X-Force App Exchange.
  • The Vulnerability details screen disables the Plugin Details information and the hyperlink from the user interface.
    image-20230329004054-6

Offenses, rules, and building block changes

After you upgrade to QRadar 7.5.0 Update Package 6, several changes are applied to scan rule responses, BB: HostDefinition: VA Scanner Source IP,

  • The Trigger a Scan option is removed from the Rule Response user interface. 
    image-20230329085306-1
  • Building blocks for Host Definition: VA Scanner Source IP is no longer automatically updated when administrators add QRadar Vulnerability Scanners. This rule was automatically updated when new QVM scanners were deployed to include the locations of all QVM processors. As no new QVM processors can be deployed, the rule is no longer automatically updated.
    image-20230329092641-1

Admin tab changes

Several configuration parameters are removed from the user interface when QRadar is upgraded to 7.5.0 Update Package 6.

  • In the System and License Management > Licenses view, license keys are updated to disable scan capability after you upgrade to QRadar 7.5.0 Update Package 6.
    image-20230329143717-2
     
  • In the System and License Management > Systems view, administrators can manually remove QVM Processor (600) and QVM Scanner (610) appliance types from the deployment.
    image-20230329144657-4
    Procedure
    1. On the navigation menu ( Navigation menu icon ), click Admin.
    2. In the System Configuration section, click System and License Management.
    3. In the Display list, select Systems.
    4. Select the QVM Processor (600) component.
    5. On the Deployment Actions menu, click Remove host and click OK.
    6. On the Admin tab, click Advanced > Deploy Full Configuration.
    7. Wait for the changes to deploy to all managed hosts.
    8. Repeat this procedure to remove any other QVM components, such as the QVM Processor (610), if available.

      Results
      The managed hosts are removed from the QRadar deployment. 

       
  • In the System and License Management interface, Managed Vulnerability Deployment feature is removed from Deployment Actions drop-down in the user interface.
    image-20230329151718-5
     
  • The User Roles Management interface is updated to remove Scan Policy and Scan Profile permissions related to Vulnerability Management.
    image-20230530112235-1
  • Backup and Restore interface no longer backs up QVM Scan Profiles and results. The check box is removed from the user interface after an upgrade to QRadar 7.5.0 Update Package 6.
    image-20230329155336-7
    Note: Further changes to remove backup and restore components are also expected in 7.5.0 Update Package 7. For example, removing FusionVM database backups from the nightly configuration backup are planned for removal in a future release.
     
  • Domain Management for scanners that are associated to a specific domain in QRadar can no longer be added for QRadar Vulnerability Manager processors. Domains assigned to QVM Processors are highlighted in the user interface to indicate that they no longer support domains and need to be removed. 
    image-20230329160209-8
    Note: QRadar Vulnerability Assessment 3rd party scanners can be added and are supported by domain configurations.
     
  • Auto Updates for QRadar Vulnerability Manager are no longer supported. Daily automatic updates no longer include vulnerability updates for QRadar Vulnerability Manager features.

    Note: Further changes to remove components are also expected in 7.5.0 Update Package 7, such as auto update changes to not install scan tools and related rpms.
     
  • System Settings related to purging QRadar Vulnerability Manager scan results are removed from the user interface. As QRadar Vulnerability Manager components are removed after you upgrade to QRadar 7.5.0 Update Package 6, the day and execution cycle time frames for purging scan data no longer apply.
    image-20230329160854-9


 

API changes

The following scanner endpoints are deprecated from the QRadar API:
  • /Scanner
  • /Scanner/profiles
  • /Scanner/scanprofiles
    image-20230329005312-7
    Note: Any automation, custom actions, or external tools that use the /scanner endpoints return authorization errors after administrators upgrade to 7.5.0 Update Package 6.

Risks tab changes

The Risks tab disables Compliance Questions and the ability for users to create new asset questions in the Actions menu.
image-20230329013238-1

Dashboard changes

The QRadar Vulnerability Management Dashboard removes the Security News, Security Advisories, Scans in Progress, and Scans Completed widgets.
image-20230329011526-2

The following RSS feeds related to QRadar Vulnerability Manager are removed from the Dashboard.
image-20230530113734-4

Administrators who want to discuss migrating scans or discuss Tenable scan capability can contact QVM@tenable.com.
Summary
The QRadar 7.5.0 Update Package 6 installation removes QVM scan functionality and user interface changes are applied as described in this technical note. Future software updates are planned in QRadar 7.5.0 Update Package 7 to remove QVM-related code, such as files downloaded by automatic updates, required database changes, and installation changes. For example, the FusionVM database is planned for removal in a future release. The vulnerability data in the asset model is not affected by the database removal, but can affect results created during QVM scans for results that are not yet added to the asset model. Due to these changes, it is important to reserve a nightly configuration backup in a safe location before you start the installation of an upgrade pack for QRadar.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"},{"code":"a8m0z000000cwu1AAA","label":"Assets"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
27 June 2023

UID

ibm16853425