QRadar Vulnerability Manager (QVM) is a scanning platform based on QRadar that is used to identify, manage, and prioritize the vulnerabilities on your network assets.

QRadar Vulnerability Manager and QRadar Risk Manager are combined into one offering and both are enabled through a single base license. With the base license, you use QRadar Vulnerability Manager for vulnerability management workflow and you are entitled to scan up to 255 assets. You can use QRadar Risk Manager to integrate with up to 50 standard configuration sources. You require extra licenses to scan more than 255 assets or to integrate with more than 50 configuration sources. If you have a licensed entitlement to either QRadar Vulnerability Manager or QRadar Risk Manager, you are automatically entitled to the base license allowances for the other product.

When you install and license QRadar Vulnerability Manager, a vulnerability processor is automatically deployed on your QRadar console. A processor is not automatically deployed if you use a software activation key on your QRadar console.
The vulnerability processor provides a scanning component by default. If required, you can deploy more scanners, either on dedicated QRadar Vulnerability Manager managed host scanner appliances or QRadar managed hosts. For example, you can deploy a vulnerability scanner on an Event Collector or QRadar QFlow Collector.
If required, you can move the vulnerability processor to a different managed host in your deployment. You might move the processor to preserve disk space on your QRadar console.
Restriction: You can have only one vulnerability processor in your deployment. You can move the vulnerability processor only to a dedicated QRadar Vulnerability Manager processor appliance. You can’t add a vulnerability processor to the QRadar Flow Processor 1728 appliance.
You can add the vulnerability processor to the following QRadar appliances: 600, 700, 8099, 8024, 8000, 3124, 8026, 2100, 3199, 3126, 8021, and 3100.