Glossary

This glossary provides terms and definitions for the IBM® QRadar® Network Threat Analytics app.

The following cross-references are used in this glossary:
  • See refers you from a nonpreferred term to the preferred term or from an abbreviation to the spelled-out form.
  • See also refers you to a related or contrasting term.

A

anomalous behavior
A deviation from the expected baseline behaviors.
analytics score category
A grouping of similar flow characteristics. For example, the source category includes together source IP, source port, and source network.

B

baseline occurrence
The frequency of which the communication in the network is observed.
baseline traffic
The type of traffic that is normally observed in the network.
baseline process
A process that analyzes existing network flows and determines the type and frequency of normal flow traffic on your network. See also network baseline.
behavioral analytics score
A numerical representation of the significance of a finding, calculated based on the outlier scores of the contributing flows.

D

deviating category
A representation of a group of flow characteristics that deviates from the existing behavior in the baseline.
deviating flow attribute
A characteristic that distinguishes a flow that was marked as deviating from the baseline.
deviating group attributes
A representation of the group attributes that were marked as deviating from the baseline.

F

finding
An aggregation of similar network communications that are anomalous and deviate from the baseline.
flow record
A record of the conversation between two hosts.
flow session
A collection of individual flow records that have the same flow ID.
flow session score
A numerical representation of how expected a flow session is in your network. A flow session that has a score of 100 was never before observed in the network.

I

in offense
Indicates whether the flow record is part of an offense. See offense.

N

network anomaly
A change in the established standard communication of a network.
network baseline
A model that contains information about the flows and flow attributes that currently exist on the system. The network baseline is the result of the baseline process.

O

offense
A message that is sent or an event that is generated in response to a monitored condition. For example, an offense provides information on whether a policy was breached or the network is under attack.
outlier score
A numerical representation of how much the flow attribute values deviated from the network baseline.

S

score
The result of a computational analysis.