This glossary provides terms and definitions for the IBM® QRadar® Network Threat Analytics app.
The following cross-references are used in this glossary:
- See refers you from a nonpreferred term to the preferred term or from an abbreviation to the spelled-out form.
- See also refers you to a related or contrasting term.
- anomalous behavior
- A deviation from the expected baseline behaviors.
- analytics score category
- A grouping of similar flow characteristics. For example, the source category includes together source IP, source port, and source network.
- baseline occurrence
- The frequency of which the communication in the network is observed.
- baseline traffic
- The type of traffic that is normally observed in the network.
- baseline process
- A process that analyzes existing network flows and determines the type and frequency of normal flow traffic on your network. See also network baseline.
- behavioral analytics score
- A numerical representation of the significance of a finding, calculated based on the outlier scores of the contributing flows.
- deviating category
- A representation of a group of flow characteristics that deviates from the existing behavior in the baseline.
- deviating flow attribute
- A characteristic that distinguishes a flow that was marked as deviating from the baseline.
- deviating group attributes
- A representation of the group attributes that were marked as deviating from the baseline.
- An aggregation of similar network communications that are anomalous and deviate from the baseline.
- flow record
- A record of the conversation between two hosts.
- flow session
- A collection of individual flow records that have the same flow ID.
- flow session score
- A numerical representation of how expected a flow session is in your network. A flow session that has a score of 100 was never before observed in the network.
- in offense
- Indicates whether the flow record is part of an offense. See offense.
- network anomaly
- A change in the established standard communication of a network.
- network baseline
- A model that contains information about the flows and flow attributes that currently exist on the system. The network baseline is the result of the baseline process.
- A message that is sent or an event that is generated in response to a monitored condition. For example, an offense provides information on whether a policy was breached or the network is under attack.
- outlier score
- A numerical representation of how much the flow attribute values deviated from the network baseline.
- The result of a computational analysis.