Setting up a QRadar Network Packet Capture group

Configure multiple QRadar® Network Packet Capture appliances into a group.

Before you begin

  • To be sure that you understand the implications of grouping QRadar Network Packet Capture appliances, see Grouped QRadar Network Packet Capture appliances.
  • You are logged into the QRadar Network Packet Capture appliance as an administrator.

About this task

You can search the entire group, selected members, or a single member. The search result is delivered in a single merged stream that is in timestamp order. Each packet is annotated with the source device UUID and receive port in PCAP-NG format.

Procedure

  1. Click the ADMIN tab, and go to the GROUP MEMBERSHIP widget.
  2. Enter the DNS or IP address of the remote QRadar Network Packet Capture appliance.
  3. Enter the login information of an admin user on the remote QRadar Network Packet Capture appliance.
  4. Click Add Host.

Results

The remote QRadar Network Packet Capture appliance is grouped with the appliance that you are currently logged into.

What to do next

Click Remove to remove a QRadar Network Packet Capture appliance from the group.