QRadar Network Threat Analytics app

IBM® QRadar® Network Threat Analytics continuously monitors the flow records in your network to identify anomalous traffic. The home page provides visualizations to show which flow records deviate the most from other flow records that are typically observed on your network. The visualization can help you quickly identify which flows might indicate suspicious behavior on your network and prioritize your investigations.

To learn more about the QRadar Network Threat Analytics app, watch the video on the IBM Security Learning Academy website. You must have an IBMid account to enroll and watch the videos.

Flow data analysis in QRadar

IBM QRadar collects information about the way that devices in your network communicate with each other, and creates a flow record to capture information about the communication. Flows that are observed by QRadar appear on the Network Activity tab. Most flows represent normal communication between devices and pose no threat to your environment, but some flows might be indicators of suspicious activity on your network.

QRadar Network Threat Analytics analyzes the flow records on your system to determine normal traffic patterns, and then compares all incoming flows to the latest network baseline that was created by the app. Each flow is assigned an outlier score based on the flow attribute values and how frequently the type of communication is observed on the network. The higher the outlier score, the more anomalous the flow is compared to the baseline data set.

QRadar Network Threat Analytics does not make any security assertions about which traffic might be problematic or malicious.

For deeper analysis of the network metadata and application content within a flow, you can use IBM QRadar Network Insights. The increased level of flow inspection that is provided by QRadar Network Insights can detect suspicious activity and extract content to provide even more visibility into potential network threat activity. For more information, see QRadar Network Insights overview.