Geographic view

The geographic view shows a geographical representation of the network traffic between countries and regions. IBM® QRadar® Network Threat Analytics has the Geographic view tab on the home page.

New in 1.3.0

Note: The map view was renamed to the geographic view.

Overview

On the Overview tab, move the mouse over different areas of the map to view traffic summary information about the traffic to and from that country or region.
  • Click the icon to view the summary data in table format.
  • Click Geographic view to open the Geographic view tab and view a larger map with more information.

Geographic view

On the Geographic view tab, each line on the map represents a communication. It is an aggregate of all of the flows between the two locations. Red lines indicate that the communciation has a finding attached.
  • Hover over the line to view summary information.
  • Select the line to view information about the types of flows that contributed to the communication.
  • Click View flow records to view the flow records that contributed to the communication.
You can also customize the information that you see on the map.
  • Click Map config to change the information that appears on the map.
  • Click Quick filters to select pre-set filter sets that apply to common use cases. Review the filter descriptions to learn about the criteria for each preset.
  • Click Filters to manually select the fields used to narrow the scope of flow records that you want to review.
Tip: If you apply a filter on either the Findings, Geographic view or the Table view tabs, the filter is preserved when you switch tabs. Some filters don't apply to all pages so those are disabled depending on which tab you are viewing.

Tabular map data

To view the map data in a table, click the icon on the map.