Updating the network baseline manually

The network baseline process is automatically triggered when you configure the app with an authorized service token. After the initial baseline is created, the app updates the baseline at regular intervals to keep up to date with new traffic that is found on your network.

Follow these steps to view the status of the current network baseline or to restart the process to re-create it.

Important: The time that it takes to create the baseline depends on the volume and complexity of the network data and the performance of your QRadar® instance. It can take a long time to complete.

Before you begin

To successfully create the network baseline, your IBM® QRadar deployment must have at least one week of continuous flow data. When your deployment has lots of flow records, the app creates a baseline that is more representative of the types of flow traffic that is typically observed on your network.

Procedure

  1. In QRadar, click the Network Threat Analytics tab.
  2. Click the icon to open the Configuration page.

    The status of the baseline creation process is shown in the Network baseline section.

  3. To re-create the network baseline, click Update baseline.