Map view
New in 1.2.0
The map view shows a geographical representation of the network traffic between countries and regions. IBM® QRadar® Network Threat Analytics has a map view on the Dashboard and on the Network data page.
Dashboard
On the Dashboard, move the mouse over different areas of the map to view
traffic summary information about the traffic to and from that country or region.
- Click the
icon to view the summary data
in table format. - Click View network data to open the Network data page and view a larger map with more information.
Network data
On the Network data page, each line on the map represents a communication.
It is an aggregate of all of the flows between the two locations. Red lines indicate that the
communciation has a finding attached.
- Hover over the line to view summary information.
- Select the line to view information about the types of flows that contributed to the communication.
- Click View flow records to view the flow records that contributed to the communication.
You can also customize the information that you see on the map.
- Click Map config to change the information that appears on the map.
- Click Quick filters to select pre-set filter sets that apply to common use cases. Review the filter descriptions to learn about the criteria for each preset.
- Click Filters to manually select the fields used to narrow the scope of flow records that you want to review.
Tip: If you apply a filter on either the Map or the
Table view, the filter is preserved when you switch tabs.
Tabular map data
To view the map data in a table, click the
icon on the map.
