IBM QRadar Network Threat Analytics traffic monitoring

The IBM QRadar Network Threat Analytics app leverages machine learning algorithms to detect anomalous traffic on your network.

A flow record is a record of a communication between two hosts. Flow records between the same two hosts that have similar characteristics are grouped, and the communications that deviate from the baseline are aggregated into a finding. In QRadar Network Threat Analytics, a finding is the highest level of visibility for anomalous traffic that was found on your network.

The app provides a method of scoring incoming flow records to determine whether the flow is consistent with the type of traffic that is normally observed on your network. The network flows with the highest scores are shown in the dashboard visualizations, making it easier for you to determine which flows to investigate further.


The app does not make any security assertions about which traffic might be problematic or malicious. The outlier score does not indicate that a flow record is suspicious or malicious. It indicates that the flow has characteristics that appear anomalous when compared to other flows in the network baseline. Upon further investigation, you might determine that this anomalous traffic does not pose a threat to your network.