Application/Protocol Details dashboard
The Application/Protocol Details dashboard provides fuzzy search for data from a particular application or protocol (layer 4 to layer 7) in your environment. The parameters in the parameter card at the top of the dashboard scope the information that is displayed. The visualizations are designed to uncover anomalies by comparing similar traffic.
The widgets on the Application/Protocol Details dashboard provide the following information:
- Application or protocol summary information.
- Insights into largest volume communications.
- Top sources and destinations.
- Destination port usage and QRadar® Network Insights (QNI) non-standard port usage.
- Traffic volume breakdown between networks.
- Flow direction and flow duration distributions.
- QNI entity alerts and confidential content over the network.
- Insights into long running flow sessions.
- Largest file transfers (with integration into the X-Force® Exchange on click).
- Most and least common QNI content types
The following table describes ways to use the Application/Protocol details dashboard widgets to drill down into other screens:
| Application/Protocol details dashboard widgets | Screens |
|---|---|
| Top Sources by Traffic Volume | Click a row to go to the IP Details dashboard. |
| Top Destinations by Traffic Volume | Click a row to go to the IP Details dashboard. |
| QNI Non-Standard Port Usage (MB) by Application | Click a bar to reload the Application Details dashboard with the application in the selected bar. |
| Longest Flow Sessions | Click a row to view the flow records in the Network Activity tab. |
| QNI Largest File Transfers | Click a row to open the X-Force Exchange web page for that specific MD5file hash. |