Application/Protocol Details dashboard

The Application/Protocol Details dashboard provides fuzzy search for data from a particular application or protocol (layer 4 to layer 7) in your environment. The parameters in the parameter card at the top of the dashboard scope the information that is displayed. The visualizations are designed to uncover anomalies by comparing similar traffic.

The widgets on the Application/Protocol Details dashboard provide the following information:

  • Application or protocol summary information.
  • Insights into largest volume communications.
  • Top sources and destinations.
  • Destination port usage and QRadar® Network Insights (QNI) non-standard port usage.
  • Traffic volume breakdown between networks.
  • Flow direction and flow duration distributions.
  • QNI entity alerts and confidential content over the network.
  • Insights into long running flow sessions.
  • Largest file transfers (with integration into the X-Force® Exchange on click).
  • Most and least common QNI content types

The following table describes ways to use the Application/Protocol details dashboard widgets to drill down into other screens:

Table 1. Application/Protocol details dashboard widgets
Application/Protocol details dashboard widgets Screens
Top Sources by Traffic Volume Click a row to go to the IP Details dashboard.
Top Destinations by Traffic Volume Click a row to go to the IP Details dashboard.
QNI Non-Standard Port Usage (MB) by Application Click a bar to reload the Application Details dashboard with the application in the selected bar.
Longest Flow Sessions Click a row to view the flow records in the Network Activity tab.
QNI Largest File Transfers Click a row to open the X-Force Exchange web page for that specific MD5file hash.