QRadar Network Visibility content extension

You can get at-a-glance insights into the network traffic in your environment by using the set of IBM® QRadar® Pulse dashboards provided by the IBM Security QRadar Network Visibility content extension. These visualizations enhance the data in network activity to provide readily available metrics that align with various MITRE ATT&CK categories.

QRadar Network Visibility includes the following dashboards:

Table 1. QRadar Network Visibility dashboards
Dashboards Description
Overview Use the Overview dashboard to gain insights into activity across the entire network, focusing on metrics that uncover unusual behavior. For a threat hunting workflow, use the Overview dashboard as the starting point.
Application/Protocol Details Use the Application/Protocol Details dashboard to drill into a specific application or protocol of interest and identify suspicious or atypical behavior.
IP Details Use the IP Details dashboard to drill into a specific IPv4 address, highlighting metrics that might indicate attacks that are associated with this address.

QRadar Network Visibility dashboards use the data that is contained in flows from external flow sources such as IPFIX and NetFlow. It leverages deep insights that are uncovered by QRadar Network Insights and X-Force®. After the extension is installed, you can be further customize it by modifying the dashboard parameters or editing the dashboard components to best suit your environment.

Important: You must have QRadar Pulse app 2.2.4 or later installed on your QRadar Console. Internet connection is required to receive X-Force feeds.