Real-time threat investigations with QRadar Network Insights

IBM® QRadar® Network Insights is a network threat analytics solution that provides visibility into deep application-level content to better detect insider threats, data exfiltration, and malware activity, and provides real-time analysis of network data and an advanced level of threat detection and analysis.

You can install IBM QRadar Network Insights on a QRadar appliance, or you can install it on your own hardware or a virtual appliance.

Integration with IBM QRadar Incident Forensics

QRadar Network Insights provides QRadar with deep visibility into application activities, extracts artifacts, and identifies assets, applications, and users that participate in network communications. It is tightly integrated with IBM QRadar Incident Forensics for post incident investigations and threat hunting activities.

QRadar Incident Forensics and IBM QRadar Network Packet Capture captures, reconstructs, and replays the entire conversation, but QRadar Network Insights provides the incident detection, and informs you whether suspect items or topics of interest were discussed at any time during the conversation.

Suspect content can originate from a wide variety of sources, such as malware, non-standard ports, regex, or Yara rules. For more information about suspect content, see Advanced inspection level attributes in the QRadar Network Insights User Guide.