Flow improvements

Support for the flow ID field in NetFlow V9 flow records

IBM® QRadar now supports the flowId field (IANA element 148) in NetFlow Version 9 data exports. In QRadar, the field appears in the Vendor Flow ID field on the Flow Details window.

The flow ID is used as part of the flow's unique identifier so that only flow records with the same flow ID value are aggregated together. Sessions with different flow IDs are kept separate and mapped to different Flow ID values.

You can use the flowId field in filters and searches to quickly identify all of the flow records in a particular session.

Support for 40 Gbps Napatech card

The QFlow component of IBM QRadar now supports the new Napatech NT200A02 (2 x 40 Gbps) SmartNIC. Network connectivity is not indicative of the data throughput levels that each appliance is capable of.

Napatech has deprecated support for the NT20E SmartNIC.