IP Details dashboard
The IP Details dashboard searches for data that is specific to the IPv4 address entered in the parameters section on the dashboard.
You can use the widgets on this dashboard to uncover anomalies that are related to the behavior of a specific IPv4 address. Most of the information is split into inbound and outbound statistics. Inbound statistics represent the metrics for the IP when it is the destination. Outbound statistics represent the IP metrics when it is the source. Use this dashboard to get an overview of the typical behavior and characteristics of a particular IPv4 address.
The widgets on the IP Details dashboard provide the following information:
- IP summary information.
- Hostname and username information.
- Information about communication with remote assets.
- Recent communication observed from or to the IP address.
- Insights into QRadar® Network Insights (QNI) suspect content descriptions that are detected.
- X-Force® category lookups of QNI URLs.
- Views into traffic volume over time and the breakdown of flow direction and application.
- Application usage.
- Flow direction and flow duration distributions.
- Insights into long running flow sessions.
- QNI file entropy insights.
- Largest file transfers (with integration into the X-Force Exchange on click).
The following table describes ways to use the IP Details dashboard widgets to drill down into other screens:
IP Details dashboard widgets | Screens |
---|---|
Inbound Applications by Session Count | Click a slice to go to the Application Details dashboard. |
Outbound Applications by Session Count | Click a slice to go to the Application Details dashboard. |
QNI Largest File Transfers | Click a row to open the X-Force Exchange page for that specific MD5file hash. |
Most Recent Flow Sessions | Click a row to view the flow records in the Network Activity tab. |