IP Details dashboard

The IP Details dashboard searches for data that is specific to the IPv4 address entered in the parameters section on the dashboard.

You can use the widgets on this dashboard to uncover anomalies that are related to the behavior of a specific IPv4 address. Most of the information is split into inbound and outbound statistics. Inbound statistics represent the metrics for the IP when it is the destination. Outbound statistics represent the IP metrics when it is the source. Use this dashboard to get an overview of the typical behavior and characteristics of a particular IPv4 address.

The widgets on the IP Details dashboard provide the following information:

  • IP summary information.
  • Hostname and username information.
  • Information about communication with remote assets.
  • Recent communication observed from or to the IP address.
  • Insights into QRadar® Network Insights (QNI) suspect content descriptions that are detected.
  • X-Force® category lookups of QNI URLs.
  • Views into traffic volume over time and the breakdown of flow direction and application.
  • Application usage.
  • Flow direction and flow duration distributions.
  • Insights into long running flow sessions.
  • QNI file entropy insights.
  • Largest file transfers (with integration into the X-Force Exchange on click).

The following table describes ways to use the IP Details dashboard widgets to drill down into other screens:

Table 1. IP Details dashboard widgets
IP Details dashboard widgets Screens
Inbound Applications by Session Count Click a slice to go to the Application Details dashboard.
Outbound Applications by Session Count Click a slice to go to the Application Details dashboard.
QNI Largest File Transfers Click a row to open the X-Force Exchange page for that specific MD5file hash.
Most Recent Flow Sessions Click a row to view the flow records in the Network Activity tab.