System notifications that indicate asset growth deviations

IBM QRadar generates system notifications to help you identify and manage the asset growth deviations in your environment.

The following system messages indicate that QRadar identified potential asset growth deviations:

The system detected asset profiles that exceed the normal size threshold
The asset blacklist rules have added new asset data to the asset blacklists

The system notification messages include links to reports to help you identify the assets that have growth deviations.

Asset data that changes frequently

Asset growth can be caused by large volumes of asset data that changes legitimately, such as in these situations:

A mobile device that travels from office-to-office frequently and is assigned a new IP address whenever it logs in.
A device that connects to a public wifi with short IP addresses leases, such as at a university campus, might collect large volumes of asset data over a semester.

QRadar might mistakenly report this activity as an asset growth deviation. If the asset growth is legitimate, you can take steps to ensure that the asset data is handled properly. For more information, see c_qradar_adm_prevent_asset_grwth_deviat.html.