Flow sources

Flow information is used to detect threats and other suspicious activity that might be missed if you rely only on event information.

Flows provide network traffic information that is sent simultaneously to IBM QRadar in various formats, including Flowlog files, NetFlow, J-Flow, sFlow, and Packeteer.

NetFlow, J-Flow, and sFlow are protocols that collect flow data from network devices, such as routers, and send this data to QRadar.

NetFlow, J-Flow, and sFlow are configured in a similar way, but each one is deployed according to the protocol that each network device supports.

If you are collecting NetFlow, J-Flow, or sFlow data, verify that QRadar is collecting complete flow sets. Incomplete or missing flows can make it difficult to analyze network activity.