Use the search feature to add the flow direction algorithm to the Flow
Details window. You can use the flow direction algorithm to identify the criteria that
caused QRadar to reverse the
flow direction.
Procedure
- To display the flow direction algorithm field on the Flow Details
window, follow these steps:
- Click the Network Activity tab.
- From the Search list, select New
Search.
- In the Column Definition section, scroll down the list of
available columns and add Flow Direction Algorithm to the list of columns to
display.
- Click Filter.
The Flow Direction
Algorithm column appears on the Network Activity tab, displaying
a value that represents the algorithm that was used.
- To display the flow direction algorithm in an advanced search, use the LOOKUP function to
show the text description for the enumerated flow direction algorithm field. For example, the AQL
query might look like this:
SELECT sourceip, destinationip, LOOKUP('flow direction algorithm', "flow direction algorithm") FROM flows