Displaying the application determination algorithm field in search results

Use the search feature to add the application determination algorithm to the Flow Details window. You can use the application identification algorithm to identify the criteria that QRadar used to identify which application the flow originated from.

Procedure

  1. To display the application determination algorithm field on the Flow Details window, follow these steps:
    1. Click the Network Activity tab.
    2. From the Search list, select New Search.
    3. In the Column Definition section, scroll down the list of available columns and add Application Determination Algorithm to the list of columns to display.
    4. Click Filter.
      The Application Determination Algorithm column appears on the Network Activity tab, displaying a value that represents the algorithm that was used.
  2. To display the application determination algorithm in an advanced search, use the LOOKUP function to show the text description for the enumerated algorithm field.
    For example, the AQL query might look like this.
    SELECT LOOKUP('application determination algorithm', "application determination algorithm"), * FROM flows