Use the search feature to add the application determination algorithm to the
Flow Details window. You can use the application identification algorithm to
identify the criteria that QRadar used to identify which
application the flow originated from.
Procedure
- To display the application determination algorithm field on the Flow
Details window, follow these steps:
- Click the Network Activity tab.
- From the Search list, select New
Search.
- In the Column Definition section, scroll down the list of
available columns and add Application Determination Algorithm to the list of
columns to display.
- Click Filter.
The Application
Determination Algorithm column appears on the Network Activity
tab, displaying a value that represents the algorithm that was used.
- To display the application determination algorithm in an advanced search, use the LOOKUP
function to show the text description for the enumerated algorithm field.
For example,
the AQL query might look like
this.
SELECT LOOKUP('application determination algorithm', "application determination algorithm"), * FROM flows