QRadar Network Detection and Response
IBM Security QRadar Network Detection and Response (NDR) provides network visibility and analytics to help you detect hidden threats in your network. Integrated with IBM QRadar SIEM and IBM QRadar Security Orchestration Automation and Response, it provides comprehensive detection and response across on-premises, cloud, and hybrid environments.
- Eliminating blind spots on the network where threat activity can go undetected.
- Using advanced analytics to automatically detect suspicious behaviors and activity.
- Responding quickly with automated response actions, playbooks, and case management.
- Streamlining workflows with a unified solution that scales to meet the needs of the organization.
The solution includes multiple integrated technologies that you can use to tailor the detection and response capabilities in your QRadar environment. For more information, see Network Detection and Response (NDR) on the IBM website.
QRadar flows
QRadar flow data provides comprehensive network visibility by ingesting NetFlow, J-Flow, sFlow, and IPFIX traffic from devices across your network. Cloud-based flows that are packaged as logs, such as Amazon Web Services (AWS) VPC Flow logs, are converted to native flow records for analysis, enabling seamless visibility across on-premises and cloud environments.
QRadar Network Insights
QRadar Network Insights provides greater depth of visibility by using full packet streams to reconstruct and analyze network sessions in real time. By extracting vital metadata and application content, this telemetry extends the detection capabilities of QRadar NDR and provides deep insight into an attackers’ precise behavior.
QRadar Network Threat Analytics
QRadar Network Threat Analytics uses machine learning to continuously baseline your network environment and analyze network activity as it happens. By automatically identifying new or unusual behaviors that might otherwise go unnoticed, it enhances the detection capability of your QRadar environment and enables threat hunting across your networks.
QRadar DNS Analyzer
QRadar DNS Analyzer provides insight into your local DNS traffic. It identifies malicious activity and enables your security team to detect domain-generated algorithm (DGA), tunneling, or squatting domains that are being accessed from within your network.
QRadar Network Packet Capture
- This software offering is no longer available.
QRadar Incident Forensics
- This offering is not available in QRadar 7.6.0. It continues to be supported in the QRadar 7.5.0 release stream. For more information, see QRadar Network Detection and Response.