Troubleshooting
Problem
Since QRadar Network Insights (QNI) does not have its own tab, how do you view QNI Enriched content?
Resolving The Problem
To view QRadar Network Insights Enriched content, use this procedure.
Configuring your setting to view QNI Enriched flow content from the Network Activity tab
- Log in to the QRadar UI as an admin user.
- On the navigation menu ( ), click Admin.
- Click System Settings.
- Scroll down to QRadar Network Insights Settings.
- From the drop-down menu, select Flow Inspection Level > Enriched content.
- Click Save.
- From the Admin tab, click Deploy Changes.
Creating the search to view QNI Enriched flow content from the Network Activity tab
- Click Network Activity tab.
- Click Search > New Search.
- Scroll down to Column Definition.
- Scroll down to Available Columns. You see a list of column attributes that you can use for your Network Activity views. These columns represent QNI Enriched content.
- Highlight the Enriched QNI Field you would like to add to your search
A list of Enriched QNI content fields can be found in Chapter 3 of the QNI User Guide
QRadar Network Insights User Guide
Results
The following is an example of a completed QNI Enriched search.
Figure 1. Network Activity screen for Enriched QNI content.
Figure 2. Network Activity screen for Enriched QNI content.
Note: Enriched content byte size is 0 and there is no payload data. It is working as designed.
Note: Enriched content byte size is 0 and there is no payload data. It is working as designed.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6E69","label":"IBM QRadar Network Insights"},"ARM Category":[],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 July 2022
UID
ibm11089430