IBM Support

QRadar Network Insights: How to view QNI content flows from the Network Activity tab

Troubleshooting


Problem

Since QRadar Network Insights (QNI) does not have its own tab, how do you view QNI Enriched content?

Resolving The Problem

To view QRadar Network Insights Enriched content, use this procedure.

Configuring your setting to view QNI Enriched flow content from the Network Activity tab

  1. Log in to the QRadar UI as an admin user.
  2. On the navigation menu (image-20191018130218-2 ), click Admin.
  3. Click System Settings.
  4. Scroll down to QRadar Network Insights Settings.
  5. From the drop-down menu, select Flow Inspection LevelEnriched content.
    image-20191021160032-1
  6. Click Save.
  7. From the Admin tab, click Deploy Changes.

Creating the search to view QNI Enriched flow content from the Network Activity tab

  1. Click Network Activity tab.
  2. Click Search > New Search.
    image-20191020145329-3
  3. Scroll down to Column Definition.
  4. Scroll down to Available Columns. You see a list of column attributes that you can use for your Network Activity views. These columns represent QNI Enriched content.
    image-20191021155416-1
  5. Highlight the Enriched QNI Field you would like to add to your search
    A list of Enriched QNI content fields can be found in Chapter 3 of the QNI User Guide
    QRadar Network Insights User Guide

Results
The following is an example of a completed QNI Enriched search.
 
Figure 1. Network Activity screen for Enriched QNI content.
image-20191018160950-3
Figure 2. Network Activity screen for Enriched QNI content.
Note: Enriched content byte size is 0 and there is no payload data. It is working as designed.
image-20191018161021-4

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6E69","label":"IBM QRadar Network Insights"},"ARM Category":[],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
21 July 2022

UID

ibm11089430