Troubleshooting
Problem
The Network Activity tab displays flow direction for certain flows in the wrong direction. Traffic originating from the server might be reversed to make it look like the flow originated from the client.
Symptom
From the Network Activity tab in QRadar, the flow directions of certain flows display in the wrong direction. For example, NetFlow data for inbound firewall deny traffic that should be R2L displays as outbound traffic (L2R).
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":"Flows","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
10 May 2019
UID
swg21972754