IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  How Qradar computes flow duration

    Posted Thu September 22, 2022 08:10 AM

    Hello,

    we are receiving flows and i am analyzing their duration. I noticed that we can have:

    • a flow from one single source IP to one destination and there the flow duration seems clear to me,
    • however there is another type of flows where it is originating from multiple source IPs to the same destination IP and here i am not sure what does the flow duration indicate: is it the cumulative durations from all source IPs? and if so, is it possible to have the duration for each individual pair Source IP - Destination IP ?

    thanks



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: How Qradar computes flow duration

    Posted Thu September 22, 2022 11:22 AM

    Hi,

    Could you please go through the following technotes and see if it helps?

    https://www.ibm.com/support/pages/qradar-licenses-and-flow-data-faq

    https://www.ibm.com/support/pages/qradar-about-flows-and-difference-between-qflow-collector-and-qradar-event-collector

    If not, you can share a screenshot so that the question would be more clear.

    Thanks.



    #QRadar
    #Support
    #SupportMigration


Related Content