IBM Security QRadar Network Threat Analytics (NTA) v1.3 is now available on the X-Force App exchange. NTA v1.3 offers a new streamlined workflow, enhanced visualizations and filtering capabilities, and the addition of deviating categories to events that can be leveraged in QRadar rules and Offense generation.
Easily pivot across your network data and Findings
When you install NTA v1.3 you’ll see that we’ve broken out the content into tabs which include an Overview tab along with tabs for Findings, geographic and data specific views. We’ve also updated the Overview tab to show both network traffic information (shown in purple) and NTA Finding information (shown in red) for a comprehensive view of what is happening across your network.
Findings have moved to their own dedicated tab to make viewing and analysis easier.
Filters work seamlessly across views as you pivot between network data and Findings.
Informational pop-ups make for easier navigation as you drill down during an investigation.
Events from NTA v1.3 now contain additional fields that are automatically mapped into QRadar properties. We now include the following category scores enabling you to trigger rules or create offenses for NTA Findings that meet or exceed specific thresholds.
- Source Attributes Score
- Destination Attributes Score
- Source Rate Score
- Destination Rate Score
- Source Destination Ratio Score
- Protocol App Metadata Score
- X509 Cert Score
- TLS Protocol Score
- File Score
IBM Security QRadar Network Threat Analytics v1.3 is available to all QRadar customer on the X-Force App Exchange, allowing you to leverage your network data from flows and QRadar Network Insights (QNI) to extend your Network Detection and Response capabilities.