IBM Security QRadar

 View Only
Expand all | Collapse all

Redirect Flows from Console to Flow Processor (FP)

  • 1.  Redirect Flows from Console to Flow Processor (FP)

    Posted Mon February 22, 2021 09:23 AM
    Hello Experts,

    I want to redirect flows from AIO console to Flow Processor.

    I have a AIO Qradar console, with three interfaces, the management is used to process flow source type "Netflow", while the other two interfaces with Role "Monitor" are used to process flow source type "Network Interface". I have few questions I will like to know as stated below:

    1) The Role "Monitor" does it mean the interface is used to monitor SPAN traffic say from a core switch?

    2) Does Flow Processor supports setting up SPAN traffic? If it does how do i set it up on FP.

    3) Is there a way on QRadar to know the flow sources forwarding netflow/ipfix traffic to QRadar?


    I will appreciate you response. Thank you. I am new to flows on QRadar.

    Regards,

    ------------------------------
    benjamin Nworah
    ------------------------------


  • 2.  RE: Redirect Flows from Console to Flow Processor (FP)

    Posted Tue February 23, 2021 02:05 PM
    Benjamin, we have discussed this in Detail yesterday . Just for our listening community one brief note to everybody:
    you don't redirect flows from console to FP. you instruct flow source to send its data to FP.

    I know you are aware of these details. I just want to make sure there is no misunderstanding here.

    BR Karl

    ------------------------------
    Karl-Heinz Jaeger
    senior consultant
    pro4bizz GmbH
    Karlsruhe
    +4972190981722
    ------------------------------

    Original Message