IBM Security QRadar

 View Only
  • 1.  Network activity tab

    Posted Tue April 05, 2022 08:27 AM
    Hi guys, i wanted to ask why i don't have the network activity tab on my qradar? I have seen that tabs can be added and also apps can be installed, is there an option or application so i can install the network activity app on my qradar?

    ------------------------------
    Slavcho Andreevski
    ------------------------------


  • 2.  RE: Network activity tab

    Posted Wed April 06, 2022 06:07 PM

    Hi I would recommend that you review this traning that explains the basics of flows :

    https://www.securitylearningacademy.com/course/view.php?id=4863

    If you are talking  app you are talking it's NTA (Network Threat Analytics), you can find it on the App Exchange here:

    https://exchange.xforce.ibmcloud.com/hub/extension/744fd082be8feffe979618598cf8224f

    Just remember to make that work your QRadar will need to receive information as Flows before it can do anything.
    Regards



    ------------------------------
    Juan Paulo
    IBM
    Santiago
    ------------------------------



  • 3.  RE: Network activity tab

    Posted Thu April 07, 2022 01:08 AM
    The Network Activity tab should be there for most deployments of a QRadar SIEM product. The one exception I am aware of is QRadar on Cloud where the tab is hidden unless you are licensed for flows.

    ------------------------------
    Dale Bowie
    QRadar Network Insights and Incident Forensics Product Owner
    IBM
    ------------------------------



  • 4.  RE: Network activity tab

    Posted Thu April 07, 2022 04:13 AM
    Thank you for your reply. I was asking that i don't have the network activity on my qradar. I have a stand alone appliance installed in my company but i don't really know why i do not have the network activity tab.. Here is a screenshut of it. How do i add into the qradar tabs?
    I managed to add items to the dashboard from the network activity and than by clicking to view the results i can go to the network tab.. But that is not the solution. (Also there are no results there but i guess its because there are no assets flows that are being read from the qradar.. - that will be the second problem i will be solving)


    ------------------------------
    Slavcho Andreevski
    ------------------------------



  • 5.  RE: Network activity tab

    Posted Thu April 07, 2022 10:45 AM

    Hi Slavcho... sorry I misread your question. The 2 thing I think you could review to verify if you have all the permissions to see the "Network Activity" Tab its:

    Do you have Do you have Flow licenses?
     Try Admin -> System and License Management -> Display (Licenses), review the latest column Flow Rate Limit and/or click on License Pool Management.


    Do you have a user with permissions to see that Tab ?
    Try Admin -> Users -> Verify the name of the role of your user
    Verify what that rol can see
    Try Admin -> User Roles -> Name of your role (on the left) -> Verify that your role has checked permissions.


    Hopes that this info will help you




    ------------------------------
    Juan Paulo
    IBM
    Santiago
    ------------------------------



  • 6.  RE: Network activity tab

    Posted Mon April 18, 2022 05:38 AM
    Thank you for your reply.. Have been off work and now i am checking this.. I don't know about the licenses but here is a screenshot of it. Also i have all the checkboxes checked in the network activity. Also now i can't see any network flow in my network.. I suppose i have to add network assets like switches, routers, firewalls in order to see network flow? Am i right?



    ------------------------------
    Slavcho Andreevski
    ------------------------------



  • 7.  RE: Network activity tab

    Posted Tue April 19, 2022 12:58 AM
    You won't need to be actively collecting network data to be able to see the network activity tab. One last thing I would suggest is to double check network activity tab isn't present if you open up the main menu bar by clicking on the three lines in the top left of the UI. If it doesn't appear there, I would suggest opening a support ticket for someone to investigate further. 

    As for getting started with flows, yes, the simplest way is to configure NetFlow, IPFIX, sFlow or J-Flow from any of your switches/routers/firewalls and sending them to a configured flow source in QRadar.

    ------------------------------
    Dale Bowie
    QRadar Network Insights and Incident Forensics Product Owner
    IBM
    ------------------------------



  • 8.  RE: Network activity tab

    Posted Tue April 19, 2022 03:49 AM
    I checked it, it was not turned on to be shown on my qradar.. I checked everything except that (hah i feel dump now). Thank for your replies i resolved it now.
    I will try to configure my routers/switches and firewall and let you know if i get the network flow running. Thank you again

    ------------------------------
    Slavcho Andreevski
    ------------------------------



  • 9.  RE: Network activity tab

    Posted Mon April 25, 2022 01:33 AM
      |   view attached
    From Left hand side, there are 3 lines which will give you a drop down menu.

    Please star the Network Activity option from that if not done.

    Already shared a screenshot to help you.

    ------------------------------
    Namit Maurya
    ------------------------------