Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community

Skip main navigation (Press Enter).

IBM Security QRadar

View Only

Expand all | Collapse all

How Qradar computes flow duration

Community Support AdminThu September 22, 2022 08:10 AM

Hello, we are receiving flows and i am analyzing their duration. I noticed that we can have: a ...

Community Support AdminThu September 22, 2022 11:22 AM

Hi, Could you please go through the following technotes and see if it helps? https://www.ibm.com/support/pages/qradar-licenses-and-flow-data-faq ...

1. How Qradar computes flow duration

0 Like
Community Support Admin
Posted Thu September 22, 2022 08:10 AM

Reply
Hello,
we are receiving flows and i am analyzing their duration. I noticed that we can have:
a flow from one single source IP to one destination and there the flow duration seems clear to me,
however there is another type of flows where it is originating from multiple source IPs to the same destination IP and here i am not sure what does the flow duration indicate: is it the cumulative durations from all source IPs? and if so, is it possible to have the duration for each individual pair Source IP - Destination IP ?
thanks

#QRadar
#Support
#SupportMigration
2. RE: How Qradar computes flow duration

0 Like
Community Support Admin
Posted Thu September 22, 2022 11:22 AM

Reply
Hi,

Could you please go through the following technotes and see if it helps?
https://www.ibm.com/support/pages/qradar-licenses-and-flow-data-faq
https://www.ibm.com/support/pages/qradar-about-flows-and-difference-between-qflow-collector-and-qradar-event-collector

If not, you can share a screenshot so that the question would be more clear.

Thanks.

#QRadar
#Support
#SupportMigration

Powered by Higher Logic