Dear All,
Recently, We have installed the Network Threat Analytic APP in Qradar and ingested the Netflow logs from Firewall.
On checking the flow data , we could able to see the fields like
Total deviation score , Primary Deviation score , Frequency weighted deviation score under Analytic field. Just want to understand how this score is getting calculated.
What is
Deviation Flags (group 1) ,Deviation Flags (group 2) ,Deviation Flags (group 3) ,Deviation Flags (group 4).
I am unable to find any article for my above query.
Please help ------------------------------
Cyber SOC Engineering
------------------------------