IBM Security QRadar

 View Only

Network Threat Analytics APP

  • 1.  Network Threat Analytics APP

    Posted Tue June 28, 2022 04:39 PM
    Dear All,

    Recently, We have installed the Network Threat Analytic APP in Qradar and ingested the Netflow logs from Firewall.

    On checking the flow data , we could able to see the fields like Total deviation score , Primary Deviation score , Frequency weighted deviation score under Analytic field. Just want to understand how this score is getting calculated.

    What is Deviation Flags (group 1) ,Deviation Flags (group 2) ,Deviation Flags (group 3) ,Deviation Flags (group 4).

    I am unable to find any article for my above query. 

    Please help 

    Cyber SOC Engineering