Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.

Start collaborating

Save the Date! watsonx Hackathon - Pre-TechXchange Conference Event

Skip main navigation (Press Enter).

IBM Security QRadar

View Only

Expand all | Collapse all

why is the offending IP from flows not displaying in Offence Type field

Thomas FillmoreWed April 17, 2024 01:58 PM

Rules looking for IPs in reference sets, i.e. malicious IPs/BotNet etc. sometimes populate the first ...

Dusan VIDOVICThu April 18, 2024 04:56 AM

Is it a superflow record? In such case you could have one "leading" IP and a number of others below ...

1. why is the offending IP from flows not displaying in Offence Type field

0 Like
Thomas Fillmore
Posted Wed April 17, 2024 01:58 PM

Reply
Rules looking for IPs in reference sets, i.e. malicious IPs/BotNet etc. sometimes populate the first IP in a flow rather then the actual offending IP down further in the flow records, the Offense Type field will not get populated with the actual offending IP?

------------------------------
Thomas Fillmore
------------------------------
2. RE: why is the offending IP from flows not displaying in Offence Type field

0 Like
Dusan VIDOVIC
Posted Thu April 18, 2024 04:56 AM

Reply
Is it a superflow record? In such case you could have one "leading" IP and a number of others below it in the same field in the flow record.

------------------------------
Dusan VIDOVIC
------------------------------

Original Message

Powered by Higher Logic