Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Security

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.

Start collaborating

Get 1 Month Free Access to Generative AI Fundamentals on Coursera

Skip main navigation (Press Enter).

IBM Security QRadar

View Only

Expand all | Collapse all

why is the offending IP from flows not displaying in Offence Type field

Thomas Fillmore30 days ago

Rules looking for IPs in reference sets, i.e. malicious IPs/BotNet etc. sometimes populate the first ...

Dusan VIDOVIC29 days ago

Is it a superflow record? In such case you could have one "leading" IP and a number of others below ...

1. why is the offending IP from flows not displaying in Offence Type field

0 Like
Thomas Fillmore
Posted 30 days ago

Reply
Rules looking for IPs in reference sets, i.e. malicious IPs/BotNet etc. sometimes populate the first IP in a flow rather then the actual offending IP down further in the flow records, the Offense Type field will not get populated with the actual offending IP?

------------------------------
Thomas Fillmore
------------------------------
2. RE: why is the offending IP from flows not displaying in Offence Type field

0 Like
Dusan VIDOVIC
Posted 29 days ago

Reply
Is it a superflow record? In such case you could have one "leading" IP and a number of others below it in the same field in the flow record.

------------------------------
Dusan VIDOVIC
------------------------------

Original Message

Powered by Higher Logic