QRadar Network Insights
QRadar Network Insights Courses:
In this lab, you configure your deployment to receive QRadar Network Insights (QNI) traffic. QNI provides more detail about the traffic on your network because you can view the payload contents, rather than just metadata from the TCP packet.
You create the reference sets and rules required for QNI offenses. Then, you investigate your traffic based on these offenses. In addition, this lab demonstrates the deep level of detail that you can view in your traffic.
In this foundational education event, Brian White, from the IBM Security Learning Academy, presents an introduction to IBM Security QRadar flows and QRadar Network Insights (QNI), and IBM QRadar Support Lead YiFeng You presents solutions to common customer issues with QNI.
During this session, we explain how flows differ from events, and what types of investigations you can perform with flows. We then talk about the QRadar flow pipeline, and how QNI can enhance your flow insights. Next, we look at QNI workflows, including investigations into encrypted traffic. Finally, we discuss common customer issues with QNI and how to resolve them.