QRadar Network Insights

QRadar Network Insights Courses:

Adding a QNI appliance to the QRadar deployment

The IBM QRadar Network Insights appliance can provide detailed analysis of network flows to extend the threat detection capabilities of IBM QRadar. This video demonstrates how to add an already installed QNI appliance into a QRadar deployment and how to deploy the license key.

Gaining visibility with QRadar Network Insights

Attackers can't hide on your network with IBM QRadar Network Insights. Security teams are flooded with security log activity every day, but inspecting those logs does not always generate the level of insight required to detect modern threats. They are eager to find additional methods to provide more accurate threat detection.

In this video, an attacker infiltrates and takes over a victim's computer by exploiting a phishing attack with a malicious attachment.

QRadar Network Insights analyzes network data in real-time to uncover the attacker’s footprint and expose the hidden security threats in this scenario.

Setting up a QRadar Network Insights appliances stack

This course teaches you how to configure a QRadar Network Insights appliances stack, which consists of a hardware and software setup. First, you learn how to use network ports in a stacking deployment. Then, you run an interactive simulation to configure the QNI stack.  


Introducing QRadar Flows

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn the difference between QRadar events and flows. Learn about the packet header and payload: which information is available in the header and packet, and which technologies to use to investigate header and payload information.


QRadar flow analysis and investigations

IBM Security QRadar flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which are records of network sessions between two hosts. Flows are a differentiating component in QRadar that provide detailed visibility into your network traffic.

In this course, you learn how QRadar analyzes your flow data for applications, flow direction, and superflows. You also learn how to build a QRadar flow rule, and how to perform flow searches in QRadar.