Last Event/Flow

Total number of Events

Duration of the offense

Relative importance of Destination IP(s)

A flow occurs at a moment in time while events have a duration from a log source.

An event occur at a moment in time while flows have a duration from the flow source.

An event is a record from a log source, such as a firewall or router device, that describes an action on a network. A flow record provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.

A flow is a record from a log source, such as a firewall or router device, that describes an action on a network. An event analysis provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.

QRadar determines it by the weight that the administrator assigned to the networks and assets.

It indicates the threat that an attack poses in relation to how prepared the destination is for the attack

It indicates the relative importance of the offense, calculated based on the relevance, severity, and credibility ratings

It indicates the integrity of the offense as determined by the credibility rating that is configured in the log source. It increases as multiple sources report the same event.

Mapping directly to rules

Mapping directly to dependencies

Mapping to the customize template

Mapping to the Use Case Explorer page

Impact

Severity

Relevance

Credibility

Severity

Magnitude

Relevance

Credibility

Queues events in RAM

Routes data to storage

Bypasses EPS Licensing

Drops events from the pipeline