STRATEGIC BUSINESS PARTNERS

Platin Bilişim has cooperations with the strongest and leader brands. Our target is not only make a difference on our rivals via our certificated and powerful engineer staff but also; providing IT security products and services for our customers from end to end.

QRadar Flow Processor

It is a module that collects Network Flow data, counts the EPS license, normalizes it, runs the rule / correlation mechanism and stores it on the Flow data. It supports Netflow, Jflow, Sflow, Packageer protocols.

Provides flow analysis to help you understand and respond to activities on your network. This unified solution enables better detection of threats, meeting policy and regulatory compliance requirements, and minimizing risks for mission-critical services, data and assets. A flow begins when the Flow Collector detects the first package with a source IP address, destination IP address, source port, destination port, and other custom protocol options.

  • The flow rate for the flow is determined by your FPM (FlowPerMinute) license.
  • For network sessions that span multiple time intervals (minutes), it reports a record at the end of each minute, with data valid for metrics such as bytes and packets.
  • In QRadar, you can see more than one record (per minute) with "First Packet Time" and "Last Packet Time" over time.

 

Flow Deduplication: Flow deduplication is a process that removes double flows when multiple flow collectors provide data to the processor devices.

Asymmetric Recombination: When the data is provided asymmetrically, it is responsible for joining both sides of each stream. This process can recognize streams from both sides and combine them in a record.

License throttling: Tracks the number of streams to the system to manage input queues and licensing.

Forwarding: Applies routing rules for the system, such as sending flow data to external data targets, external Syslog systems, JSON systems, and other SIEMs.

Flow data passes from the custom rule engine (CRE) and is related to the structured rules, and an offense can be created based on this correlation.