Powered by Zoomin Software. For more details please contactZoomin

Flowmon Application for QRadar User Guide

Table of Contents

Building blocks

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

The Flowmon content pack also includes several building blocks. These building blocks are used to label Flowmon single events or their combination. Building blocks are used in the correlation rules but can also be used in custom user searches and reports.

  • Flowmon ADS: BB: ACCESSATTACK - Attack
  • Flowmon ADS: BB: ALIENDEV
  • Flowmon ADS: BB: ANOMALY
  • Flowmon ADS: BB: Anomaly
  • Flowmon ADS: BB: Attack
  • Flowmon ADS: BB: BITTORRENT
  • Flowmon ADS: BB: BLACKLIST
  • Flowmon ADS: BB: BPATTERNS
  • Flowmon ADS: BB: BROKENSEN
  • Flowmon ADS: BB: Communication to Internet
  • Flowmon ADS: BB: COUNTRY
  • Flowmon ADS: BB: DATALEAKS - COUNTRY or GEODIST
  • Flowmon ADS: BB: DATALEAKS - WEBSHARE or UPLOAD or DOHDET
  • Flowmon ADS: BB: DHCPANOM
  • Flowmon ADS: BB: DIRINET
  • Flowmon ADS: BB: DIVCOM
  • Flowmon ADS: BB: DNSANOMALY
  • Flowmon ADS: BB: DNSQUERY
  • Flowmon ADS: BB: DNSREVERSE
  • Flowmon ADS: BB: DOHDET
  • Flowmon ADS: BB: DOS
  • Flowmon ADS: BB: DOSATTACK - Anomaly or Attack
  • Flowmon ADS: BB: GEODIST
  • Flowmon ADS: BB: HIGHTRANSF
  • Flowmon ADS: BB: HONEYPOT
  • Flowmon ADS: BB: HTTPDICT
  • Flowmon ADS: BB: ICGUARD
  • Flowmon ADS: BB: ICMPANOM
  • Flowmon ADS: BB: INSTMSG
  • Flowmon ADS: BB: IPV6TUNNEL
  • Flowmon ADS: BB: L3ANOMALY
  • Flowmon ADS: BB: LATENCY
  • Flowmon ADS: BB: MALWARE - Anomaly
  • Flowmon ADS: BB: MALWARE - Anomaly followed by Attack
  • Flowmon ADS: BB: MALWARE - Attack
  • Flowmon ADS: BB: MALWARE - Attack followed by Anomaly
  • Flowmon ADS: BB: MALWARE - Attack followed by Anomaly or Anomaly followed by Attack
  • Flowmon ADS: BB: MALWARE - BLACKLIST or HONEYPOT
  • Flowmon ADS: BB: MULTICAST
  • Flowmon ADS: BB: NATDET
  • Flowmon ADS: BB: Network misconfiguration
  • Flowmon ADS: BB: PEERS
  • Flowmon ADS: BB: RANDOMDOMAIN
  • Flowmon ADS: BB: RDPDICT
  • Flowmon ADS: BB: REFLECTDOS
  • Flowmon ADS: BB: SCANS
  • Flowmon ADS: BB: SIPFLOOD
  • Flowmon ADS: BB: SIPPROXY
  • Flowmon ADS: BB: SIPSCAN
  • Flowmon ADS: BB: SMTPANOMALY
  • Flowmon ADS: BB: SRVNA
  • Flowmon ADS: BB: SSHDICT
  • Flowmon ADS: BB: SYSCHECK
  • Flowmon ADS: BB: System
  • Flowmon ADS: BB: TEAMVIEWER
  • Flowmon ADS: BB: TELNET
  • Flowmon ADS: BB: TOR
  • Flowmon ADS: BB: UPLOAD
  • Flowmon ADS: BB: Utilization
  • Flowmon ADS: BB: VOIP
  • Flowmon ADS: BB: VoIP
  • Flowmon ADS: BB: VPN
  • Flowmon ADS: BB: WEBSHARE
TitleResults for “How to create a CRG?”Also Available inAlert