Powered by Zoomin Software. For more details please contactZoomin

Flowmon Application for QRadar User Guide

Table of Contents

Suspicious activity of an IP

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 1 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

This basic example demonstrates how to investigate a suspicious host.

Let's investigate communication with blacklisted hosts in the Dashboard. Untoggle all and select BLACKLIST.

Dashboard with only BLACKLIST detection method selected
Dashboard with only BLACKLIST detection method selected

The system identifies IP address 192.168.3.225 as the source of this communication. This represents an IoC (Indicator of Compromise). To see further details about this IP address, apply it as a filter to the graph.

Applying the suspect IP address as a filter
Applying the suspect IP address as a filter

The filtered results show that this IP address has been involved in scanning, dictionary attacks, and anomalies as a source. These activities indicate the host was likely compromised.

Graph showing various malicious activities from the suspect IP
Graph showing various malicious activities from the suspect IP

TitleResults for “How to create a CRG?”Also Available inAlert