While a search runs on the Network Activity tab, the direction of a set of flows is seen as R2R. The source IP of this set of flows is an internal email server.
What does this situation suggest about the QRadar configuration?
While a search runs on the Network Activity tab, the direction of a set of flows is seen as R2R. The source IP of this set of flows is an internal email server.
What does this situation suggest about the QRadar configuration?
This situation suggests that the email server is not included in the network hierarchy. When QRadar sees traffic as R2R (Remote to Remote), it means both the source and destination IPs are considered to be outside the defined network hierarchy. In this case, seeing an internal email server as a source for R2R traffic implies that QRadar does not recognize the server as part of the internal network. Therefore, ensuring the email server is included in the network hierarchy would resolve this issue.
Answer "C" is correct