Table of Contents

• Setup
  • VirtualBox: Add bridge network interface to QRadar VM
    • Configure the new bridge adapter in QRadar console
  • QRadar: Add flow source
• Result

Setup

VirtualBox: Add bridge network interface to QRadar VM

In VirtualBox, add a Bridged network adapter to the QRadar VM, leaving the default settings

Configure the new bridge adapter in QRadar console

Start up the QRadar VM. Type in ip a to see the new network interface's device ID. In this case, it is enp0s8

Using this device ID, create a new config file in the network-scripts directory called ifcfg-enp0s8

Type in the information above and write the changes to the file

QRadar: Add flow source

In the QRadar Admin tab, scroll down to Flows and click Flow Sources. Give this source a name, set the type to Network Interface, and set the flow interface to enp0s8. Save

Deploy the changes

Result

The Network Activity tab will now show a stream of information events occurring on the network