What is the default time interval for a QRadar flow record?

The default time interval for a QRadar flow record is 60 seconds. This time interval is specifically designed to optimize the collection and analysis of flow data, enabling QRadar to effectively aggregate network flow information. The 60-second interval ensures that the system balances the demand for timely data reporting with efficient use of resources, allowing for the identification of patterns and potential security incidents without overwhelming the system with excessive flow records.

Having this standard interval allows security analysts to analyze flows coherently over a consistent timeframe, which aids in correlation and reporting processes within QRadar. Understanding this time interval is essential for maintaining optimal performance and achieving accurate security threat detection.