Available Languages: English
Scrutinizer Flow Analytics is an add on module which functions as an expert system. It interrogates every conversation from every host for traffic behavior patterns and anomalies. All conversations across selected flow sending devices are monitored at all ttimes for traffic that should or shouldn't be on the network.
The above gadget scrut_nba.cgi should be added to MyView.
Some algorithms are run against all tables created from flow sending devices while others are only run against one or two tables (e.g. routers). This interface is used to select the flow sending devices (i.e. tables) the algorithm is to query.
The above gadget scrut_nba_devices.cgi is not necessary in MyView as it is bested utilized as a popup
Some hosts will constantly violate the threshold of certain algorithms. This interface helps prevent false positive alarms by allowing selected hosts (i.e. IP addresses) to be excluded from violating one or more algorithms.
The above gadget scrut_nba_exclusions.cgi is not necessary in MyView as it is bested utilized as a popup
Hosts can easily be excluded from certain algorithms by clicking on the IP address in the Alarm Tab as shown below. This will popup the Exclude Hosts table (e.g. shown above) where the IP address can then be excluded from other algorithms.
More information on the above image can be found below.
Scrutinizer can query tables created by one or hundreds of flow sending devices to determine the top conversations enterprise wide. Repeating entries are deduplicated and if necessary, repeat offenders can be excluded from showing up in the table below:
The above Top Conversations gadget should be added to MyView as well as the following gadgets:
Ideally, the Alarms tab is utilized to help manage alarm entries caused by Flow Analytics. Clicking on a hyperlink that exists within the Flow Analytics alarm entries will execute one of the following management functions:
The Network Volume gives Network Administrators an idea on the scale of the traffic traversing through the core network. It lists the volume of unique traffic on the network for the last 5 minute Vs. last 30 hours. The gadget scrut_nba_volume.cgi should be added to MyView
The Threats Overview gives Network Administrators an idea on the frequency that each Flow Analytics algorithm is being violated.
The above gadget nbaThreatOverview.cgi should be added to MyView
Flow Analytics also produces gadgets for things such as:
Would you like to see a feature added to Scrutinizer? Click Here and tell us about your feature request.
Next Topic: Back to Table of Contents
Available Languages: English