<-

FLOW ANALYTICS > VIEW

Available Languages: English

Flow Analytics Overall Status

Scrutinizer Flow Analytics is an add on module which functions as an expert system. It interrogates every conversation from every host for traffic behavior patterns and anomalies. All conversations across selected flow sending devices are monitored at all ttimes for traffic that should or shouldn't be on the network.

The above gadget scrut_nba.cgi should be added to MyView.

Topics

top

Select Flow Devices

Some algorithms are run against all tables created from flow sending devices while others are only run against one or two tables (e.g. routers). This interface is used to select the flow sending devices (i.e. tables) the algorithm is to query.

The above gadget scrut_nba_devices.cgi is not necessary in MyView as it is bested utilized as a popup

Exclude Hosts

Some hosts will constantly violate the threshold of certain algorithms. This interface helps prevent false positive alarms by allowing selected hosts (i.e. IP addresses) to be excluded from violating one or more algorithms.

The above gadget scrut_nba_exclusions.cgi is not necessary in MyView as it is bested utilized as a popup

Hosts can easily be excluded from certain algorithms by clicking on the IP address in the Alarm Tab as shown below. This will popup the Exclude Hosts table (e.g. shown above) where the IP address can then be excluded from other algorithms.

More information on the above image can be found below.

Top Conversations

Scrutinizer can query tables created by one or hundreds of flow sending devices to determine the top conversations enterprise wide. Repeating entries are deduplicated and if necessary, repeat offenders can be excluded from showing up in the table below:

The above Top Conversations gadget should be added to MyView as well as the following gadgets:

Alarms

Alarms can show up as a gadget in MyView or in the Alarms tab.

Ideally, the Alarms tab is utilized to help manage alarm entries caused by Flow Analytics. Clicking on a hyperlink that exists within the Flow Analytics alarm entries will execute one of the following management functions:

Network Volume

The Network Volume gives Network Administrators an idea on the scale of the traffic traversing through the core network. It lists the volume of unique traffic on the network for the last 5 minute Vs. last 30 hours. The gadget scrut_nba_volume.cgi should be added to MyView

Threats Overview

The Threats Overview gives Network Administrators an idea on the frequency that each Flow Analytics algorithm is being violated.

The above gadget nbaThreatOverview.cgi should be added to MyView

Other FA Gadgets

Flow Analytics also produces gadgets for things such as:

Would you like to see a feature added to Scrutinizer? Click Here and tell us about your feature request.

Next Topic: Back to Table of Contents

Available Languages: English