Flow Analytics

Plixer Scrutinizer uses a wide range of Flow Analytics algorithms to discover suspcious devices, irregular behavior, and other anomalies on the network and report them as Events and Alarms under the various Alarm Monitor views. By default, enabled FA algorithms will be applied to all supported flows, which may result in excessive Event and Alarm volumes, especially in larger deployments.

To reduce the volume of unnecessary Alarms and have Flow Analytics return fewer false positives, it may be necessary to reconfigure the individual FA algorithms to tailor their functions to the end user’s specific usage scenario.

For additional information on these settings and Flow Analytics functions in general, see the either the topic on per-algorithm settings or the main Flow Analytics section of this documentation.

Important

Because of the role Flow Analytics plays in reporting actionable Alarms and Events via the Alarm Monitor views, it is recommended to go through each FA algorithm’s settings to verify that they are correctly configured for the end user’s needs.