Additional settings¶
Plixer Scrutinizer’s flow analytics functions can be further adapted to more unique network and/or security requirements through the configuration options below.
Global settings
The following global settings (Admin > Settings > Flow Analytics Settings) can be used to enable or configure additional FA-based features:
Setting |
Description |
Auto-Enable Defender |
When checked, Plixer FlowPro Defender is automatically enabled for algorithms that support it. |
Jitter by Interface |
Sets the variation in packet delay due to queueing, contention, and/or serialization (Default: 80 ms);
Also used for record highlighting in Status reports
|
Latency |
Sets the latency value used for record highlighting in Status reports (Default: 75 ms) |
Share Violations |
When checked, allows the system to share details of cyber attacks coming from Internet IP addresses with the Plixer Security Team (May require firewall permissions);
This information is used to further improve the global host reputation list. No internal addresses will be shared.
|
Top Algorithm Devices |
Controls whether Top X FA algorithms are applied to all exporters or need to be configured individually |
Algorithm settings
In addition to inclusions and exclusions, most FA algorithms have additional settings that control how they are applied to collected flow data. These settings include thresholds for adjusting detection sensitivity and traffic directionality inclusion/exclusion options.
For a full list of algorithm settings, see this table.
Custom reputation lists
The Host Reputation FA algorithm is capable of using custom lists in conjunction with Plixer Scrutinizer’s default host reputation lists. When a host in any reputation list becomes the target of traffic, the event is reported under the Host Reputation alarm policy.
To import a list of IP addresses as a custom host reputation list, follow these steps:
Add the hosts to a file, using one line for each IP address.
Example:
10.1.1.1 10.1.1.2 10.1.1.3
Save the file with a
.importextension. (e.g., custom_threats.import)Important
The name of the file will be used for artifacts involving the included hosts on the Alarm Summary page.
Move the file to the
\scrutinizer\files\threats\directory.
The file is imported hourly, at the same time that threat lists are updated.
Hint
To manually run the file import operation, use the command scrut_util --downloadhostreputationlists.