Definitions

The Admin > Definitions category contains management views for the various user-defined elements and groupings used by the Plixer Scrutinizer system.

Hint

In views that include selection checkboxes, bulk actions become available after one or more items are selected.

Click on a setting/subcategory below to learn more:

Applications

Define custom applications using IP address and port rules

Autonomous Systems (AS)

View autonomous system (AS) numbers/properties

Host Names

Define custom hostname-to-IP mappings and static subnet labels for reporting

IP Groups

Define rule-based IP range/subnet groups for reporting

MAC Addresses

Add and manage custom MAC address labels

Protocol Exclusions

Define protocol exclusion rules for reporting

Type of Service
Add custom labels for Type of Service (ToS) and Differentiated Services Code Point (DSCP) values in reports
(ToS Family must first be set under Admin > Settings > Reporting)

Well Known Ports

Add and manage well-known port definitions

Note

This category includes views/pages under the Admin > Definitions tab of the Plixer Scrutinizer Classic UI.

IP groups

IP groups are user-defined device groupings that can be leveraged when running reports, applying filters, or defining exclusions for FA algorithms.

Adding a new IP group

To add a new IP group, follow these steps:

  1. On the Admin > Definitions > IP Groups page, click the (+) button to open the Add IP Group tray.

  2. Enter a name for the group.

  3. Select whether the group is internal or external from the IP Group Type dropdown.

  4. Click Save.

  5. In the main view, click the newly created IP group to open the configuration tray.

  6. Expand the Rules section of the tray, and then click the (+) button to add a new rule.

  7. In the secondary tray, select the rule type (IP address, subnet, etc.) to add.

  8. Enter the details required for the rule in the additional fields.

  9. Click Add to save the rule.

Steps 6 - 9 can be repeated as needed to define any number of membership rules for the IP group. Settings for existing IP groups can be further modified at any time.

Note

  • If there are overlapping host sets between IP groups, a host will automatically be assigned to the group whose rules define the narrowest range of addresses.

  • The locality (internal or external) designations have multiple uses, including specifying traffic directionality (e.g., internal->interal, external->internal, etc.) for FA detections and defining inclusion and exclusion filters for report data sources. They also allow teams to quickly identify addresses as being internal or external to the organization when viewing host details.

Bulk actions

When one or more IP groups are selected using the checkboxes, the following batch operations become available via the Bulk Actions button:

  • Adding new rules to all selected IP groups

  • Deleting all selected IP groups