Admin

The Admin views of the Scrutinizer web interface are used to access the system’s administrative and configuration functions.

For ease of navigation, the different admin pages/views are organized into categories in the Admin Menu tray, which can be accessed from any admin page/view via the three-dot button.

Hint

The Classic UI Admin page can be accessed via either the icon next to the Admin text in the web interface header or the Classic Admin link in the tray.

Admin Dashboard

The Admin Dashboard provides a visual overview of the functions and performance of the Scrutinizer environment. It is the default view opened when clicking on the Admin text in the web interface header.

This page comprises the following interactive dashboard gadgets:

System: CPU	Displays system performance metrics in timelines or charts Click on a metric to switch views. Click on the Vitals icon to view server health.
Storage: Free Disk System	Displays available storage per collector Click on a storage element to switch views. Click on the Vitals icon to view OS health.
Services: Collector	Displays the status of system services per collector Hover over a chart element to view additional details. Click on the Vitals icon to view exporter health.
Configuration Status	Shows the overall configuration progress for Scrutinizer and can be expanded to show the detailed configuration checklist Click on a configuration item to view its current status and accept/decline the item. Click the Launch icon to open the relevant documentation page for an item, or hover over the Dependencies icon to see other related or required configuration items.
User Activity	Shows activity for individual users in a timeline

Note

• Click the X button to close the expanded tables for the vitals gadgets. To collapse the configuration checklist, click the progress bar a second time.

• A configuration status dashboard gadget is also included in the default Welcome dashboard for Scrutinizer installs.

Vitals LEDs

Three notification LEDs for system vitals are persistent across all admin pages/views and can be used to monitor the general health of the Scrutinizer environment.

These LEDs correspond to the following system components/functions, from left to right:

• Server

• Software

• Exporter

Hovering over an LED will display additional details related to the component’s current statuse. Each LED also functions as a shortcut to return to the admin dashboard with the corresponding vitals gadget expanded.

Admin Menu tray

The Admin Menu tray is the main access point for administrative functions in Scrutinizer. The tray can be opened from any admin page/view by clicking on the three-dot button.

The admin tray search field supports lookahead searching and can be used to quickly find settings, configuration views, or help descriptions that match the entered string.

Note

Admin views marked with a [-> are still only accessible via the Classic UI of the web interface.

Settings

The Admin > Settings page provides access to global settings for Scrutinizer’s core functions and behavior, organized under the subcategories listed in the table below.

Click on a setting/subcategory below to learn more:

AI Settings	Configure AI settings including AI server URL, API Key, and which model to use
Alarm Notifications	Configure global alarm message options and Flow Inactivity and Interface Threshold Violation alarm settings
Collector	Configure global collector settings and low resource fallback options
DNS	Set DNS cache retention duration and resolution attempt timeout
Data History	Set alarm and flow data history retention durations
Flow Analytics Settings	Configure global settings and auto-enable FlowPro Defender for appropriate algorithms
Global Authentication Settings	Configure user session and login security options (See also: user and user group settings)
Google Maps Proxy Server	Configure proxy server settings for Google Maps requests
Login Banner	Add a custom message to the Scrutinizer login page
ML AD Users	Configure Azure account info for integrating AD Users with Machine Learning (for UEBA alerts)
ML Alerts	Manage alarm thresholds for Plixer ML Engine vitals and Office 365 detection sensitivities
ML Data Limits	Set model and host/subnet limits for user and network behavior learning
ML Training Schedule	Set business hours for network behavior observation and modeling
Mapping Groups	Define and manage device groups for network mapping
Mapping Objects	Define custom map objects and manage object/group object properties
Reporting	Customize Scrutinizer reporting engine functions
System Preferences	Configure general Scrutinizer environment preferences/settings
System/New User Default	Set up default preferences/settings for new users
Thresholds	Customize color thresholds for displaying utilization

Definitions

The Admin > Definitions category contains management views for the various user-defined elements and groupings used by the Scrutinizer system.

Hint

In views that include selection checkboxes, bulk actions become available after one or more items are selected.

Click on a setting/subcategory below to learn more:

Applications	Define custom applications using IP address and port rules
Autonomous Systems (AS)	View autonomous system number assignments and activity information
Host Names	Define custom hostname-to-IP mappings and static subnet labels for reporting
IP Groups	Define rule-based IP range/subnet groups for reporting
MAC Addresses	Add and manage custom MAC address labels
Protocol Exclusions	Define protocol exclusion rules for reporting
Type of Service	Add custom labels for Type of Service (ToS) and Differentiated Services Code Point (DSCP) values in reports (ToS Family must first be set under Admin > Settings > Reporting)
Well-Known Ports	Add and manage well-known port definitions

Note

This category includes views/pages under the Admin > Definitions tab of the Scrutinizer Classic UI.

Users & Groups

The Admin > Users & Groups category provides access to settings, options, and functions related to user management and access control.

Hint

In views that include selection checkboxes, bulk actions become available after one or more items are selected.

Click on a setting/subcategory below to learn more:

Auditing Logs	View logs of Scrutinizer web interface user actions
Authentication Providers	Add and configure third-party authentication methods/servers
Authentication Settings	Configure global options for local and third-party authentication methods
Authentication Tokens	Add and manage user authentication tokens
User Accounts	Manage user accounts and preferences
User Groups	Set up local user groups and manage access to features and resources

Integrations

The Admin > Integrations category provides access to the configuration views for the various third-party integrations that can be enabled in Scrutinizer.

Click on an integration type below to learn more:

3rd Party Integration	Enable/disable and configure third-party integrations for Explore > Exporters view
ASA ACL Descriptions	Add/edit ASA firewall credentials for ACL description retrieval
Email Server	Configure SMTP server settings for email notifications and reports
Flow Log Ingestion	Configure and manage flow data ingestion for cloud resources/services
STIX-TAXII	Add and manage STIX-TAXII threat intelligence feeds
ServiceNow	Configure and manage ServiceNow instances for incident/ticket generation via notifications and collections
Viptela Settings	Enable/disable and configure Viptela integration for Cisco vManage devices

Flow log ingestion

Scrutinizer can be configured to ingest flow logs from cloud data sources, enabling seamless visibility between on-prem and cloud-based assets.

Data sources are added from the Admin > Integrations > Flow Log Ingestion page as follows:

1. Click the + button to open the configuration tray for a new data source:

2. Select the service/type of data source to be added.

3. Enter the required details in the secondary tray.

4. [Optional] Click Test to verify that Scrutinizer can access the data source.

5. Click Save to save the data source configuration.

Once flows originating from a cloud data source are being ingested, any exporters reported–either as part of flow contents or in attached metadata–will be added to Scrutinizer. These devices can then be used similarly to regular exporters in Scrutinizer’s functions (e.g., reports, network maps, Security Groups, etc.).

Hint

To delete one or more data source configurations, select them using the checkboxes and use the Delete Integrations option in the Bulk Actions tray.

For further information and additional set-up steps for specific cloud providers, see the corresponding sections below:

• Amazon Web Services VPC flow log ingestion

• Azure flow log ingestion

• Oracle Cloud Infrastructure Streaming flow log ingestion

• Google Cloud Platform VPC flow log ingestion

• Zscaler ZIA flow log ingestion

• Zscaler ZPA flow log ingestion

Alarm Monitor

The Admin > Alarm Monitor category covers the configuration and management views for functions related to events/detections and alert delivery.

Click on a settings subcategory below to learn more:

Alarm Policies	Reconfigure, enable/disable, and assign notification profiles to alarm policies
Flow Analytics Algorithms	Reconfigure, enable/disable, and add inclusions/exclusions to FA algorithms
ML Dimensions	Define traffic for the Plixer ML Engine to monitor for behavior modeling
ML Rules	Define subnet, host, or interface inclusion/exclusion rules for ML Engine observation
Notification Profiles	Create and manage profiles to assign notification actions by alarm policy
Security Groups	Create and manage IP address security groups to define FA algorithm inclusions

Reports

The Admin > Reports category includes management views for report-related functions.

Flow Report Thresholds	Manage custom report thresholds to trigger alarms and/or notifications
Report Designer	Create/manage custom report configurations
Report Folders	Create and manage folders to organize saved reports
Scheduled Email Reports	Set up and manage scheduled email report configurations

Note

Report threshold, folder, and scheduled email report management options can also be accessed from the main Reports views of the web interface.

Plixer

The Admin > Plixer options are used to access licensing and management views for Scrutinizer and other Plixer One platform components/products:

Endpoint Analytics	Configure and enable/disable Endpoint Analytics integration
FlowPro Licensing	Register a new FlowPro license key or view details for the current license
Replicator Licensing	Register a new Replicator license key or view details for the current license
Scrutinizer Licensing	Register a new Scrutinizer license key or view details for the current license

Note

• This admin category includes pages/views from the Admin > Settings section of the Scrutinizer Classic UI.

• Additional licensing may be required to enable integration with certain Plixer components. Contact Plixer Technical Support to learn more.

Resources

The Admin > Resources category provides access to pages/views for monitoring and managing Scrutinizer features and elements in the environment.

Click on a settings subcategory below to learn more:

Collectors	Manage Scrutinizer collectors and Plixer ML Engines in the environment
Exporters	Manage and add protocol exclusions to flow-exporting devices in the environment
FlowPro Capture Rules	Define and manage packet capture rules for FlowPro probes
FlowPro Probes	Manage FlowPro probes sending data to Scrutinizer collectors
Interfaces	Manage Scrutinizer settings and SNMP credentials for individual interfaces
ML Engines	Manage host settings for Machine Learning Engine
Replicators	Manage host settings for Replicators
SNMP Credentials	Manage SNMP credential sets for polling exporters in the environment
System Performance	View current and predicted resource utilization for individual Scrutinizer collectors