Admin#
The Admin views of the Scrutinizer web interface are used to access the system’s administrative and configuration functions.
For ease of navigation, the different admin pages/views are organized into categories in the Admin Menu tray, which can be accessed from any admin page/view via the three-dot button.
Hint
The Classic UI Admin page can be accessed via either the icon next to the Admin text in the web interface header or the Classic Admin link in the tray.
Admin Dashboard
The Admin Dashboard provides a visual overview of the functions and performance of the Scrutinizer environment. It is the default view opened when clicking on the Admin text in the web interface header.
This page comprises the following interactive dashboard gadgets:
Displays the current health status, resource usage, and when each server was last seen |
|
Configuration Status |
Shows the overall configuration progress for Scrutinizer and can be expanded to show the detailed configuration checklist
Click on a configuration item to view its current status and to accept/decline the item
Click the Launch icon to open the relevant documentation page for an item, or hover over the Dependencies icon to see other related or required configuration items
|
User Activity |
Shows activity for individual users in a timeline |
Note
Click the X button to close the expanded tables for the vitals gadgets. To collapse the configuration checklist, click the progress bar a second time.
A configuration status dashboard gadget is also included in the default Welcome dashboard for Scrutinizer installs.
Vitals LEDs
Two notification LEDs for system vitals are persistent across all admin pages/views and can be used to monitor the general health of the Scrutinizer environment.
These LEDs correspond to the following system components/functions, from left to right:
Server Health: Indicates the current server health status. Clicking this navigates to the System Health: Servers page.
Exporter Health: Indicates the current exporter health status. Clicking this navigates to Admin > Resources > Exporters.
Hovering over an LED will display additional details related to the component’s current status.
The Admin Menu tray is the main access point for administrative functions in Scrutinizer. The tray can be opened from any admin page/view by clicking on the three-dot button.
The admin tray search field supports lookahead searching and can be used to quickly find settings, configuration views, or help descriptions that match the entered string.
Note
Admin views marked with a [-> can be accessed from the web interface Classic UI.
Settings
The Admin > Settings page provides access to global settings for Scrutinizer’s core functions and behavior, organized under the subcategories listed in the table below.
Click on a setting/subcategory below to learn more:
Configure AI settings including AI server URL, API Key, and which model to use |
|
Configure global alarm message options and Flow Inactivity and Interface Threshold Violation alarm settings |
|
Configure global collector settings and low resource fallback options |
|
Set alarm and flow data history retention durations |
|
Set DNS cache retention duration and resolution attempt timeout |
|
Configure and enable/disable Endpoint Analytics integration |
|
Configure SMTP server settings for email notifications and reports |
|
Configure global settings and auto-enable FlowPro Defender for appropriate algorithms |
|
Configure user session and login security options (See also: user and user group settings) |
|
Configure proxy server settings for Google Maps requests |
|
Add a custom message to the Scrutinizer login page |
|
Configure Azure account info for integrating AD Users with Machine Learning (for UEBA alerts) |
|
Manage alarm thresholds for Plixer ML Engine vitals and Office 365 detection sensitivities |
|
Set model and host/subnet limits for user and network behavior learning |
|
Set business hours for network behavior observation and modeling |
|
Define and manage device groups for network mapping |
|
Define custom map objects and manage object/group object properties |
|
Customize Scrutinizer reporting engine functions |
|
Set up default preferences/settings for new users |
|
Configure general Scrutinizer environment preferences/settings |
|
Customize color thresholds for displaying utilization |
Note
ML AD Users, ML Alerts, ML Data Limits, and ML Training Schedule are only available when a Plixer ML Engine has been registered and fully deployed.
Definitions
The Admin > Definitions category contains management views for the various user-defined elements and groupings used by the Scrutinizer system.
Hint
In views that include selection checkboxes, bulk actions become available after one or more items are selected.
Click on a setting/subcategory below to learn more:
Define custom applications using IP address and port rules |
|
View autonomous system number assignments and activity information |
|
Define custom hostname-to-IP mappings and static subnet labels for reporting |
|
Define rule-based IP range/subnet groups for reporting |
|
Add and manage custom MAC address labels |
|
Define protocol exclusion rules for reporting |
|
Manage SNMP credential sets for polling exporters in the environment |
|
Add custom labels for Type of Service (ToS) and Differentiated Services Code Point (DSCP) values in reports
(ToS Family must first be set under Admin > Settings > Reporting)
|
|
Add and manage well-known port definitions |
Note
This category includes views/pages under the Admin > Definitions tab of the Scrutinizer Classic UI.
Users & Groups
The Admin > Users & Groups category provides access to settings, options, and functions related to user management and access control.
Hint
In views that include selection checkboxes, bulk actions become available after one or more items are selected.
Click on a setting/subcategory below to learn more:
View logs of Scrutinizer web interface user actions |
|
Add and configure third-party authentication methods/servers |
|
Configure global options for local and third-party authentication methods |
|
Add and manage user authentication tokens |
|
Manage user accounts and preferences |
|
Set up local user groups and manage access to features and resources |
Integrations
The Admin > Integrations category provides access to the configuration views for the various third-party integrations that can be enabled in Scrutinizer.
Click on an integration type below to learn more:
Add/edit ASA firewall credentials for ACL description retrieval |
|
Configure Endace packet capture appliances for deep packet inspection and forensics |
|
Configure and manage Azure, AWS, OCI, or GCP flow log ingestion sources |
|
Enable/disable and configure third-party integrations for Explore > Exporters view |
|
Add and manage STIX-TAXII threat intelligence feeds |
|
Configure and manage ServiceNow instances for incident/ticket generation via notifications and collections |
|
Enable/disable and configure Viptela integration for Cisco vManage devices |
Alarm Monitor
The Admin > Alarm Monitor category covers the configuration and management views for functions related to events/detections and alert delivery.
Click on a settings subcategory below to learn more:
Reconfigure, enable/disable, and assign notification profiles to alarm policies |
|
View and manage all available FA exclusion groups |
|
Reconfigure, enable/disable, and add inclusions/exclusions to FA algorithms |
|
Define traffic for the Plixer ML Engine to monitor for behavior modeling |
|
Define subnet, host, or interface inclusion/exclusion rules for ML Engine observation |
|
Create and manage profiles to assign notification actions by alarm policy |
|
Create and manage IP address security groups to define FA algorithm inclusions |
Note
ML Dimensions and ML Rules are only available when a Plixer ML Engine has been registered and fully deployed.
Reports
The Admin > Reports category includes management views for report-related functions.
Create/manage custom report configurations |
|
Create and manage folders to organize saved reports |
|
Set up and manage scheduled email report configurations |
Note
Report threshold, folder, and scheduled email report management options can also be accessed from the main Reports views of the web interface.
Plixer
The Admin > Plixer options are used to access licensing and management views for Scrutinizer and other Plixer One platform components/products:
Register a new FlowPro license key or view details for the current license |
|
Register a new Replicator license key or view details for the current license |
|
Register a new Scrutinizer license key or view details for the current license |
Note
This admin category includes pages/views from the Admin > Settings section of the Scrutinizer Classic UI.
Additional licensing may be required to enable integration with certain Plixer components. Contact Plixer Technical Support to learn more.
Resources
The Admin > Resources category provides access to pages/views for monitoring and managing Scrutinizer features and elements in the environment.
Click on a settings subcategory below to learn more:
Manage Scrutinizer collectors and Plixer ML Engines in the environment |
|
Manage and add protocol exclusions to flow-exporting devices in the environment |
|
Define and manage packet capture rules for FlowPro probes |
|
Manage FlowPro probes sending data to Scrutinizer collectors |
|
Manage Scrutinizer settings and SNMP credentials for individual interfaces |
|
Manage host settings for Machine Learning Engine |
|
Manage host settings for Replicators |
|
View current and predicted resource utilization for individual Scrutinizer collectors |
Diagnostic Views
The Admin > Diagnostic Views category provides access to a set of internal database views for advanced troubleshooting and diagnostics. These views expose raw system and platform data and are intended for use by administrators and support personnel only.