Adding Exporters

Plixer Scrutinizer selectively applies Flow Analytics to incoming flow data, based on the Exporters defined for each algorithm.

To activate the system’s FA-based functions, Exporters must first be added to the enabled algorithms.

Security Groups

Plixer Scrutinizer Security Groups are user-defined groups of Exporters to which the same set of FA algorithms are applied. Security Groups allow the Exporter lists for all FA algorithms to be fully populated without the need to manually configure individual algorithms. Exporters can be added to Security Groups via the Admin > Alarm Monitor > Security Groups page.

Hint

The default Firewalls, Core Exporters, Edge Exporters, and Defender Probes Security Groups are configured with FA algorithms based on the recommended Exporter assignments.

If Flow Analytics is being configured for the first time, Exporters should be added to the Core Exporters and Edge Exporters a few at a time. This will limit the volume of Alarms that may need to be checked when testing Flow Analytics settings via the Alarm Monitor.

The Security Groups view also allows new groups to be added and the settings for existing groups to be modified.

Adding Exporters individually

For more granular control over Exporter-to-algorithm assignment, Exporters can also be added to FA algorithms via the configuration tray of the Admin > Alarm Monitor> Flow Analytics Configuration page.

Hint

Exporters can also be added to multiple algorithms as a bulk action when one or more algorithms are selected.

Because Alarm-generating algorithms will only be triggered when the target is an internal address, public IP addresses must be defined as part of an IP Group for them to be considered part of the protected network. For internal-to-internal and internal-to-external monitoring, core routers should be added to the relevant algorithms. For monitoring public assets, the edge routers of the relevant IP Groups should be added to the algorithms.