Configuration menuΒΆ

  • Alarm Notifications allow checking off the entries that the Scrutinizer administrator would like to trigger events for. Events are posted as policy violations in the Alarms tab.

  • Alarm Settings optimize how notifications are triggered depending on the unique environment. Contact Plixer Technical Support for assistance.

  • Create New Board enables the user to create or delete new bulletin boards.

To modify the bulletin board that a policy posts to, visit Admin tab > Definitions > Policy Manager and edit the corresponding policy.

Note

Bulletin boards can have permissions assigned to them. More details regarding the permissions can be read about under Usergroup Permissions

  • Flow Analytics Configuration

The overall status of all algorithms and the total runtime and count of violations across all algorithms. For more information on Flow Analytics Configuration, please go to FA Configuration and Algorithm Activation Strategy.

  • Flow Analytics Settings brings the user to Admin > Settings > Flow Analytics Settings.

  • IP Groups allows the user to exclude IP addresses, entire subnets or ranges of IPs, as well as child groups from violating specific alorithms.

  • Notification Manager sets up notifications which can be triggered by policy violiations.

  • Policy manager brings the user to Admin tab > Definitions > Policy Manager which lists all of the policies that can be triggered by events. Events are passed through the policies and matches occur based on content in the Message, Source Address or Syslog Alert Level. A policy can be configured to do one of three things with an alarm:

    • Post it to a Bulletin Board (Alarms posted to a Bulletin Board will also be stored in history).

    • Only store in history for reporting.

    • Delete the alarm (It is not available in any way).

Policies also determine if a notification should be processed for an alarm by associating alarm messages with a notification profile. The Policy Manager table displays:

  • Priority: The Scrutinizer alarm policy engine compares each alarm against the defined policy list. The order they are checked is based on this priority field.

  • Check Box: used to select one, multiple or all policies to delete.

  • Name: Name of the policy.

  • Action: Violations can be posted to a Bulletin Board, stored to history only for future reporting, or deleted.

  • Hits: The number of times the policy has been violated since counters were last reset.

  • Last Violation: Date and time of the most recent violation.

  • Notification: Type of notification.

  • Creation Info: Date, Time and Username that created the policy.

  • Syslog Server contains the settings for the syslog server configuration.