Report filters¶

Plixer Scrutinizer Reports grant full environment observability by aggregating network metadata with any number of user-defined filters applied. This allows reports to be used for both monitoring and investigation.

Basic filters

As part of creating a new report, the user is required to configure three report settings that function as the main filters:

Report type
Devices
Time window

These settings define how the report should aggregate data (type), which observation points or sources it should use (devices), and the period of time it should cover (window).

Additional filters

Before running a new report and after any report is run, additional filters can be added to tailor the output to the scenario the report is being used in.

The following table lists the additional filters that can be applied to reports:

Type	Description	Parameter(s)	Option(s)
Applications	Filter results for a selected NBAR application	NBAR application	Restriction
Applications defined	Filters results for a selected defined application (based on definitions under Admin > Definitions > Applications)	Defined application	Restriction
Autonomous system by tag	Filters results for the selected autonomous system (AS) tags	Autonomous system (by AS number)	Direction, restriction
Business hours	Filters results for activity during specified business hours	Start hour, end hour, time zone, days	N/A
Calculated column filter	Filters results based on values in one of the report’s calculated columns	Filter column, comparison operator and value	N/A
Country	Filters results for the selected country	Country	Direction, restriction
Device/interface	Filters results for activity associated with the specified devices, interfaces, or mapping groups	Device Interface (if a device is selected) Mapping group (if Group is selected)	N/A
Domain	Filters results for the specified domain	Domain	Direction, restriction
Flow template	Filters results for the selected template	Flow template	Restriction
Host list	Filters results for the specified hosts	Host IP address(es)	Direction, restriction
Host to host	Filters results for activity between the specified host pair	Host pair IP addresses	Restriction
IP Groups	Filters results for the selected IP Group (defined under Admin > Definitions > IP Groups)	IP Group name	Direction, restriction
IP host	Filters results for the specified host IP address	Host IP address	Direction, restriction
IP range	Filters results for the specified range of IP addresses	Starting and ending IP addresses	Direction, restriction
IP subnet	Filters results for the specified subnet	Subnet address and mask	Direction, restriction
Internal host	Filters results for activity associated with internal hosts	N/A	Direction, restriction
Port speed	Filters results for the specified inbound and outbound port speeds	Inbound and outbound port speeds	N/A
Protocol	Filters results for communications using the selected protocol	Protocol	Restriction
Sample multiplier	Used to correct the report’s results for devices that use flow sampling	Multiplier value	N/A
Source/destination port	Filters results for the specified source or destination port(s)	Port number or range	Direction, restriction
Subnet to subnet	Filters results for activity between the specified subnet pair	Subnet pair addresses and masks	Restriction
TCP flags	Filters results for traffic with the selected TCP flag	TCP flag	Restriction
Type of Service	Filters results for traffic with the selected ToS	Type of Service	Restriction
Well-known port	Filters results for the selected well-known port	Well-known port	Restriction
Wildcard mask	Filters results for the specified network and wildcard mask	Network address and mask	Direction, restriction

Direction options: Source, destination, or both Restriction options: Include or exclude

Important

The additional filters that can be added to a report vary based on the selected devices/interfaces and report type. More filters may also become available when Plixer Scrutinizer has access to devices from certain vendors or is configured with additional integrations.