Report filters¶
Plixer Scrutinizer Reports grant full environment observability by aggregating network metadata with any number of user-defined filters applied. This allows reports to be used for both monitoring and investigation.
Basic filters
As part of creating a new report, the user is required to configure three report settings that function as the main filters:
Report type
Devices
Time window
These settings define how the report should aggregate data (type), which observation points or sources it should use (devices), and the period of time it should cover (window).
Additional filters
Before running a new report and after any report is run, additional filters can be added to tailor the output to the scenario the report is being used in.
The following table lists the additional filters that can be applied to reports:
Type |
Description |
Parameter(s) |
Option(s) |
Applications |
Filter results for a selected NBAR application |
NBAR application |
Restriction |
Applications defined |
Filters results for a selected defined application
(based on definitions under Admin > Definitions > Applications)
|
Defined application |
Restriction |
Autonomous system by tag |
Filters results for the selected autonomous system (AS) tags |
Autonomous system (by AS number) |
Direction, restriction |
Business hours |
Filters results for activity during specified business hours |
Start hour, end hour, time zone, days |
N/A |
Calculated column filter |
Filters results based on values in one of the report’s calculated columns |
Filter column, comparison operator and value |
N/A |
Country |
Filters results for the selected country |
Country |
Direction, restriction |
Device/interface |
Filters results for activity associated with the specified devices, interfaces,
|
Device
Interface (if a device is selected)
Mapping group (if Group is selected)
|
N/A |
Domain |
Filters results for the specified domain |
Domain |
Direction, restriction |
Flow template |
Filters results for the selected template |
Flow template |
Restriction |
Host list |
Filters results for the specified hosts |
Host IP address(es) |
Direction, restriction |
Host to host |
Filters results for activity between the specified host pair |
Host pair IP addresses |
Restriction |
IP Groups |
Filters results for the selected IP Group
(defined under Admin > Definitions > IP Groups)
|
IP Group name |
Direction, restriction |
IP host |
Filters results for the specified host IP address |
Host IP address |
Direction, restriction |
IP range |
Filters results for the specified range of IP addresses |
Starting and ending IP addresses |
Direction, restriction |
IP subnet |
Filters results for the specified subnet |
Subnet address and mask |
Direction, restriction |
Internal host |
Filters results for activity associated with internal hosts |
N/A |
Direction, restriction |
Port speed |
Filters results for the specified inbound and outbound port speeds |
Inbound and outbound port speeds |
N/A |
Protocol |
Filters results for communications using the selected protocol |
Protocol |
Restriction |
Sample multiplier |
Used to correct the report’s results for devices that use flow sampling |
Multiplier value |
N/A |
Source/destination port |
Filters results for the specified source or destination port(s) |
Port number or range |
Direction, restriction |
Subnet to subnet |
Filters results for activity between the specified subnet pair |
Subnet pair addresses and masks |
Restriction |
TCP flags |
Filters results for traffic with the selected TCP flag |
TCP flag |
Restriction |
Type of Service |
Filters results for traffic with the selected ToS |
Type of Service |
Restriction |
Well-known port |
Filters results for the selected well-known port |
Well-known port |
Restriction |
Wildcard mask |
Filters results for the specified network and wildcard mask |
Network address and mask |
Direction, restriction |
Direction options: Source, destination, or both Restriction options: Include or exclude
Important
The additional filters that can be added to a report vary based on the selected devices/interfaces and report type. More filters may also become available when Plixer Scrutinizer has access to devices from certain vendors or is configured with additional integrations.