Reviewing Alarm Monitor for suspicious hostsΒΆ

The Plixer Scrutinizer Alarm Monitor provides users with real-time alerts to both performance issues and security threats and allows them to drill into event details by policy violation or by host.

Workflow

To inspect activity for suspicious hosts using the Alarm Monitor:

  1. Navigate to Monitor > Alarm Monitor in the web interface.

  2. Switch to the Hosts subtab and add a filter to show only Critical severity violations.

  3. Use the dropdown to switch to the Event Connections view to look for hosts involved in multiple events.

  4. Drill into events or run reports filtered on potential threats as needed.

See also

To learn more about configuring and refining reports, see this use case.