User Name Reporting Overview

Overview

User Name reporting (and other User Name features) requires integration with an authentication system such as a Microsoft Domain Controller. Most authentication systems are supported (e.g. Cisco ISE, LDAP, TACACS+, Radius, etc.). The following sections of the User Manual provide some step-by-step help in configuring the integration.

Other devices that require authentication, such as firewalls and wireless LAN controllers, can also provide User Name information to Scrutinizer.

Once the User Name integration is in place, the following features are available in Scrutinizer.

  • User Name Reporting
  • Alarms reporting with User Name
  • Saved Flows Search by User Name

User Name Reporting

User Name reports are available under:

  • Top reports category

    • Reports the amount of traffic generated per user
  • Device-specific report categories (such as SonicWALL, Palo Alto, or Wireless reports)

    • Reports the amount of traffic generated per user
  • Source / Destination > User Name by IP reports

    • These reports display the user name(s) associated with the IP Address during the report time frame.

With the User Name reports, network usage per user can be monitored. Alerting on a user’s traffic volume or type of traffic can occur if set thresholds have been violated.

Alarms reporting with User Name

Alarms can be associated with the user name of the user that has triggered them, helping to reduce the MTTR (Mean Time to Resolution) for network issues by highlighting who was responsible for the alarm.

Saved Flows Search by User Name

If it’s a specific user that requires investigation and/or monitoring, finding that users traffic is quick and easy with the Search Tool on the Status page, using either “User as Source” or “User as Destination” as the search field.