Configuration Menu

Alarm Notifications

Check off the entries that the Scrutinizer administrator would like to trigger events for. Events are posted as policy violations in the Alarms tab.

Alarm Settings

Optimize how notifications are triggered depending on the unique environment. Call support for assistance.

Create New Board

In the upper left hand corner, a bulletin board can be selected. Algorithms trigger policies which post to a bulletin board. This feature allows the user to create or delete new bulletin boards. To modify the bulletin board that a policy posts to, visit Admin tab > Definitions > Policy Manager and edit the corresponding policy.

Note

Bulletin boards can have permissions assigned to them. More details regarding the permissions can be read about under Usergroup Permissions

Flow Analytics Configuration

The overall status of all algorithms and the total runtime and count of violations across all algorithms. For more information on Flow Analytics Configuration, please go to FA Configuration and Algorithm Activation Strategy.

Flow Analytics Settings

Brings the user to Admin >> Settings >> Flow Analytics Settings

IP Groups

IP address(es) can be excluded from violating selected algorithms. Individual IP addresses, entire subnets or ranges of IPs can be specified. A Child can also be excluded, which is a group of IP addresses.

Notification Manager

Set up notifications which can be triggered by policy violiations.

Policy Manager

This option brings the user to Admin tab >> Definitions >> Policy Manager. This feature lists all of the policies that can be triggered by events. Events are passed through the policies and matches occur based on content in the Message, Source Address or Syslog Alert Level. A policy can be configured to do one of three things with an alarm:

  • Post it to a Bulletin Board (Alarms posted to a Bulletin Board will also be stored in history).
  • Only store in history for reporting.
  • Delete the alarm (It is not available in any way).

Policies also determine if a notification should be processed for an alarm by associating alarm messages with a notification profile. The Policy Manager table displays:

  • Priority: The Scrutinizer alarm policy engine compares each alarm against the defined policy list. The order they are checked is based on this priority field.
  • Check Box: used to select one, multiple or all policies to delete.
  • Name: Name of the policy.
  • Action: Violations can be posted to a Bulletin Board, stored to history only for future reporting, or deleted.
  • Hits: The number of times the policy has been violated since counters were last reset.
  • Last Violation: Date and time of the most recent violation.
  • Notification: Type of notification.
  • Creation Info: Date, Time and Username that created the policy.

Learn more about editing policies.

Syslog Server

Modify the settings for the syslog server.