User name reporting

User name reporting (and other user name features) requires integration with an authentication system such as a Microsoft Domain Controller. Most authentication systems are supported (e.g. Cisco ISE, LDAP, TACACS+, Radius, etc.). The following sections of the User Manual provide some step-by-step help in configuring the integration.

Other devices that require authentication, such as firewalls and wireless LAN controllers, can also provide User Name information to Scrutinizer.

Once the user name integration is in place, the following features are available in Scrutinizer.

  • user name reporting
  • Alarms reporting with user name
  • Saved Flows search by user name

User name reports are available under:

  • Top reports category;
  • Device-specific report categories (such as SonicWALL, Palo Alto, or wireless reports);
  • Source / Destination > User Name by IP reports.

Alarms reporting with user name Alarms can be associated with the user name of the user that has triggered them, helping to reduce the MTTR (Mean Time to Resolution) for network issues by highlighting who was responsible for the alarm.

Saved Flows Search by user name

If it’s a specific user that requires investigation and/or monitoring, finding that users traffic is quick and easy with the Search Tool on the Status page, using either “User as Source” or “User as Destination” as the search field.