In our new release of Scrutinizer version 19.1.0, we have included a handful of new reports that help to provide more information on the NetFlow collected from your network. These are the Client – Server reports, which can show directionality of requests and responses to give insight into who is asking for what and what kind of responses they get.
Read moreAuthor: Dylan Mclaughlin
Dylan is a Technical Support Engineer with Plixer. When he's not in front of a computer, you can find him hiking or kayaking around New England.
Tuning DDoS and DRDoS flow analytics to your environment
Posted on - by Dylan Mclaughlin
As more and more devices are added to the internet, a larger swath of insecurity comes with them. Botnets and compromised devices are the main sources of headache for attacks on infrastructure, with Distributed Denial of Services attacks becoming a major tool for the bad actors to break systems or cover their tracks during an operation. Plixer Scrutinizer provides a method for alarming on these attacks in real time.
Read moreFinding threats with host index
Posted on - by Dylan Mclaughlin
Imagine someone walks up to your desk and asks a very simple question: has this IP address been seen on our network? This could be a potentially difficult question to find an answer to, especially with any confidence. Plixer Scrutinizer allows you to provide a definitive answer to whomever is asking.
Read moreShould you be monitoring ping?
Posted on - by Dylan Mclaughlin
Ping is one of those protocols that no one thinks about until it isn’t working and you’re trying to quickly troubleshoot connectivity between devices. Officially known as ICMP, ping is one of the older RFCs and is most used for its echo requests and replies for troubleshooting networks. Some administrators simply block all ICMP everywhere on their network. Is this for everyone? Is this necessary? With everyone’s network having its own constraints and security policies, hopefully this post can provide some insight into the thought process behind monitoring for ping.
Read moreMonitoring applications with Plixer Scrutinizer
Posted on - by Dylan Mclaughlin
Monitoring applications is a useful tool in the network administrators tool belt and I’d like to go over how Scrutinizer can help monitor your network in both the realm of bandwidth utilization and security alerting. This blog will cover why it is important to monitor applications and the different ways we can gather and report on that information using Scrutinizer.
Read moreSTIX/TAXII for threat intelligence
Posted on - by Dylan Mclaughlin
What is STIX/TAXII?
STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.
Read more