Author: Jeff Morrison

Jeff Morrison is a Solutions Engineer here at Plixer. He is responsible for travelling on-site to provide assistance with initial deployment, setup and design, in-depth training, and custom configurations. While in the office Jeff is responsible for providing technical assistance on initial overviews, providing training for internal resources, and researching integrations with 3rd-party vendors. When not on the road travelling, he enjoys playing music, riding motorcycles, video games, and spending time with friends and family.

Network Operations

Integrate your network alarms with Microsoft Teams

03.29.21 - Jeff Morrison

2020 was a year of incredible change—changes that I believe will have a lasting impact, but also changes that require immense flexibility with traditional structure and workflows. This is observable in every industry, and ours is no different. Not only has the model of network traffic changed with a work-from-home model, but so has our ability to collaborate as a team. We moved from primarily being in the same physical room as our colleagues to now spending our time in virtual channels. One of the most widely adopted of these digital workspaces is Microsoft Teams.

With Teams being the primary space for collaboration, having a network monitoring solution like Plixer Scrutinizer post alarms to a dedicated Teams channel is an incredibly effective way of monitoring, tracking and assigning network events to team members for investigation. Let’s take a look at how easy it is to configure this integration within Scrutinizer.

Threat Hunting

Inspecting encrypted traffic with JA3 and JA3S fingerprinting

11.20.20 - Jeff Morrison

Two years ago, I wrote a blog about tracking malware in encrypted traffic. The overall theme of that blog was that encryption has become much more of a standard. 2017 in particular was a milestone year in which the volume of encrypted traffic officially surpassed unencrypted web traffic. It’s safe to say that in three years, that balance has shifted even more in favor of SSL/TLS encryption. In this blog, I’ll explore the concept of JA3 and JA3S fingerprinting and the benefits they introduce when it comes to inspecting encrypted traffic.

Network Monitoring

The importance of monitoring and correlating your wireless network traffic

11.13.19 - Jeff Morrison

I’m often asked, “if I already have a solution to monitor this segment of the network, why do I need a solution that will overlap”? It’s a very fair question to ask, considering in most aspects of life redundancy or overlap isn’t necessarily considered good. In the case of network monitoring, I would argue overlap isn’t bad if it’s also providing correlation. With that in mind, I wanted to focus on the benefit of monitoring your wireless network traffic, and specifically having the ability to correlate this traffic across the entirety of your network.

Network Monitoring

Cisco ASR 1001-X overloading QFP

08.21.19 - Jeff Morrison

Whether you work primarily on the networking side of the house or the security side, you’ll need to ingest metadata into at least one of the tools in your toolbox. In my experience, it’s often the same data sets are often being generated multiple times from the same raw packet. This can put an extreme load on your exporting device. This happened recently with a customer, and in the process, we uncovered a bug specific to Cisco’s ASR 1001-X platform running IOS XE 3.16.x. I’ll discuss what this bug was, the issues it caused, and how it can be alleviated in the future.

Network Operations

Scrutinizer and Its RESTful API

05.15.19 - Jeff Morrison

I spend a large amount of time day-to-day working with customers to understand how they can best leverage their current NetFlow/IPFIX data to solve a variety of problems. What I’ve begun to realize is that there are many different use cases for leveraging metadata, and the format in which data can be most useful will vary as well. More and moreoften, the traditional graph and table format of displaying data may not be the preferred format. One way to overcome this is to use a RESTful API, so today I’d like to talk about Scrutinizer’s ability to fully support RESTful API calls.