Part of my responsibility as a Sales Engineer at Plixer is to find new and exciting ways to integrate our tools with those that our customers already use. Often these tools have APIs that let us do this easily! We’ve already created a few other integrations with SolarWinds and have recently developed integration with their IPAM module.

Why Set Up IPAM Integration?

IP Address Management (or IPAM) is a tool designed to help you manage what IP addresses are in use on the network, as well as what services or groups they are a part of. All this additional metadata can supplement any data Scrutinizer is collecting. This will help increase visibility and awareness of how different segments on the network communicate with each other.

Setting Up the SolarWinds Integration:

Setting up the IPAM Integration is easy, but we’ll need a couple of things first:

  1. SSH access to Scrutinizer
  2. Internet/SFTP connection to Scrutinizer
  3. SolarWinds login
    • Read-only access to the IPAM module

Once you have all of the above, follow the instructions below to get it deployed!

  1. SSH to the Scrutinizer server and download the compiled SolarWinds integration binary:
  2. Change permissions on the file
    • chmod 755 solarwinds_ipam_import.run
  3. Execute the file and follow the on-screen prompt:
    • ./solarwinds_ipam_import.run
  4. Once finished, you should see some output showing the groups that were properly imported:
Output showing imported groups

If you need to change the Server IP or User/Pass you can remove the .Solarwinds.ini file that is created in the same directory as the binary and re-run it.

Using Your Newly Imported IPAM Groups:

Now you have some new IP Groups within Scrutinizer (you can see them from Admin -> Definitions -> IP Groups). With these new IP Groups come some new report types:

  • Pair IP Group > IP Group
  • Src/Dst > IP Groups

These reports can be extremely helpful for large networks with thousands of groups, since you won’t have to manage or update them in multiple tools. Management can also get an idea very quickly of which groups are consuming links, using particular apps, or acting suspicious.

IP group Scrutinizer report

Using IPAM for Security

Besides the new report types, Scrutinizer will also add any relevant group information to the Alarms tab. This makes it very easy to tell if a particular segment of the network is experiencing issues or might have malware trying to move laterally on the network.

Scrutinizer Alarms tab

More 3rd-Party Integrations

Hopefully, this integration helps you and your team add a lot of context to the metadata that Scrutinizer is collecting. If you have any other integrations you would like to see or want more information on Scrutinizer sign up for our weekly demo here.

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related