In today’s information technology world, security is an increasingly important topic and having the right tools for the job is utterly necessary. So, you ask yourself, how can a NetFlow and sFlow analysis tool help you? Scrutinizer gives you the ability to monitor all the traffic on your network to identify IP addresses, bandwidth and port usage, possible threats, and any IPFIX or Flexible NetFlow custom fields, but what if you could go even deeper?

We’ve recently added a new feature for NetFlow username IP correlation which allows network administrators to identify who is logged into their network and where. This feature is available from any Scrutinizer report that contains host names or IP addresses.

Scrutinizer Reports

This feature uses WMI to initiate a connection from the Scrutinizer server to a computer on your network which identifies usernames who are currently logged in.

Scrutinizer Current Users Feature

Now, not only can a network administrator find out what computers on the network are hogging all the bandwidth, but who’s actually logged in doing it. This tool can also help identify intrusions and rule out false positives.

The following is a screen shot of who is currently logged into our domain controller.

Who is logged in?

Here is an example of running the script on an end users machine:

Best at NetFlow

I can see it now, “Hey Nate, Scrutinizer just popped up with an alarm telling me that one of our machines has violated the peer to peer algorithm in Flow Analytics. I checked it out and I can see your username is the only one logged into that machine. Get back to work and stop hogging the bandwidth!”

UPDATE: In Scrutinizer v11 we added Username as a report type. See below.

netflow active directory

Currently, this feature is only available by request, please contact us if you’re interested in using this feature and we would be glad to help set it up.

Paul Dube

Paul Dube is the Director of Technical Services at Plixer. He has a passion for enabling individuals and organizations to use highly complex systems to solve business and personal objectives. This passion for problem solving has Paul working with some of the largest enterprises to solve their security and networking challenges and also educating his young daughters on how to enrich their lives with technology. When he's not working, you will find him enjoying time with his family, cooking something delicious on the Big Green Egg, and enjoying the best brews that the locals have to offer.

Related

Leave a Reply