NetFlow API

Providing detailed visibility and contextual awareness into network traffic is essential to secure and optimize business operations. While NetFlow and IPFIX reporting have proven to provide these details, sharing this data between multiple vendor applications in an organization can be challenging. Enter, the Scrutinizer NetFlow Application Programming Interface (API).

Scrutinizer NetFlow API allows any application to communicate with a Scrutinizer reporter and call detailed Netflow reports directly from your third party web interface. In addition, you can manage user and group permissions.
The API does not require you to be a master of the database schema and various database tables, though I recommend the assistance of technical support to get the desired results.

Requesting a Report via HTTP

To request a report via HTTP using the API you need to make a POST or GET request to this base URI: “http://[SCRUTINIZER SERVER]/fcgi/scrut_fcgi.fcgi” passing the following a four fields:
rm=report_api
action=get
rpt_json={}
data_requested={}

Authentication

The host making the API request must be whitelisted on the server. That is done by entering an IP in the /home/plixer/scrutinizer/files/auth_ips.cfg file.

Example

This is an example of rpt_json and data_requested to search for an IP and/or an IP GROUP from 1 minute data.

The data returned will be a JSON object describing the report table. The columns and rows returned will be a function of which report type is run (reportTypeLang). Lines starting with # are comments that must be removed.

rpt_json=
{
"reportTypeLang": "host2host",
"reportDirections": {
"selected": "inbound"
},
"dataGranularity": {
# Use “auto” and granularity will be based on the timeframe selected.
# Granularity is the size of the aggregation “bucket” in minutes. So, 1 means 1 minute intervals.
"selected": 1
},
"times": {
# You can pass start/end as an epoch time with a dateRange of “Custom” OR you can pass one of the date ranges below.
#If you use a date range start/end are not necessary.
"dateRange": "Custom",
"start": 1441146000,
"end": 1441149600
},
"filters": {
# sdfDips is a “Device Interface Pair” filter. In_GROUP_ALL will include all devices.
# sdfIPGroups will include group ID 16800023, both indicates src or dst. The mouseover in the Scrutinizer interface will tell you what the ID is

# sdfIps is an IP filter. *note, both is a different case for IP filters.
#
"sdfDips_0": "in_GROUP_ALL",
"sdfIPGroups_0": "in_16800023_both",
"sdfIps_0": "in_x.x.x.x_Both"
}
}
data_requested ={
"inbound": {
"table": {
"query_limit": {
"offset": 0,
"max_num_rows": 1000
}
}
}
}

Example above as a URL without comments:

http://[SCRUTINIZER SERVER]/fcgi/scrut_fcgi.fcgi?rm=report_api&action=get&rpt_json={"reportTypeLang":"host2host","reportDirections":{"selected":"inbound"},"dataGranularity":{"selected":1},"times":{"dateRange":"Custom","start":1441146000,"end":1441149600},"filters":{"sdfDips_0":"in_GROUP_ALL","sdfIPGroups_0":"in_16800023_both","sdfIps_0":"in_x.x.x.x_Both"}}&data_requested={"inbound":{"table":{"query_limit":{"offset":0,"max_num_rows":1000}}}}

Possibilities

There are seemingly limitless report combinations available to create such reports. This data is available for billing (accounting, legal, medical, ISPs…), security, auditing and any other organizational needs.  Contact our support team to help with your NetFlow API Integration.