Today, I am going to cover five new features available in Scrutinizer v7, as Part 4 of 5 in our “Whats new in Scrutinizer v7” series. If you will recall, Nathan started this series off by covering encryption exclusions, more flows, collector improvements, group permissions for users, and proxy server configuration. Jon continued with part 2, covering overriding report intervals, Google Map connections, host and application quick search, user profiles, and alarm category filters. Last week, in part 3, Joanne blogged about applications being defined by combination of ports and IP addresses, emailed reports on demand or scheduled for regular time intervals, stacked trend graphs on all reports, LDAP and Active Directory support, and extensive flexibility for VoIP reports. This week I have five features that you’ll use time and time again.

CSV and RSS output of all reports

csv reportingrss

Have you ever wanted to view Scrutinizer data in your favorite RSS reader or extract report information to manipulate or view in Microsoft Excel? Scrutinizer v7 now supports the ability to extract a CSV or create an RSS feed for any report in Scrutinizer’s reporting interface, even if the report is not saved or scheduled.

DNS resolution

With Scrutinizer’s Flow Analytics module, DNS resolution is constantly running in the background to help performance in the front-end. In absence of Flow Analytics, DNS resolution is performed on-the-fly for reports currently running in the web interface. DNS entries also have an age limit, which is user definable. This allows the interface to resolve names quickly for faster front-end performance.

Subnet to subnet reporting subnet_to_subnet_menu

Scrutinizer’s new reporting interface allows you to quickly view traffic in numerous different ways. One of the newest ways is subnet-to-subnet reporting. Through IP addresses and subnet masks, we are able to quickly identify subnet-to-subnet reporting. This report can be very useful in MPLS environments.


biDirectional reporting

Within Scrutinizer trend reporting we’ve always allowed you to view your traffic direction, inBound or outBound. In v7, we have added biDirectional reporting as a third option to the trend navigation, allowing you to view both inBound and outBound traffic simultaneously.


Current Reports  – reporting engine

Custom reporting in Scrutinizer v7 has become extremely easy and full featured over custom reporting in its previous version. Current Reports displays the filters involved with what is currently displayed in the navigation pane to its immediate right. It also acts as a real-time filter for looking at specific data, allowing you to add as many filters as you’d like. Once you’ve honed in on a specific report that you’re happy with, you have multiple options such as, but not limited to, saving, scheduling, printing, adding RSS feed, or emailing.

ip_rangeFiltering capabilities include, but are not limited to, applications, autonomous system, host to host, IP ranges (up to class A networks),  type of service, TCP flags, and multiple interfaces (across multiple exporters).

The Current Reports reporting engine will certainly appease any user attempting to extract information out of his or her Cisco NetFlow. Scrutinizer v7 has been designed to gain access to specific reporting without all the clicks.

I hope you’ve found this series useful, be sure to look for our last installment next week when Raul will cover five more new features.


Thomas Pore is the Director of IT and Field Engineering at Plixer. He developed and leads, the Malware Incident Response and Advanced NetFlow Training programs which are being offered in cities across the USA. He is also an adjunct professor at the local community college and teaches ethical hacking. Thomas travels the globe meeting with customers and trying improve the Scrutinizer network incident response system. He helps clients optimize threat detection strategies and aids in the configuration of custom incident response solutions. He has a Bachelor of Science in Computer Science from Dickinson College.


Leave a Reply