Support for Splunk and ElasticSearch is built into the core of the Scrutinizer Network Incident Response System. When the flow data is displayed in the Splunk dashboard, richer details are only a click away. Drill in on IP addresses and start filtering by including and excluding details until the root cause of the problem is made clear.
Unified Flow Collection—Massively Scalable
No other company deciphers the breadth of vendor flow exports that Plixer can:
Palo Alto Networks
Scrutinizer is capable of collecting millions of flows per second and it can unify the flow exports from all of the network devices. It then makes them searchable through the Splunk dashboard.
Incredibly Fast Searching
Enter an IP address or a username and click “search.” Within a few seconds, Scrutinizer will find the device across dozens of collectors that could be receiving flows from tens of thousands of routers, switches, firewalls, and virtual servers. Drill in for details to determine who, what, when, where, and how much. Users always have the ability to jump back to Splunk to view the logs related to the host. It’s just a simple click to get back to the related data in the Splunk interface.
When greater context is needed, Scrutinizer can provide details on username, operating system, and more by integrating with 3rd-party authentication systems such as Microsoft Active Directory, Cisco ISE, and others. Network incident response with the right context is where Scrutinizer and Splunk deliver.