Scrutinizer New Features

• Overview
• Scrutinizer Flow Analyzer
• Flow Analytics
• Distributed Flow Collectors
• Service Providers
• NetFlow Probe
• Activating NetFlow & sFlow
• Third Party Integration
• System Requirements
• FAQ
• Product Manual

Statistics & Reporting

• Alarm Conditions
• Application Groups
• Bandwidth Reporting
• Conversation Reports
• Custom Reports
• QoS Reporting
• Historical Trends
• Real-Time Display
• Scheduled Reports
• Service Level Reports
• Multi Service Providers
• Traffic Analysis
• VoIP Analysis

Mapping

• Overview
• Flash Maps
• Google Maps

Architecture

• CollectD
• Drag & Drill
• Custom Interface
• Flog & Capture
• Search & Find
• Vital Signs

Flow Technologies

• Cisco NetFlow
• sFlow
• IPFIX

Flog & Capture

Capture conversation data per host
Alarm Conditions trigger FLOGs, which results in the capture of every conversation that host is having until the file size threshold is met (e.g. 1 megabyte).

FLOGs can be generated on abnormal traffic patterns from:

• Hosts
• Applications

FLOGs can tell you:

• Who the host was conversing with at the time of the anomally
• What protocol/application was being used in the transaction
• How many systems the host was conversing with
• How many protocols/applications the host was using
• The amount of data transmitted in the conversation
• Hosts using a specific application at the time of the anomally
• Identify patterns in the conversations that will lend clues to viruses and certain attacks.

An email alert, SNMP trap, Syslog or other notification can also be sent to alert administrators of unusual traffic patterns.