I cant even create an alert for if the connection to the DB fails. NTA is seriously lacking on the canned alert side, or even the fields available to create our own.
We have taken a initial pass at alerts for NTA!
We have volume based alerts by application for exceeded thresholds - both high, and low. We also have alerts for applications that appear, or drop from the TopN for more rapid or abrupt changes, and an alert for a source of flow that stops sending flow data. It's a first pass; we're still collecting requirements for future features.
Head over to the NTA Release Candidate forum, and check out the details here: NetFlow Traffic Analyzer Release Candidate
Let us know in that forum what you think, and how you're using this feature to alert on flow traffic in your network!
joer
Cant vote on any of these. They are all in active.
I'm going to leave this open to focus on "self-health" alerting for the NTA platform. In the NTA 4.5 release, we did add an alert for the loss of flow data from a flow source. But I believe there's a brader case for self-health features like the one called out here (loss of connectivity to the SQL DB) that we should discuss, as well.
