Right now in SolarWinds NPM, most of the alerts are threshold-based. Either we set static thresholds or use dynamic baselines, but in both cases we end up getting too many false positives or sometimes even missing real issues.In modern networks (hybrid, cloud, SD-WAN, etc.) traffic patterns are not always predictable. A static threshold doesn’t really reflect what’s normal, and admins spend a lot of time tuning alerts instead of fixing actual problems.
My suggestion: Add an AI/ML-driven anomaly detection feature inside NPM. The idea is simple: let the system learn what "normal" looks like for each device, interface, and application, and then automatically highlight when something unusual happens.
