Does NTA have any built in queries or user defined queries to detect security threats, or is it just LEM?
NTA does not have that feature. But you can check this on page 171:
https://support.solarwinds.com/@api/deki/files/9966/NetFlowAdministratorGuide.pdf
or How to Track Traffic by Site on page 162.
No, but as ice just pointed out, with NTA, you will be able to view the source and/or cause of high bandwidth utilization, which can sometimes be a virus. You can then block the endpoint and/or port on your firewall if it is a virus or other security threat.
