This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Is it possible to use NetFlow from NPM to spot potential DDoS attacks and trigger an alert?

We've started to use NetFlow in NPM, which has been very helpful in identifying DDoS attacks on our network. I'm interested if it's possible to set up an alert that would monitor for specific parameters that could indicate a DDoS, such as a single IP address receiving traffic from more than three different countries within a five minute timespan, or possibly a large number of sources hitting a specific endpoint. If these criteria are met, an alert would then trigger, which would include a report showing the sources sending data to the destination.

Thanks as always for the guidance.