We've started to use NetFlow in NPM, which has been very helpful in identifying DDoS attacks on our network. I'm interested if it's possible to set up an alert that would monitor for specific parameters that could indicate a DDoS, such as a single IP address receiving traffic from more than three different countries within a five minute timespan, or possibly a large number of sources hitting a specific endpoint. If these criteria are met, an alert would then trigger, which would include a report showing the sources sending data to the destination.
Thanks as always for the guidance.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.