Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Is it possible to use NetFlow from NPM to spot potential DDoS attacks and trigger an alert?

We've started to use NetFlow in NPM, which has been very helpful in identifying DDoS attacks on our network. I'm interested if it's possible to set up an alert that would monitor for specific parameters that could indicate a DDoS, such as a single IP address receiving traffic from more than three different countries within a five minute timespan, or possibly a large number of sources hitting a specific endpoint. If these criteria are met, an alert would then trigger, which would include a report showing the sources sending data to the destination.

Thanks as always for the guidance.

Tags (2)
1 Reply
Level 9

I would love for something like this also.  I have tried numerous alerts, and nothing seems to work.

0 Kudos