cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Trigger event or alert for activity with unusual locations?

Trigger event or alert for activity with unusual locations?

Is there a way to trigger an alert or an event, get it logged, and get an email sent in the case of someone/something from an unusual or unlikely location accessing an area having both private and public facing IP addresses?  I am thinking in terms of someone who wouldn't/shouldn't normally be interested in our sites/servers because of location or interest suddenly decides to try to look at items on the site/servers. I would include web spiders and automated indexers in this category it they originate from a location that wouldn't normally be interested in us. We are a school district, so I could understand people moving into the area looking to check rankings, activities, enrollment, etc.  I could see other education institutions being interested. I would not expect someone from outside North America being interested without advance notice and for a reasonably good reason.

Related to this, is there an easy way to build or define a list of locations so that if a location would be on the list, it can send an email or log an alert to system and network administrators to let them know of such interest? I'm trying to figure out an efficient way to build the list  and have t checked by NPM (maybe NTA) and use the results from the alerts to help us modify the list to help with access control. I think if the alert or event would be triggered, it shouldn't be too hard to get it into a report.  If this would be better suited to NTA, feel free to move it to the appropriate location.

I would like to have this be considered for a feature request.  I have also asked about the issues in a regular Thwack post (https://thwack.solarwinds.com/thread/106369)

We are currently running NPM 11.5.3 and NTA 4.1.2, with plans to upgrade in the near future.

1 Comment
Product Manager
Product Manager

Alerting on high/low application volume thresholds is included in our latest release candidate!

Head over to the NTA Release Candidate forum, and check out the details here: NetFlow Traffic Analyzer Release Candidate

Let us know in that forum what you think, and how you're using this feature to alert on flow traffic in your network!

joer