I'm trying to find a way to alert on ports that are discovered by NTA. For example, the interfaces that I'm monitoring with NTA only should have 3 specific protocols going over them. I would like to set up an alert for when it identifies anything other than those three protocols. I know this isn't available with the out of the box alerts, but thought this might be something that SWQL might be able to help with. I haven't used it before, and was hoping someone has a similar use case that they have implemented successfully.
