Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 10


I think we can all agree why we initially saw the value of using NetFlow for troubleshooting and to provide the necessary data for apply policies around managing the data that traverses our networks.  Now that your solution is in place and adoption activities are over now what? As my solution matures and new supporting processes are in place, I begin to look for ways to do more with the data that I am collecting. 


I wanted to see what the community thought about the following questions.


  1. What is the benefit/use case for being about to see the actual user name logged into the device that is consuming the most data?
  2. Would you want NTA to handle directly or use another tool to pull that information?
  3. Which group(s) would benefit most from this? i.e network, security, etc.


Labels (1)
3 Replies
Level 13

One thing you need to make sure that you do is to add a blacklist capability for AD accounts. We had User Device Tracker for a while but we had to get rid of it because of the lack of this feature.

The problem is that we have a desktop management system that does logins to all workstations periodically, which would overwrite UDT's knowledge about the user login. There needs to be a way to tell any user-to-IP mapping feature that's based on AD logs to ignore all activity by a list of accounts.

0 Kudos

I have a link in Orion that pulls a report from SCCM.  The report shows the host IP, hostname andlast user to login to that host.

All I do is search for the IP or hostname and it gives me the User ID from the report.  I then query the directory for the username and phone number.

It would be nice if this was automated.


See the feature request above.  Do you think that integration with Active Directory would solve the solution better or add to the complexity?