3 Replies Latest reply on Jun 22, 2017 9:50 AM by chad.every

    specific TCP traffic alerts for large download files

    yhytuncer

      Hi

      I have recently started a  company that is using Orion for network monitoring and we had a issue couple weeks ago in one of the remote locations that end user downloaded a few movies over 1 GB to his desktop at work and ISP sent us warning violating the copyright issues .

      to prevent this issue we would like to come up some kind of solution to get alerts for any upload or download traffic above 20M 0r above with emails .Do you think this is something we can do it with Orion ?

      Currently I am checking this link below but I am not quite sure if this is right way to do it

      Configure NTA-specific alerts

      Server team is responsible with network monitoring and I see that they are not very familiar with most of the functionalities of the application .

       

       

      I would be appreciated for any  suggestions

       

       

      thanks

        • Re: specific TCP traffic alerts for large download files
          chad.every

          There is really only 1 type of alert you can do with NTA as it stands today. The link you provided gives details for the "top talker" alert that is out of the box. It doesn't have the ability to be as granular to alert on TCP, or alert on files > X. It only triggers based on interface utilization.

           

          e.g. WAN interface is greater than 60% --> Send email alert and include NTA top talkers report in email body.

            • Re: specific TCP traffic alerts for large download files
              yhytuncer

              Chad thanks for your answer . I guess you are right and I configured the alert including NTA top talkers report n email .

              I have another question actually . are there any other types of  alerts we can configure  for security wise on solarwinds ? I see that new Mac address discovery alert that could be useful but other than that I didn't see

                • Re: specific TCP traffic alerts for large download files
                  chad.every

                  There isn't a lot of security centric features/alerts overall, mostly since the Orion platform is geared towards performance monitoring. Some modules have aspects of security that typically complement 3rd party security tools.

                   

                  The User Device Tracker maps connected endpoints on your network. It can watch for rogue devices based on a predefined whitelist.

                   

                  The Network Configuration Manager can search and report again configuration settings on firewalls, routers and switches to see if they fall in-line with compliance. It also can look for known firmware vulnerabilities (CVE) in Cisco IOS as well as assist with Cisco IOS firmware upgrades.

                   

                  Outside of the Orion platform there is the Log & Event Manager which is a SIEM tool that comes as a package security appliance.

                  1 of 1 people found this helpful