There is really only 1 type of alert you can do with NTA as it stands today. The link you provided gives details for the "top talker" alert that is out of the box. It doesn't have the ability to be as granular to alert on TCP, or alert on files > X. It only triggers based on interface utilization.
e.g. WAN interface is greater than 60% --> Send email alert and include NTA top talkers report in email body.
Chad thanks for your answer . I guess you are right and I configured the alert including NTA top talkers report n email .
I have another question actually . are there any other types of alerts we can configure for security wise on solarwinds ? I see that new Mac address discovery alert that could be useful but other than that I didn't see
1 of 1 people found this helpful
There isn't a lot of security centric features/alerts overall, mostly since the Orion platform is geared towards performance monitoring. Some modules have aspects of security that typically complement 3rd party security tools.
The User Device Tracker maps connected endpoints on your network. It can watch for rogue devices based on a predefined whitelist.
The Network Configuration Manager can search and report again configuration settings on firewalls, routers and switches to see if they fall in-line with compliance. It also can look for known firmware vulnerabilities (CVE) in Cisco IOS as well as assist with Cisco IOS firmware upgrades.
Outside of the Orion platform there is the Log & Event Manager which is a SIEM tool that comes as a package security appliance.