4 Replies Latest reply on Jan 21, 2015 5:59 PM by ice

    Possible to include top 5 netflow endpoints in NPM alert?

    v_andrewj

      I'm trying to find a way to setup a trigger/action for our NOC when one of our major large Internet interfaces spikes to x Bps an alert would be sent that would either contain the top 5 netflow endpoints for that interface, or would trigger a report to be generated on demand for that info.

       

      This is something we're trying to integrate into our large DoS attack SOP. We want our NOC to have this information quickly so that null routes can be broadcast to potentially drop hosts identified as worst offenders and not valid traffic.

       

      The easy solution would be send an email with a link to the NTA page displaying that data. However, management would prefer an all-in-one solution that delivers the pertinent information at the time of the alert.

       

      Ideas? TIA!

       

      -Andrew