I'm having issues figuring out how to create NTA alerts.
Here is what I'd like to do:
Create an alert that monitors a particular NetFlow source that looks for
- Ingress traffic on a particular interface
- Looks for the source hostname that has a name that starts with xxxx
- Looks for a particular traffic volume or bandwidth
Then, if all conditions are true, trigger an alert.
This this possible with NTA and Alerting? I'm not seeing any way to do this.