Open FedmahnK opened 1 year ago
Hi @FedmahnK, Could you please describe a specific use case for the third bullet (add option to trigger alert only at some hours of the days)?
Hi,
A PC used by a normal user generate legitimate traffic usually during the working hours. If a PC is consuming bandwith at night (upload to Internet, download from a file server, etc ...), the PC may be compromised.
In my case, I am using ntop as a pure sflow collector, so I mainly have metrics. But I have a lot of them. For example, sflow collector is enough to mesure onedrive bandwith for a host, network, host pool ...
Thanks for your time
What would you like to add or change?:
Why do you and others need this?:
I think it will be interesting to create alerts for a pool of host (say like clients, servers etc ...), or if possible a local network. For example, if I create a global volume traffic rule, a file server will always trigger it.
On the contrary, I want to be alerted if unusual TX traffic occur in non working hours (a host with TX night traffic other than plan backup may be problematic).