Hi,
what is the status of creating alerts based on netflow database information?
I have currently one request to create an alert, if hosts from a certain network (source) communicate with the internet (destination).
Only certain hosts are allowed to do that, so I would exclude them in the alerting rule...
Another more simple example: customers also want to create email alerts based on application utilization...
I found some information here from 2010 - so I am curious what the acutal status is in that matter.
Thanks for any input.