Routers, switches, and firewalls (Cisco, Juniper, Fortinet, Arista, etc.) generate flow records. Each record contains key fields: Source/Destination IP, Port, Protocol, Type of Service (ToS), and bytes/packets.
An IT manager noticed random file encryption, but IDS didn’t fire. Solution with NTA: He filtered flows for "destination port 4444" (common Cobalt Strike beacon) and high egress bytes from a finance workstation. Outcome: Isolated the machine before encryption spread. NTA’s flow data became the evidence log for incident response. solarwinds netflow traffic analyzer
No tool is perfect. Be aware of these NTA limitations: and firewalls (Cisco
The SolarWinds NetFlow Traffic Analyzer is a software tool that leverages NetFlow data to provide insights into network traffic patterns. It helps administrators: Type of Service (ToS)
Integration with SolarWinds Alert Engine allows triggers like: