Hello everyone, I have a question today regarding alerts based on some behavior we’d like to monitor in our network with ExtraHop. We’d like to receive a notification based on if any device in our network is trying to access large amounts (where the amount is something we determine) of data. Is this possible?
Sure! Here’s the documentation for setting a threshold-based alert.
When selecting the metric, you probably want something like device => net => bytes_in. I’ll also mention that the alerts UI will see significant improvement in the next release.