@zackm, darragh.delaney,
I wonder if you wouldn't mind explaining how the QoE sensors in NPM could help with DDoS attacks a bit further. While I agree having DPI technologies is really useful for getting visbility beyond the typical data you get from NetFlow, it seems that the QoE sensors as currently designed would not be helpful in this case because:
-they have to be configured to be looking for certain traffic a priori
-the signatures can't be customized so even if you were monitoring the right application, you could not configure it to inspect and track a threat
-do not expose the layer 7 header info or contents through the SolarWinds UI so you could not even look at the monitored application contents if you wanted to
I have to admit I haven't played with the new QoE sensors so I could be wrong, that's why I'm asking. Thanks!