Question about alerts

I have a question about the alert percentage threshold. What does the percentage represent? Is it just a percentage of the bandwidth for the selected interfaces or is it an agregate percentage of all of the interfaces that are configured on the system. Here is a sample alert e-mail:
Alert From NetFlow Analyzer
***************************************************************************************

Alert From NetFlow Analyzer : TotalUtilization wm-inet-a.randomhouse.com(L3 -XXXX-XXXX-XXXX) is 7%
AlertProfile Name: Traffic over 5% on WM-INET-A
AlertProfile Desc:
Severity : WARNING
Device name : wm-inet-a.customer.com
Interface Name : L3 xxxx-xxxx-xxxx
Time : 2007-04-10 09:26:00.0
Criteria :
Threshold : Exceeds 5% 1 times in 2minutes.

***************************************************************************************

Kindly take a note of this.

---------------------------------
NetFlow Analyzer

As you can see, the alert is reporting a utilization of 7% which exceeds the threshold of 5% and thus an alert is generated. However, the selected interface for this alert is consistently running much higher than that. I have attached a last day graph for this interface.