You probably want to make use of the utilization macros, in particular
macros.port_in_usage_perc
macros.port_out_usage_perc
not tested, but here’s a rule i just created. Alarm under 1% utilization on either In or Out, so this should alarm for anything equal or under 10Mbps on either In or Out on a Gigabit interface for example.
and you probably want to set a delay of two SNMP polls by setting a delay of 6m, as you might get false positives easily, but try 0 delay first 
Otherwise if you know what rate you want in Octets then you could just specify
ports.ifInOctets_rate or ports.ifOutOctets_rate in the alert rule, and forget macros for utilization entirely, up to you.