Before you can start using the NSX Suspicious Traffic feature, your NSX environment and the Security Intelligence application must meet the specific license and software requirements.
License Requirements and Expiration
You must have one of the listed licenses in the feature entitlement documentation in effect during your NSX Manager session. The various NSX licenses that support the NSX Suspicious Traffic feature are available in the NSX Feature and Edition Guide and the License Types topic in the About NSX Licenses section in the NSX Administration Guide.
If the assigned license expires or becomes invalid, the suspicious traffic capabilities are inaccessible. For information on NSX licensing and adding a new license key in NSX Manager. See the License Enforcement topic in the NSX Administration Guide.
软件要求
您必须满足以下软件要求,然后才能开始使用 NSX Suspicious Traffic 功能。
安装 NSX 3.2 或更高版本。
使用高级规格部署 VMware NSX® Application Platform。
在 NSX Application Platform 上激活 Security Intelligence 3.2 或更高版本功能。
配置 Security Intelligence 3.2 或更高版本功能,以仅收集要监控的特定单独主机或主机集群的网络流量数据。仅在已激活流量数据收集的单独主机或主机集群上支持 NSX Suspicious Traffic 功能。有关配置 Security Intelligence 3.2 或更高版本功能设置的信息,请参见Activating and Upgrading Security Intelligence 文档。
如果要处理攻击活动以使用 VMware NSX® Advanced Threat Prevention 云服务对检测到的可疑流量事件进行更深入的分析,请激活 NSX Network Detection and Response 功能。请参见NSX Administration Guide文档“安全”一章的 NSX Network Detection and Response 一节中的功能激活信息。NSX Administration Guide文档随 VMware NSX 文档集提供。
重要说明:为了提供对检测到的恶意或异常事件进行更深入分析的功能,NSX Network Detection and Response 功能要求 NSX 3.2 或更高版本的环境连接到 Internet。
当没有来自 Kubernetes 集群 Pod 和 NSX Unified Appliance 的出站 Internet 访问时,安全隔离网络环境中不支持 NSX Network Detection and Response 功能。
