As part of their security policies, ACME Enterprise needs Visibility into all data center applications. This can help Identify rogue applications that either capture confidential information or siphon sensitive data to external sources.

John, Cloud Administrator at ACME Enterprise, wants to confirm that access to the SharePoint server is only through Internet Explorer and no rogue application (such as FTP or RDP) can access this server.


  1. Log in to the vSphere Web Client.
  2. Click Networking & Security and then Activity Monitoring.
  3. Click the VM Activity tab.
  4. In Where source VM, select includes, and leave All observed virtual machines selected to capture traffic originating from all virtual machines in the datacenter.
  5. In Where destination VM, select includes, click All observed virtual machines, and select the SharePoint server.
  6. Click Search.


The Outbound App Product Name column in the search results show that all access to the SharePoint server was only through Internet Explorer. The relatively homogenous search results indicate that there is a firewall rule applied to this SharePoint server preventing all other access methods.

Also note that the search results display the source user of the observed traffic rather than the source group. Clicking the arrow in the search result displays details about the source user such as the AD group to which the user belongs.