When files are extracted from the NSX Edges or the guest VM endpoints in the NSX-T Data Center, the generated file events are also sent to NSX Network Detection and Response application that is running in the cloud. In the NSX Network Detection and Response UI, you can correlate these file events with the other events in a Campaign, such as IDS events and Anomaly events.

The following procedure explains two methods to open the NSX Network Detection and Response UI in NSX Manager and view the file events.

Prerequisites

  • NSX Malware Prevention and NSX Network Detection and Response features are activated on the NSX Application Platform.
  • NSX Malware Prevention feature is activated on the ESXi host clusters or tier-1 gateways, or both, depending on your security requirements.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Click Security, and then in the left navigation pane, click Malware Prevention.
    The Potential Malware page is displayed.
  3. Use any of the following methods to view the file event details in the NSX Network Detection and Response UI.
    • Method 1: On the Potential Malware page or the All Files page, expand a row to view the last inspection details of the file. Click the Event Details link. The Event Profile page opens in the NSX Network Detection and Response application.
    • Method 2: In the upper-right corner of the NSX Manager UI, click Image of the Application Launcher icon., and then click Network Detection and Response. The Dashboard page of NSX Network Detection and Response is displayed. In the left navigation pane, click Events and search the events that you want to view. Click the event to see more details in the Event Summary pane.