The main objective of the NSX Network Detection and Response feature is to collect key abnormal activity or malicious events from every activated event source in your NSX environment.
Collected Events
NSX Network Detection and Response submits any collected events that require further analysis to the VMware NSX® Advanced Threat Prevention cloud service for correlation and visualization. You can view and manage the analysis results using the NSX Network Detection and Response user interface (UI).
NSX Network Detection and Response correlates events that it determines to be related into campaigns. It organizes threat events in a campaign into a timeline that is available for a security analyst to view and triage using the NSX Network Detection and Response UI.
Event Types and Event Sources
Event Type | Events Source |
---|---|
Malicious file events | Edge appliance, if you activate the VMware NSX® Malware Prevention feature. |
IDS events | Distributed IDS, if you activate the Distributed NSX IDS/IPS feature. |
Network traffic anomaly events | VMware NSX® Intelligence™, if activated, and if you turn on the NSX Suspicious Traffic detectors. |
Activating and Using the Feature
Before you can start using the NSX Network Detection and Response feature, you must meet specific license requirements and software requirements, and you must activate the feature. To start using NSX Network Detection and Response to manage the different event types that you can monitor in your NSX environment, you must also activate and configure the corresponding NSX features.
For more information on the next steps, see NSX Network Detection and Response Activation and Usage Workflow.
Activating Other NSX Features
NSX Feature to Activate | Documentation Name and Location | Topic Title |
---|---|---|
NSX IDS/IPS | NSX Administration Guide for version 3.2 or later. | Getting Started with NSX IDS/IPS and NSX Malware Prevention |
NSX Malware Prevention | NSX Administration Guide for version 3.2 or later. | Activate NSX Malware Prevention |
NSX Intelligence | Activating and Upgrading VMware NSX Intelligence for version 3.2 or later delivered with the VMware NSX Intelligence Documentation set. | Activate NSX Intelligence |
NSX Suspicious Traffic | Using and Managing VMware NSX Intelligence for version 3.2 or later delivered with the VMware NSX Intelligence Documentation set. | Activate the NSX Suspicious Traffic Detectors |