The NSX Network Detection and Response user interface (UI) provides a single point of control for managing the threat events and correlated campaigns detected in your NSX environment, and viewing the generated reports about those threats.

Important:

To access the NSX Network Detection and Response user interface, you must first activate the NSX Network Detection and Response application on the NSX Application Platform. You also must activate one or more of the NSX features whose detection events the NSX Network Detection and Response application consumes. See Activate NSX Network Detection and Response.

Certain elements of the NSX Network Detection and Response user interface are visible only if you activate the element's corresponding feature or application that provides the events that the NSX Network Detection and Response application consumes.

Accessing the User Interface

If there are event reports or generated campaigns, you can access the NSX Network Detection and Response user interface (UI) using one of the following methods.

  • Click the application launcher icon A 3x3 grid of small grey squares on a black background in the upper-right corner of the NSX Manager UI and select NSX Network Detection and Response.

  • Navigate to Security > Security Overview in the NSX Manager UI and in the Threat Detection & Response > Campaigns tab, click Go to Campaigns.

  • If you activated the NSX Intelligence, navigate to Security > Suspicious Traffic in the NSX Manager UI. Expand the row for a detected suspicious event, click Campaigns or Event Details, if available. These links only appear if campaigns or event reports are available for the detected suspicious activity.

  • If you activated the VMware NSX® Malware Prevention application, navigate to Security > Malware Prevention in the NSX Manager UI, expand the row for a reported malware, and click either the Campaigns or Event Details, if available. These links only appear if campaigns or event reports are available for the detected malware.

The following sections describe the common areas that you see as you navigate the NSX Network Detection and Response user interface. On the left side of the interface is the main navigation menu. At the top of almost every page are the display settings widgets. Data presented on the UI pages are displayed using the display settings that you have selected.

Navigating the Interface

You can use the main navigation menu on the left side of the browser page to access the corresponding top-level pages of the NSX Network Detection and Response UI. You can temporarily collapse this navigation menu, by clicking collapse icon in the upper-right corner of the menu panel. When you first see the NSX Network Detection and Response user interface, the Dashboard page is selected by default. The Dashboard page consists of widgets that provide an overview of multiple items being monitored. These widgets are described in more detail in Exploring the Dashboard Page.

To access another NSX Network Detection and Response interface page, click its corresponding tab on the main navigation menu on the left. Each tabbed page consists of several widgets that provide more information about the monitored areas. Topics available later in this guide provide details about each of these NSX Network Detection and Response UI pages.

Setting the Display Theme

You set the display theme used in your current NSX Network Detection and Response session using the display theme mode icon in the upper-right section of the interface. The icon that is displayed depends on the display theme that is currently in effect. To switch to a light-themed mode, click sun icon. To switch to a dark-themed mode, click moon icon.

Getting Assistance

To access the available NSX Network Detection and Response topics included in the Using and Managing VMware NSX Intelligence documentation, click question mark icon and then Help.

To see the status of your connection to the NSX Network Detection and Response cloud connector, click Check connectivity status. The cloud connector provides a secure tunnel of communication between your NSX Manager session and the NSX Advanced Threat Prevention cloud services.

If you encounter any connectivity issue that you cannot resolve using the information in the Troubleshooting section of this documentation, click support ticket and report the problem.

Accessing the Main NSX Manager User Interface

To return to the main NSX Manager user interface, click application icon in the upper-right corner, and select NSX-T.

Setting the Time Range

To specify the number of days of data to display in the NSX Network Detection and Response widgets, use the Time Range button Time range button with left-facing arrow on the left, right-facing arrowhead on the right, Time Range: Last 7 Days text in the middle. To navigate the date selection back and forward while keeping the selected range of dates constant, click arrowhead facing left or arrowhead facing right located on either side of the TIME RANGE: LAST 7 DAYS button. For example, assuming the default time range of 7-days, clicking the left arrow button once selects a range with the end date being 7 days ago.

You can define a more detailed time range using the Time Range pop-up window. Click TIME RANGE: LAST 7 DAYS button and select Relative (the default) or Absolute from the drop-down menu. In Relative mode, you select the number of days since the present date for which you want data displayed. The default is 7 days, the minimum is 1 day, and the maximum is 31 days. In Absolute mode, you enter the dates in From and To by selecting the dates from the calendar pop-up window. To save your selection, click Apply.

Using the View Options Button

All the date and time data that are displayed in the NSX Network Detection and Response interface uses the default UTC time zone, until you change it.

To change the time zone used for the displayed data, click View Options button located in the upper-right side of the interface and select the currently selected time zone. In the Time Zone pop-up window, click the drop-down menu and select a different time zone. To narrow the menu selection, start entering the name of a time zone in the search box. After you have selected the desired time zone, click Apply.

Managing the Widgets

Each of the NSX Network Detection and Response UI pages consists of multiple widgets that display details about the detected threats and reports generated from analysis of those threats.

You can manage the widgets using the following information.
  • To reload the data displayed in a widget, click reload icon at the top right corner of the widget.
  • You can minimize a widget by clicking minimize icon or maximize it by clicking maximize icon next to the widget title.
  • To focus further into the data displayed in some widgets, click the focus icon icon.
  • To view the data in XML/JSON format that is available in some of the widgets, click code icon.
  • Some widgets have contextual help displayed in a pop-up window. To access the help information, click question mark icon. In some contextual help pop-up windows, you can click the here link for more documentation about the data shown on the widget.