To track your progress in activating NSX Network Detection and Response and to guide you on how to begin using the feature, use the following checklist.
Perform steps 1-5 in the order they are listed. Perform the remaining steps depending on your needs.
- Install NSX 3.2 or later.
See the installation workflow details in the NSX Installation Guide documentation delivered with the VMware NSX Documentation set.
- Ensure you have reviewed and met the NSX Network Detection and Response system requirements listed in System Requirements for NSX Network Detection and Response.
- Deploy the NSX Application Platform using the NSX Manager 3.2 or later user interface.
NSX Network Detection and Response is an application hosted on the NSX Application Platform. See the Deploying and Managing the VMware NSX Application Platform documentation delivered with the VMware NSX Documentation set.
- Activate the NSX Network Detection and Response feature. See Activate NSX Network Detection and Response.
- To learn more about working with the NSX Network Detection and Response functionalities, see Working with the NSX Network Detection and Response Application.
- Start using NSX Network Detection and Response and NSX Suspicious Traffic to view details about anomalous or suspicious network traffic events. This requires a separate NSX Intelligence activation and configuration, and also turning on NSX Suspicious Traffic detectors.
For details on how to detect suspicious network activities using NSX Intelligence 3.2 or later, see the topics in the "Detecting Suspicious Network Traffic in NSX" section of the Using and Managing VMware NSX Intelligence documentation delivered with the VMware NSX Intelligence Documentation set.
- Start viewing details about malicious file events generated by the NSX Malware Prevention feature. This requires a separate activation and configuration of the NSX Malware Prevention feature.
For details on how to activate and configure the NSX Malware Prevention features, see Activate NSX Malware Prevention.
- Work with IDS event details using the NSX Distributed IDS/IPS feature. This requires separate NSX Distributed IDS/IPS feature activation and configuration.
See the details on how to activate and configure NSX Distribtued IDS/IPS in Getting Started with NSX IDS/IPS and NSX Malware Prevention.