To track your progress in activating NSX Network Detection and Response and to guide you on how to begin using the feature, use the following checklist.
Perform the steps in the order they are listed.
- Install NSX 3.2 or later.
See the installation workflow details in the NSX Installation Guide documentation delivered with the VMware NSX Documentation set.
- Ensure you have reviewed and met the NSX Network Detection and Response system requirements listed in System Requirements for NSX Network Detection and Response.
- Deploy the NSX Application Platform using the NSX Manager 3.2 or later user interface.
NSX Network Detection and Response is an application hosted on the NSX Application Platform. See the Deploying and Managing the VMware NSX Application Platform documentation delivered with the VMware NSX Documentation set.
- Activate the NSX Network Detection and Response feature. See Activate NSX Network Detection and Response.
- Start using the Threat Detection & Response tab and configure suspicious traffic and data flow collection. Turn on the NSX Suspicious Traffic detectors and view these suspicious traffic detections as events within the NSX Network Detection and Response UI.
For details on suspicious network activities, see Managing the Suspicious Traffic Detectors.
- Start viewing details about malicious file events generated by the NSX Malware Prevention feature. This requires a separate activation and configuration of the NSX Malware Prevention feature.
For details on how to activate and configure the NSX Malware Prevention features, see Activate NSX Malware Prevention.
- Work with IDS event details using the NSX Distributed IDS/IPS feature. This requires separate NSX Distributed IDS/IPS feature activation and configuration.
See the details on how to activate and configure NSX Distributed IDS/IPS in Getting Started with NSX IDS/IPS and NSX Malware Prevention.
- Start using the Threat Detection & Response tab and configure suspicious traffic and data flow collection. Turn on the NSX Suspicious Traffic detectors and view these suspicious traffic detections as events within the NSX Network Detection and Response UI.
If you want to upgrade NSX Network Detection and Response, see Upgrading NSX Network Detection and Response.