To modify some of the default property values for select NSX Suspicious Traffic detector definitions, use the NTA Detector Definitions tab.

You must be logged in to NSX Manager using one of the following NSX roles.
  • Enterprise Admin
  • Security Admin

Procedure

  1. From your browser, log in with Enterprise Administrator privileges to an NSX Manager appliance at https://<nsx-manager-ip-address>.
  2. Navigate to the Threat Detection & Response > Settings > NTA Detector Definitions tab.
  3. Locate the detector whose definition you want to modify and click Edit (pencil icon).
  4. If a slider is included in the definition, move the slider to the desired value that the detector uses for identifying a suspicious traffic event.

    Setting the slider to a smaller value means there is a greater likelihood of that detector identifying a suspicious traffic event.

  5. Define the Exclusion list.
    1. Click Add/Edit Exclusion and in the drop-down menu, select Groups or VMs for the Source. Some detectors only have VMs available for selection.
    2. Define your exclusion list by selecting from the list of available groups or VMs.
    3. Click Save.
  6. Click Save Settings.