Before you can start using the NSX Suspicious Traffic feature, your NSX environment and the Security Intelligence application must meet the specific license and software requirements.
License Requirements and Expiration
You must have one of the listed licenses in the feature entitlement documentation in effect during your NSX Manager session. The various NSX licenses that support the NSX Suspicious Traffic feature are available in the NSX Feature and Edition Guide and the License Types topic in the About NSX Licenses section in the NSX Administration Guide.
If the assigned license expires or becomes invalid, the suspicious traffic capabilities are inaccessible. For information on NSX licensing and adding a new license key in NSX Manager. See the License Enforcement topic in the NSX Administration Guide.
軟體需求
您必須滿足下列軟體要求,然後才能開始使用 NSX Suspicious Traffic 功能。
安裝 NSX 3.2 或更新版本。
使用進階機器尺寸部署 VMware NSX® Application Platform。
在 NSX Application Platform 上啟用 Security Intelligence 3.2 版或更新版本功能。
設定 Security Intelligence 3.2 或更新版本功能,以僅收集您要監控的特定獨立主機或主機叢集的網路流量資料。NSX Suspicious Traffic 功能僅在已啟用流量資料收集的獨立主機或主機叢集上支援。如需設定 Security Intelligence 3.2 或更新版本功能設定的相關資訊,請參閱《Activating and Upgrading Security Intelligence》文件。
如果要處理活動以使用 NSX Network Detection and Response 雲端服務對偵測到的可疑流量事件進行更深入的分析,請啟用 VMware NSX® Advanced Threat Prevention 功能。請參閱《NSX Administration Guide》文件的〈安全性〉一章的 NSX Network Detection and Response 一節中的功能啟用資訊。《NSX Administration Guide》文件隨附於 VMware NSX 說明文件集中。
重要:為提供對偵測到的惡意或異常事件進行更深入分析的功能,NSX Network Detection and Response 功能要求您的 NSX 3.2 或更新版本環境連線到網際網路。
當沒有來自 Kubernetes 叢集網繭和 NSX Unified Appliance 的輸出網際網路存取時,氣隙環境中不支援 NSX Network Detection and Response 功能。