Highlighted
Contributor
Contributor

Can vRNI forward the captured packets to a Third party Security/Threat Hunting Tool

Hi Experts,

Can vRNI forward the captured packets to a Third party Security/Threat Hunting Tool? We are planning on a Threat Hunting/Anomaly Detection tool that needs packets either in form of Netflow or IPFIX. Can vRNI forward those packets it captured from the different data sources ?

Appreciate any help in advance.

Regards,

Ari

0 Kudos
1 Reply
Highlighted
VMware Employee
VMware Employee

Hi Ari,

Network Insight doesn't have the capability to forward flows to other systems, next to using the API to get them from NI and forwarding them manually. The best thing you can do is to use something like samplicator to duplex flows coming from the source and then forwarding it to both NI and your threat detection system.

Here's an example on how to do that: http://lostdomain.org/2017/07/27/how-to-define-two-netflow-targets-in-vsphere-vds/

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @smitmartijn vExpert 2015-2019 | VCIX6-NV
0 Kudos