VMware Cloud Community
chakrabartia
Contributor
Contributor
‎09-25-2018 07:16 AM

Can vRNI forward the captured packets to a Third party Security/Threat Hunting Tool

Hi Experts,

Can vRNI forward the captured packets to a Third party Security/Threat Hunting Tool? We are planning on a Threat Hunting/Anomaly Detection tool that needs packets either in form of Netflow or IPFIX. Can vRNI forward those packets it captured from the different data sources ?

Appreciate any help in advance.

Regards,

Ari

Reply
0 Kudos
1 Reply
smitmartijn
VMware Employee
VMware Employee
‎09-25-2018 10:56 AM

Hi Ari,

Network Insight doesn't have the capability to forward flows to other systems, next to using the API to get them from NI and forwarding them manually. The best thing you can do is to use something like samplicator to duplex flows coming from the source and then forwarding it to both NI and your threat detection system.

Here's an example on how to do that: http://lostdomain.org/2017/07/27/how-to-define-two-netflow-targets-in-vsphere-vds/

Reply
0 Kudos