Hi,
vShield Edge and App are virtual appliances that cannot be modified. Therefore, installing SNORT or anything else inside the actual virtual appliance is not possible. However, you can still have SNORT installed and running on another VM connected to the same vSwitch (or vDS) and then configure port mirroring to send all the traffic to that specific VM. That way, you will still be alerted to any alarms/violations detected by SNORT within the network. Check out the following blog for guidance on how to do this (vSphere 5 New Networking Features – Port Mirroring | VMware vSphere Blog - VMware Blogs)
Hope this helps....
Hi,
vShield Edge and App are virtual appliances that cannot be modified. Therefore, installing SNORT or anything else inside the actual virtual appliance is not possible. However, you can still have SNORT installed and running on another VM connected to the same vSwitch (or vDS) and then configure port mirroring to send all the traffic to that specific VM. That way, you will still be alerted to any alarms/violations detected by SNORT within the network. Check out the following blog for guidance on how to do this (vSphere 5 New Networking Features – Port Mirroring | VMware vSphere Blog - VMware Blogs)
Hope this helps....
Thanks for Help
Your mind is bellow architecture so Is there any detection for attack that are inside of application of VM by snort? foe example running a nmap attack inside a VM.
In vshield App we can add firewall rule such as http deny,RDP deny and so on but we need to survey in context of VM...,Is it possible with vshiled product?
Please see my figure in last post....I am not sure for that .
Is there any advantage for integration vmware vshield and the snort? I am not sure any virtual traffic is dectected by snort .
Hi,
Please check this link. It's an example of how to setup SNORT in a lab environment. Hopefully it should answer your questions: ISC Diary | Running Snort on VMWare ESXi