VMware Cloud Community
mahzad67
Contributor
Contributor
‎12-27-2013 10:54 PM
Jump to solution

integration of snort as IDS with vshield product

Hi Dear All,

we are in the start  way of  virtualization .Is it possible to integrate snort rules inside vshield product?How Can we integrate an IDS with vShield? please help me.

Tags (3)
Reply
1 Solution

Accepted Solutions
admin
Immortal
Immortal
‎12-28-2013 05:53 AM
Jump to solution

Hi,

   vShield Edge and App are virtual appliances that cannot be modified. Therefore, installing SNORT or anything else inside the actual virtual appliance is not possible. However, you can still have SNORT installed and running on another VM connected to the same vSwitch (or vDS) and then configure port mirroring to send all the traffic to that specific VM. That way, you will still be alerted to any alarms/violations detected by SNORT within the network. Check out the following blog for guidance on how to do this (vSphere 5 New Networking Features – Port Mirroring | VMware vSphere Blog - VMware Blogs)

Hope this helps....

View solution in original post

Reply
5 Replies
admin
Immortal
Immortal
‎12-28-2013 05:53 AM
Jump to solution

Hi,

   vShield Edge and App are virtual appliances that cannot be modified. Therefore, installing SNORT or anything else inside the actual virtual appliance is not possible. However, you can still have SNORT installed and running on another VM connected to the same vSwitch (or vDS) and then configure port mirroring to send all the traffic to that specific VM. That way, you will still be alerted to any alarms/violations detected by SNORT within the network. Check out the following blog for guidance on how to do this (vSphere 5 New Networking Features – Port Mirroring | VMware vSphere Blog - VMware Blogs)

Hope this helps....

Reply
mahzad67
Contributor
Contributor
‎12-29-2013 12:44 AM
Jump to solution

Thanks for Help

Reply
0 Kudos
mahzad67
Contributor
Contributor
‎12-29-2013 04:51 AM
Jump to solution

Your mind  is bellow architecture so  Is there any detection for attack that are inside of application of  VM by snort? foe example running a nmap attack inside a VM.

In vshield App we can add firewall rule such as http deny,RDP deny and so on but we need to survey in context of VM...,Is it possible with vshiled product?

  Untitled.jpg

Reply
0 Kudos
mahzad67
Contributor
Contributor
‎01-08-2014 09:40 PM
Jump to solution

Hi MaqsoodSiddiqui

Please see my figure in last post....I am not sure for that .

Is there any advantage for integration vmware vshield and the snort?  I am not sure any virtual traffic is dectected by snort .

Reply
0 Kudos
admin
Immortal
Immortal
‎01-15-2014 12:05 PM
Jump to solution

Hi,

  Please check this link. It's an example of how to setup SNORT in a lab environment. Hopefully it should answer your questions: ISC Diary | Running Snort on VMWare ESXi

Reply
0 Kudos