0 Replies Latest reply on May 6, 2015 6:14 AM by TheVMinator

    Virtual Security Tooling integration

    TheVMinator Master

      I need a solution that integrates these three functions:

       

      • Packet capture and deep packet inspection with something like virtual switch port mirroring sessions and mirror them to collectors.
      • Scanning for security and compliance with something like vMware configuration Manager, Nessus or the like
      • SIEM and analaysis of the above two with something like Splunk that functions as my syslog server but also does analytics, correlation and SIEM like functions.  It takes the information from my port mirroring collectors and my scans and integrates it with my syslog data to tell me what is wrong.

       

      Requirements:

      • All these tools need to work together hopefully out of the box as much as possible
      • I need to have as little manual labor to tell these tools what to look for in a VMware environment as possible - they should be tuned for VMware infrastructure ideally

       

      I'd like some kind of a guide or reference architecture to help me get started on how to build this - what kinds of tools work together, what to watch out for, how not to spend huge money on a set of tools and find they can't be integrated or don't work for virtual/cloud environment.

       

      Your input / thoughts/ experiences / caveats appreciated.

      Thanks!