VMware ESX/ESXi and vCenter Server
Version: VMware ESX 3 and later, VMware ESXi 5.5 and later, VMware vCenter 6.0 and 6.5.
VMware is a virtualization and cloud computing software provider. VMware virtualization is based on the ESXi bare metal hypervisor, supporting virtual machines. The term “VMware” is often used in reference to various VMware Inc. products such as VMware vCenter, VMware Workstation, VMware View, VMware Horizon Application Manager and VMware vCloud Director.
Providing log and audit coverage across VMware components can be difficult since each component of VMware writes audit logs and tasks in different ways. Within ESXi, the Tasks & Events pane provides a view into administrator activities; these can be fetched via API. Netsurion seamlessly aggregates and assists in analysis and visualization aided by alerts, reports and dashboards.
Netsurion Data Source Integration for VMware allows you to monitor the following components:-
- Operations:- Clusters, data centers, virtual machine created or removed and high resource usage.
- Security:- Alarms triggered
- Compliance:- Policy and permission changes, configuration changes and Esxi host/vCenter login and logout.
Once VMware is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | VMware ESXi – User authentication failed | This alert is generated when a ESXi authentication failure occurs. |
| Security | VMware ESXi – Account created | This alert is generated when an ESXi account is created. |
| Security | VMware vCenter – User role deleted | This alert is generated when a user role is deleted in vCenter. |
| Security | VMware vCenter – User role modified | This alert is generated when a user role is modified. |
| Security | VMware ESX – User authentication failed | This alert is generated when a ESX authentication failure occurs. |
| Security | VMware ESX – Task failed | This alert is generated when a ESX task fails. |
| Operations | VMware ESXi – Host added | This alert is generated when an ESXi host is added. |
| Operations | VMware ESX – Task failed | This alert is generated when an ESXi Task fails. |
| Operations | VMware ESXi – Virtual machine created | This alert is generated when an ESXi virtual machine is created. |
| Operations | VMware ESXi – Virtual machine reconfigured | This alert is generated when an ESXi virtual machine is reconfigured. |
| Operations | VMware ESXi – High resource usage alarm | This alert is generated when utilization of ESXi resource is high. |
| Operations | VMware vCenter – Virtual machine created | This alert is generated when a virtual machine is created. |
| Operations | VMware vCenter – Virtual machine removed | This alert is generated when a virtual machine is removed. |
| Operations | VMware ESX – Virtual machine created | This alert is generated when a ESX virtual machine is created. |
| Operations | VMware ESX – High resource usage alarm | This alert is generated when utilization of ESX resource is high. |
| Compliance | VMware ESXi – User authentication success | This alert is generated when a ESXi authentication is successful. |
| Compliance | VMware vCenter – User permission removed | This alert is generated when user permission on vCenter is removed. |
| Compliance | VMware Firewall – configuration changed | This alert is generated when a firewall configuration changes are done. |
| Compliance | VMware ESX – Virtual machine reconfigured | This alert is generated when a ESX virtual machine is reconfigured. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | VMware – Alarms triggered | This report provides information about the activities related to alarms triggered. |
| Security | VMware – Esxi host authentication failures | This report provides information about the activities related to esxi host authentication failures. |
| Operations | VMware – Cluster created or removed | This report provides information about the activities related to cluster created or removed. |
| Operations | VMware – Data center added or deleted | This report provides information about the activities related to data center added or deleted. |
| Operations | VMware – Datastore creation or deletion | This report provides information about the activities related to datastore creation or deletion. |
| Operations | VMware – Virtual machine connected and disconnected | This report provides information about the activities related to virtual machine connected and disconnected. |
| Operations | VMware – Virtual machine power on or off | This report provides information about the activities related to virtual machine power on or off. |
| Operations | VMware – Virtual machine installation errors | This report provides information about the activities related to virtual machine installation errors. |
| Operations | VMware – Virtual machine created or removed | This report provides information about the activities related to virtual machine created or removed. |
| Operations | VMware – Esxi host added or removed | This report provides information about the activities related to esxi host added or removed. |
| Compliance | VMware – Esxi host login and logout | This report provides information about the activities related to Esxi host login and logout. |
| Compliance | VMware – vCenter login and logout | This report provides information about the activities related to vCenter login and logout. |
| Compliance | VMware – vCenter Firewall configuration changes | This report provides information about the activities related to vCenter firewall configuration changes. |
| Compliance | VMware – Policy and permission changes | This report provides information about the activities related to policy and permission changes. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, VMware ESX/ESXi.
Download Integration Guide for configuration instructions and more information.