VMware-Horizon7
Version: VMware Horizon7 v7.x and later|
VMware Horizon7 provides virtual desktop and app capabilities to users utilizing VMware’s virtualization technology.
VMware Horizon7 logs can be configured and forwarded to Netsurion by using syslog. It helps you to monitor the authentication failed for user accounts, and user passwords, user login success, user logout, security server logs, VCenter logs, folders management logs, administrative activities based on user authentication, username, and login activities.
Netsurion Open XDR alerts you when any folder is removed, permission is removed, authentication fails, security server is removed, agent shutdown, etc.
Netsurion Open XDR can also generate a schedule report for user login activities, agent activities, desktop task cancellation details, device management, security server activities happening in VMware Horizon7. It displays agent activities, user login success, authentication failed, removed VCenter server, unauthorized user, etc.
- Security – Authentication failed activities, security server deleted.
- Operations – Folder management, device management, VCenter server management.
- Compliance – User login and logout, user activities.
Once VMware Horizon7 is configured to deliver events to Netsurion Open XDR; alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | VMware Horizon7 – Authentication failed for user account | This alert is triggered when the user account is disabled, the user account expires, and the restricted user account tries to authenticate but fails. |
| Security | VMware Horizon7 – Authentication failed for user secure ID | This alert is triggered when the user secure ID expires, secure ID is incorrectly entered and fails. |
| Security | VMware Horizon7 – User password authentication failed | This alert is triggered when the user password is incorrect, and if the user password expires. |
| Operations | VMware Horizon7 – VCenter Server has been removed | This alert is triggered when the VCenter server is removed. |
| Operations | VMware Horizon7 – Endpoint deleted | This alert is triggered when the endpoint is deleted. |
| Operations | VMware Horizon7 – Permission has been removed | This alert is triggered when the user’s permission is removed. |
| Operations | VMware Horizon7 – Role has been removed | This alert is triggered when the user role is removed. |
| Operations | VMware Horizon7 – Security server removed | This alert is triggered when the security server is removed. |
| Compliance | VMware Horizon7 – User not authorized | This alert is triggered when the user is authenticated but not authorized to perform any operation. |
| Compliance | VMware Horizon7 – Agent shutdown or offline | This alert is triggered when the agent is not responding and it’s offline or shutdown. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | VMware Horizon7 – User authentication failed | This report provides information related to user authentication failed, username, and message. |
| Operations | VMware Horizon7 – Desktop request detail | This report provides information related to user-requests for desktop, username, desktop name, and message. |
| Operations | VMware Horizon7 – Desktop management | This report provides information related to desktop allocated to the pool, desktop allocated to the user, username, pool name, desktop name, and message. |
| Operations | VMware Horizon7 – Endpoint task cancelation detail | This report provides information related to endpoint tasks canceled by the user. It gives details like username, desktop name, and task canceled by reason, etc. |
| Operations | VMware Horizon7 – Unassigned users | This report provides information related to a user not assigned to any pool. It gives details like username, desktop name, and message. |
| Operations | VMware Horizon7 – VCenter activities | This report provides information related to VCenter added, removed, updated, username, VCenter name, and message. |
| Compliance | VMware Horizon7 – User login and logout | This report provides information related to users successfull log in and logout. It provides details like username, user session ID, client IP address, forward client IP address, and message. |
| Compliance | VMware Horizon7 – Agent activities | This report provides information related to agent activities like agent connected, disconnected, offline, shutdown, etc. It provides details of machine name, username, session length, pool ID, and message. |
Documentation
The configuration details are consistent with Netsurion Open XDR v9.2 and later, and VMware Horizon7.
Download Integration Guide and How-to Guide for configuration instructions and more information.