VMware-Horizon7

Version: VMware Horizon7 v7.x and later|

VMware Horizon7 provides virtual desktop and app capabilities to users utilizing VMware’s virtualization technology.

VMware Horizon7 logs can be configured and forwarded to Netsurion by using syslog. It helps you to monitor the authentication failed for user accounts, and user passwords, user login success, user logout, security server logs, VCenter logs, folders management logs, administrative activities based on user authentication, username, and login activities.

Netsurion’s Open XDR platform alerts you when any folder is removed, permission is removed, authentication fails, security server is removed, agent shutdown, etc.

Netsurion’s Open XDR platform can also generate a schedule report for user login activities, agent activities, desktop task cancellation details, device management, security server activities happening in VMware Horizon7. It displays agent activities, user login success, authentication failed, removed VCenter server, unauthorized user, etc.

  • Security – Authentication failed activities, security server deleted.
  • Operations – Folder management, device management, VCenter server management.
  • Compliance – User login and logout, user activities.

Once VMware Horizon7 is configured to deliver events to Netsurion’s Open XDR platform; alerts, dashboards, and reports can be configured into Netsurion’s Open XDR platform.

Alerts

TypeNameDescription
SecurityVMware Horizon7 – Authentication failed for user accountThis alert is triggered when the user account is disabled, the user account expires, and the restricted user account tries to authenticate but fails.
SecurityVMware Horizon7 – Authentication failed for user secure IDThis alert is triggered when the user secure ID expires, secure ID is incorrectly entered and fails.
SecurityVMware Horizon7 – User password authentication failedThis alert is triggered when the user password is incorrect, and if the user password expires.
OperationsVMware Horizon7 – VCenter Server has been removedThis alert is triggered when the VCenter server is removed.
OperationsVMware Horizon7 – Endpoint deletedThis alert is triggered when the endpoint is deleted.
OperationsVMware Horizon7 – Permission has been removedThis alert is triggered when the user’s permission is removed.
OperationsVMware Horizon7 – Role has been removedThis alert is triggered when the user role is removed.
OperationsVMware Horizon7 – Security server removedThis alert is triggered when the security server is removed.
ComplianceVMware Horizon7 – User not authorizedThis alert is triggered when the user is authenticated but not authorized to perform any operation.
ComplianceVMware Horizon7 – Agent shutdown or offlineThis alert is triggered when the agent is not responding and it’s offline or shutdown.

Reports

TypeNameDescription
SecurityVMware Horizon7 – User authentication failedThis report provides information related to user authentication failed, username, and message.
OperationsVMware Horizon7 – Desktop request detailThis report provides information related to user-requests for desktop, username, desktop name, and message.
OperationsVMware Horizon7 – Desktop managementThis report provides information related to desktop allocated to the pool, desktop allocated to the user, username, pool name, desktop name, and message.
OperationsVMware Horizon7 – Endpoint task cancelation detailThis report provides information related to endpoint tasks canceled by the user. It gives details like username, desktop name, and task canceled by reason, etc.
OperationsVMware Horizon7 – Unassigned usersThis report provides information related to a user not assigned to any pool. It gives details like username, desktop name, and message.
OperationsVMware Horizon7 – VCenter activitiesThis report provides information related to VCenter added, removed, updated, username, VCenter name, and message.
ComplianceVMware Horizon7 – User login and logoutThis report provides information related to users successfull log in and logout. It provides details like username, user session ID, client IP address, forward client IP address, and message.
ComplianceVMware Horizon7 – Agent activitiesThis report provides information related to agent activities like agent connected, disconnected, offline, shutdown, etc. It provides details of machine name, username, session length, pool ID, and message.

Documentation

The configuration details are consistent with Netsurion v9.2 and later, and VMware Horizon7 v7.x and later.

Download Integration Guide and How-to Guide for more information and to configuration instructions.