Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)
Which three data collection sources are used by NSX Network Detection and Response to create correlations/intrusion campaigns? (Choose three.)
NSX Network Detection and Response creates correlations/intrusion campaigns using multiple data sources. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer provide critical insights into potential malware incidents. IDS/IPS events from the ESXi hosts and NSX Edge nodes are essential for detecting intrusions and suspicious activity. Lastly, Suspicious Traffic Detection events from NSX Intelligence help identify anomalous traffic patterns within the network. These three sources collectively enable comprehensive threat detection and response capabilities.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-14BBE50D-9931-4719-8FA7-884539C0D277.html
CDE sure, saw in ICM 4.0.
Reference: NSX training material version 3.2, lesson 8-104
CDE is correct Data collected from the NSX-T Data Center environment is aggregated and analyzed as follows: 1. Security Analyzer receives anti-malware file events from the NSX Edge nodes and forwards them to the Cloud Connector. 2. Cloud Connector gathers IDPS events, anti-malware events, files, and suspicious traffic events from the NSX platform and forwards them to NSX Advanced Threat Analyzer Cloud. 3. NSX Advanced Threat Analyzer Cloud analyzes and correlates the IDPS, malware, and suspicious traffic events and provides insights about ongoing campaigns. 4. Campaign information appears in the NSX Network Detection
CDE C. Files and anti-malware file events from the NSX Edge nodes and the Security Analyzer D. IDS/IPS events from the ESXi hosts and NSX Edge nodes E. Suspicious Traffic Detection events from NSX Intelligence