vCloud

Hi Dear All,

we are in the start  way of  virtualization .Is it possible to integrate snort rules inside vshield product?How Can we integrate an IDS with vShield? please help me.

Hi,

   vShield Edge and App are virtual appliances that cannot be modified. Therefore, installing SNORT or anything else inside the actual virtual appliance is not possible. However, you can still have SNORT installed and running on another VM connected to the same vSwitch (or vDS) and then configure port mirroring to send all the traffic to that specific VM. That way, you will still be alerted to any alarms/violations detected by SNORT within the network. Check out the following blog for guidance on how to do this (vSphere 5 New Networking Features – Port Mirroring | VMware vSphere Blog - VMware Blogs)

Hope this helps....

Thanks for Help

Your mind  is bellow architecture so  Is there any detection for attack that are inside of application of  VM by snort? foe example running a nmap attack inside a VM.

In vshield App we can add firewall rule such as http deny,RDP deny and so on but we need to survey in context of VM...,Is it possible with vshiled product?

Hi MaqsoodSiddiqui

Please see my figure in last post....I am not sure for that .

Is there any advantage for integration vmware vshield and the snort?  I am not sure any virtual traffic is dectected by snort .

Hi,

  Please check this link. It's an example of how to setup SNORT in a lab environment. Hopefully it should answer your questions: ISC Diary | Running Snort on VMWare ESXi