Click here for the most updated version of this documentation.
Blumira’s modern cloud SIEM platform integrates with VMware ESXi to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
When configured, the Blumira integration with VMware ESXi will stream security event logs to the Blumira service for automated threat detection and actionable response.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Forward traffic logs from VMware ESXi to a SIEM for longterm storage, compliance, audit, reporting or legal reasons. The steps taken to forward traffic will vary depending on whether you are managing hosts with vSphere or vCenter.
Forward traffic logs from VMware ESXi to a SIEM for longterm storage, compliance, audit, reporting or legal reasons. The steps taken to forward traffic will vary depending on whether you are managing hosts with vSphere or vCenter.
Log in to the VMware vSphere web client.
Log in to the vCenter Server Appliance Management Interface as root. The vCenter Server Appliance Management Interface, also known as VAMI, is on the same server as vCenter Server, but is on port 5480. To access the VAMI, you would use https://<vcenter-ip>:5480. The password for VAMI may not be the same as the normal vCenter SSO login. The username is typically ‘root’. Some admins will set the VAMI root password to the same as the [email protected] account, but those two passwords are not linked.
While completing this step, take the time to review your current security policies and ensure that they’re up to date. Blumira generally prefers settings that will result in the most verbosity in regard to log content and volume and should be applied to every policy in the device.