As part of their security policies, ACME Enterprise needs Visibility into all data center applications. This can help Identify rogue applications that either capture confidential information or siphon sensitive data to external sources.

John, Cloud Administrator at ACME Enterprise, wants to confirm that access to the share point server is only through Internet Explorer and no rogue application (such as FTP or RDP) can access this server.


Log in to the vSphere Web Client.


Click Networking & Security and then Activity Monitoring.


Click the VM Activity tab.


Leave Where source value as All observed virtual machines to capture traffic originating from all virtual machines in the datacenter.


In Where destination, select includes.


Click the link next to And where destination virtual machine and select the share point server.


Click Search.

The Outbound App column in the search results show that all access to the share point server was only through Internet Explorer. The relatively homogenous search results indicate that there is a firewall rule applied to this share point server preventing all other access methods.

Also note that the search results display the source user of the observed traffic rather than the source group. Clicking arow in the search result displays details about the source user such as the AD group toi which the user belongs,