Summary of steps:
1. Locate the Task UUID of the FP/FN from the Web Portal UI.
Sample:
https://
<manager_fqdn>/portal#/analyst/task/
<task-UUID>/overview
2. SSH into the NSX NDR Manager appliance node.
3. Execute the command (note optional “-s” command, see below):
cd /tmp/ && sudo get_tres_bundle.py -s <task_uuid>4. Transfer the file from
/tmp/ to your local machine (via putty, rsync, etc)
5. Upload the file to the VMware Customer Connect Support Request as an attachment within the portal.
For further details on how to upload files to a Support Request, see:
How to provide a Malware Sample/Analysis Subject to VMware Technical Support for NSX Threat Response requests (86430)More information:
The script is
get_tres_bundle.py and can be executed on the Manager appliance and requires a
task UUID argument as a minimum requirement. This must be run using root or sudo permissions. Note: the
-s argument is highly recommended to include to provide full details to VMware Technical Support and our Threat Analysts Response team. Without the analysis subject we may not be able to come to a concrete conclusion.
Optional argument:
-s This will also include the subject of the analysis in the -zip file
Basic syntax (without analysis subject):
get_tres_bundle.py <task_uuid>Suggested syntax (with analysis subject):
get_tres_bundle.py -s <task_uuid>This will generate a file called “
<task uuid>-tres-bundle.zip” in the current directory.