Endpoint Monitoring can discover traffic flows that are generated by a guest VM and map it to the processes that the Guest VM is using based on Security Group Membership.
After the flow data is collected, the Endpoint Monitoring will provide a list of the following:
- Processes running on each VM
- VM-to- VM communication
- Process-to-process communication
- Visual representation of intra-and-inter VM and security group communication
There can be a maximum of 20 VMs in a monitored security group. The endpoint monitoring database can store a maximum of 5 million rows of flow records, after which it starts pruning and deleting completed sessions, starting from the oldest session. If a session is still running, it might be subject to partial flow data loss. The space to store the data collection flow is shared with the Flow Monitoring data.