Threat detection method and device in virtual detection environment

The invention discloses a threat detection method and device in a virtual detection environment. The method comprises the following steps: leading out virtual environment internal flow from a virtual switch to a probe node; processing at the probe node according to a preset rule, sending the processed data to a far-end distributed analysis node, and identifying whether threats exist at the distributed analysis node; and if the threat exists, issuing a control command to the corresponding probe node through the management control node, so that the corresponding probe node issues an offline instruction to the corresponding virtual switch. By using the three-layer structure of the probe, the distributed analysis node and the centralized management and control node, the east-west flow in the virtualization environment is mainly analyzed, and the defect that threats of the east-west network flow cannot be detected and processed in the related technology is overcome. 本发明公开了一种虚拟检测环境下的威胁检测方法及装置，其中方法包括从虚拟交换机引出虚拟环境内部流量