You access the NSX Intelligence home page by clicking Plan & Troubleshoot > Discover & Take Action in the NSX Manager user interface.

After you install and configure NSX Intelligence for the first time, when you click Discover & Take Action you might see the message, No data found. You might need to modify your filters above. The message appears because NSX Intelligence has yet to receive network traffic data to create a visualization. After some network traffic data has been received from NSX Manager, NSX Intelligence can begin to render some visualization.

By default, when you click Discover & Take Action you see the visualization of the security status of all the groups in your on-premises NSX-T Data Center that had unprotected traffic flows between their VM members in the last 24 hours. Unprotected network traffic flows are flows between VMs that do not have any micro-segmentation implemented. If there are no groups defined yet, there are no groups displayed. If there are VMs, but they do not belong to any group, you see the following icon for the Uncategorized VMs group.

If you already have defined groups and captured traffic data, you might see a visualization similar to the following screenshot. The table that follows describe the numbered sections in the screenshot.

Note: NSX Intelligence categorizes an IP address belonging to one of the following CIDR notations as a private IP address: 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8. Any IP address that does not belong to any of these CIDR notations is classified as a public IP address. If your VM's IP address does not fall into one of these CIDR notations, consider adding your CIDR notation using the PATCH /api/v1/intelligence/host-config API in the NSX-T Data Center API Guide.


Section Description
1

The Security view selection area is where you select the type of security visualization to display. There are two types of Security views available: Groups and VMs. When you click Discover & Take Action, the default Security view displayed is the Groups view of the group objects in your NSX-T Data Center that had unprotected flow traffic within the last 24 hours.

  • To select the VMs view, click the down arrow next to Groups and select VMs.
  • To select the specific groups or VMs to include in the view, click the down arrow next to ALL, and select from the list.
  • To clear your selection filters, click CLEAR FILTERS on the top right-side of the screen. When you click CLEAR FILTERS while in the VMs view, the selection filters are cleared and you are placed in the Groups view.

See Working with the Groups View and Working with the VM View for more information on how to work with the two view types.

2 With the Apply Filter, you can refine the criteria used for the visualization. From the drop list, you can select the criteria to use for the visualization. You can select VM members, tags, flow types, source IP, destination IP, rule ID, or name. You can define multiple filters to apply by clicking Apply Filter again.
3 With this Flows section, you can select which traffic flow type to include in the visualization during the selected time period. The colors used in the visualization for the flow types are also shown in this section.
  • Red-hued dashed line for Unprotected flows
  • Blue-hued solid line for Blocked flows
  • Green-hued solid line for the Allowed flows
By default, the Unprotected traffic flow type is selected for the current NSX Intelligence visualization. See Working with Traffic Flows for more information.
4 The display mode section defines what theme to use for the visualization. Light theme is the default mode used.
  • To use the dark theme mode, click the DARK icon. You can use the Dark theme only when you are viewing the visualization in full screen mode.
  • To go into full screen mode, click in the viewing control section.
5 In this section, you select the time period to use to determine which network flow data is used to generate the desired visualization and recommendation. Your selection determines the historical data that is used in the Groups or VMs view. The time period is relative to the current time and some time period in the past.

The last 24 hours is the default time range used. To change the selected time period, click the currently selected time period and select Last 1 hr, Last 12 hrs, Last 24 hrs, Last 1 week, or Last 1 month.

6 When you click this Recommendation wand icon, the Recommendations dialog box displays the inventory summary for the current view. If you are in the VMs view, you can generate an NSX Intelligence recommendation by clicking Start New Recommendation. See Working with NSX Intelligence Recommendations.
7 This section is the visualization of the security status of the Groups or VMs in your on-premises NSX-T Data Center. It also includes the visualization of the network traffic flows that occurred during the selected time period. In this section, you can point to a specific node or flow arrow to obtain details about that specific entity.

See Getting Familiar with NSX Intelligence Graphic Elements and Understanding NSX Intelligence Views and Flows for more information.

8 This section includes the viewing controls to zoom in, zoom out, apply 1:1 aspect ratio, resize-to-fit the view, and go into or out of full-screen viewing mode. You can also use keyboard hotkeys to manage your viewing controls. To display the Keyboard Shortcuts Help window, press Shift+/.

To navigate to a previously viewed visualization, use your Web browser's back button. When you are in full-screen mode, click Back (at the top left of the screen) to perform the same back button navigation.