VMware NSX® Intelligence™ provides a graphical user interface to visualize the security posture and network traffic flows that have occurred in your on-premises NSX-T Data Center environment.

What is NSX Intelligence

Beginning with version 3.2, NSX Intelligence has transitioned from being a VM-based appliance to a modern application that is hosted on the VMware NSX® Application Platform, a platform based on a microservices architecture.

NSX Intelligence 3.2 is available for ESXi-based hosts, physical server hosts, and ESX clusters that are enabled by the VMware vSphere® Lifecycle Manager.

NSX Intelligence 3.2 provides the following functionalities.

  • A graphical visualization of the NSX-T components, such as groups, VMs, physical servers, IPs, and network traffic flows, in your NSX-T Data Center 3.2 or later environment. The data used is based on the network traffic flows aggregated during the specified time period.

  • Recommendations for security policies, policy security groups, and services for applications. The recommendations assist you with the implementation of micro-segmentation at the application level. When you implement these recommendations, you can enforce a more dynamic security policy by correlating traffic patterns of communication that is occurring between the VMs, physical servers, and IPs in your NSX-T Data Center environment.

  • Detection of suspicious or anomalous network behaviors in your data center network using the NSX Suspicious Traffic feature. To filter out those activities that are interesting from a security perspective, threat-centric detectors are applied to the traffic flow data that NSX Intelligence collects. The detection events generated by these detectors might be associated to specific techniques or tactics in the MITRE ATT&CK® Framework. If you have activated the VMware NSX® Network Detection and Response™ feature, the detection events are sent to the VMware NSX® Advanced Threat Prevention cloud services for further analysis. Detection events that are deemed related by the cloud services are correlated into a campaign that is organized into a timeline on the NSX Network Detection and Response UI. Each campaign can then be further investigated by your network security team using the the NSX Network Detection and Response UI.

Prepare to Use NSX Intelligence

Use the information in NSX Intelligence Activation and Usage Workflow to guide you on the steps you need to perform to get started with upgrading, activating, and using NSX Intelligence 3.2 or later.

Start Using NSX Intelligence

After you successfully activate and configure NSX Intelligence 3.2 or later, you can use its features in the following sections of the NSX Manager user interface.

  • For traffic flow visualization, go to Plan & Troubleshoot > Discover & Take Action section of the NSX Manager UI.

  • For micro-segmentation rule recommendations, navigate to Plan & Troubleshoot > Recommendations UI page.

  • To manage suspicious or anomalous network traffic, use the Security > Suspicious Traffic page.

For more details, see the Using and Managing VMware NSX Intelligence document for version 3.2 or later available at https://docs.vmware.com/en/VMware-NSX-Intelligence/index.html.